Lucene search
K
SnykMost viewed

35345 matches found

Snyk
Snyk
added 2026/04/13 10:11 p.m.11 views

Heap-based Buffer Overflow

Overview Magick.NET-Q16-HDRI-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.8CVSS6.1AI score0.00187EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/13 3:33 p.m.11 views

Malicious Package

Overview walmart-internal is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/10 7:39 p.m.11 views

Directory Traversal

Overview uv is an An extremely fast Python package and project manager, written in Rust. Affected versions of this package are vulnerable to Directory Traversal through the uninstall process when handling RECORD entries containing relative paths that traverse outside the intended installation...

3.1CVSS6.3AI score
Exploits0References2
Snyk
Snyk
added 2026/04/09 10:10 p.m.11 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the CertFromX509 function when processing the AuthorityKeyIdentifier extension due to incorrect size handling. An attacker can cause a heap buffer overflow by supplying a specially crafted X.509 certificate...

7.5CVSS6AI score0.00222EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/09 4:14 p.m.11 views

Allocation of Resources Without Limits or Throttling

Overview kibana is an open source Apache Licensed, browser-based analytics and search dashboard for Elasticsearch. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the automatic import plugin. An attacker can cause backend services to...

7.1CVSS5.7AI score0.0024EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/09 6:11 a.m.11 views

Authorization Bypass Through User-Controlled Key

Overview 9router is a 9Router CLI - Start and manage 9Router server Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the /api/ endpoints of the Administrative API. An attacker can gain unauthorized access to administrative functions by sendi...

7.5CVSS5.8AI score0.00313EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/09 3:7 a.m.11 views

Server-side Request Forgery (SSRF)

Overview api-lab-mcp is a MCP server for API testing and experimentation - Your API Laboratory Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the testhttpendpoint function in the HTTP interface. An attacker can cause the server to initiate arbitrary...

7.5CVSS7.2AI score0.00288EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/08 9:10 p.m.11 views

Allocation of Resources Without Limits or Throttling

Overview react-server-dom-parcel is a React Server Components bindings for DOM using Parcel. This is intended to be integrated into meta-frameworks. It is not intended to be imported directly. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling...

8.7CVSS5.8AI score0.01551EPSS
Exploits4References3
Snyk
Snyk
added 2026/04/08 12:16 a.m.11 views

Directory Traversal

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Directory Traversal via the serveStatic function. An attacker can access sensitive static files intended to be protected by route-based middleware by crafting request paths with repeated...

6.9CVSS6.3AI score0.00459EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/07 6:13 p.m.11 views

Memory Allocation with Excessive Size Value

Overview nvidia-pytriton is a PyTriton - Flask/FastAPI-like interface to simplify Triton's deployment in Python environments. Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via insufficient input validation and processing a large number of outputs...

8.7CVSS5.8AI score0.00528EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/06 5:15 p.m.11 views

Cross-site Scripting (XSS)

Overview feehi/cms is a Feehi CMS project template. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Role Name parameter in the Role Management module. An attacker can execute arbitrary web scripts or HTML in the context of a user's browser by injecting a craft...

6.9CVSS6AI score0.00211EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/05 1:8 a.m.11 views

Command Injection

Overview code-screenshot-mcp is a MCP server for generating beautiful code screenshots directly from Claude Affected versions of this package are vulnerable to Command Injection through request parameters. An attacker can execute arbitrary operating system commands by sending specially crafted HT...

6.5CVSS6.1AI score0.01455EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/04 6:10 a.m.11 views

Information Exposure

Overview directus is a Directus is a real-time API and App dashboard for managing SQL database content. Affected versions of this package are vulnerable to Information Exposure via the serverspecsgraphql resolver on the /graphql/system endpoint, which returns an SDL representation of the schema...

6.9CVSS5.9AI score0.00314EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/03 3:46 a.m.11 views

Permissive List of Allowed Inputs

Overview dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG. Affected versions of this package are vulnerable to Permissive List of Allowed Inputs in the ADDATTR predicate function via EXTRAELEMENTHANDLING.attributeCheck. An attacker can inject and execute malicious scripts in the DOM...

6.1CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/04/02 9:32 p.m.11 views

Incomplete List of Disallowed Inputs

Overview @openclaw/discord is an OpenClaw Discord channel plugin Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs through the validateScriptFileForShellBleed process. An attacker can execute unauthorized script content by crafting piped, substituted, or...

5.4CVSS5.9AI score0.00303EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/02 9:1 p.m.11 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the Graph API process. An attacker can access message thread history that should be restricted by sender allowlists by querying the API directly, potentially...

5.4CVSS5.9AI score0.00177EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/02 8:59 p.m.11 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the heartbeat process. An attacker can gain unauthorized access to restricted resources by exploiting context inheritance to bypass sandbox restrictions through...

9.9CVSS5.9AI score0.00298EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/01 11:17 p.m.11 views

Arbitrary Code Injection

Overview praisonaiagents is a Praison AI agents for completing complex tasks with Self Reflection Agents Affected versions of this package are vulnerable to Arbitrary Code Injection via the executecode method. An attacker can execute arbitrary operating system commands by passing a crafted str...

10CVSS6.1AI score0.00707EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/01 9:48 p.m.11 views

HTTP Response Splitting

Overview Affected versions of this package are vulnerable to HTTP Response Splitting via the reason parameter in the HTTP response creation process. An attacker can inject unauthorized headers or manipulate the HTTP response by supplying specially crafted input containing carriage return...

6.9CVSS5.9AI score0.00292EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/01 9:47 p.m.11 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the Request.post function. An attacker can cause excessive memory allocation by sending a specially crafted multipart request containing large non-file fields. Remediation Upgrade...

6.9CVSS5.9AI score0.00384EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/01 6:35 a.m.11 views

Cross-site Scripting (XSS)

Overview @holoviz/panel is a The powerful data exploration & web app framework for Python. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the formatError function in panel/models/util.ts due to using String.replace without the global flag when escaping HTML...

6.1CVSS5.7AI score
Exploits0References3
Snyk
Snyk
added 2026/03/31 3:15 a.m.11 views

Embedded Malicious Code

Overview axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a cross-platform remote access trojan RAT and whose content was removed from the official package manager. A malicious actor...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/03/29 3:16 p.m.11 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview handlebars is an extension to the Mustache templating language. Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition in the lookup function. An attacker can access properties that should be restricted by bypassing prototype-access controls...

6.3CVSS5.5AI score
Exploits0References2
Snyk
Snyk
added 2026/03/29 3:10 p.m.11 views

Replay Attack

Overview mppx is a /picture Affected versions of this package are vulnerable to Replay Attack in the tempo/session cooperative close handler due to improper validation of the close voucher amount. An attacker can bypass intended restrictions by submitting a close voucher with an amount exactly...

8.3CVSS5.9AI score0.00359EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/27 8:22 p.m.11 views

Exposure of Data Element to Wrong Session

Overview Affected versions of this package are vulnerable to Exposure of Data Element to Wrong Session in the MDM command processing while handling SyncML status code. An attacker can obtain sensitive configuration data belonging to other devices such as WiFi credentials, VPN secrets, and...

8.7CVSS5.9AI score0.00161EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/27 6:21 p.m.11 views

Access of Resource Using Incompatible Type ('Type Confusion')

Overview handlebars is an extension to the Mustache templating language. Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type 'Type Confusion' via the resolvePartial and invokePartial functions. An attacker can execute arbitrary code on the server by...

9.2CVSS6.2AI score0.00703EPSS
Exploits1References3
Snyk
Snyk
added 2026/03/27 3:7 a.m.11 views

Malicious Package

Overview testtestsharp is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/03/26 10:4 p.m.11 views

Improper Verification of Cryptographic Signature

Overview node-forge is a JavaScript implementations of network transports, cryptography, ciphers, PKI, message digests, and various utilities. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the ed25519.verify function. An attacker can bypas...

8.7CVSS5.9AI score0.00348EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/26 6:34 p.m.11 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read through the NEON palette expansion functions in arm/paletteneonintrinsics.c. An attacker can corrupt memory or crash the application by supplying a PNG row whose width is not a multiple of the NEON chunk size. Notes -...

8.6CVSS6.1AI score0.00585EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/26 5:17 p.m.11 views

Out-of-bounds Write

Overview Magick.NET-Q16-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

5.5CVSS5.9AI score0.00141EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/24 6:31 a.m.11 views

Allocation of Resources Without Limits or Throttling

Overview io.undertow:undertow-core is a Java web server based on non-blocking IO. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the MultiPartParserDefinition multipart parsing process in MultiPartParserDefinition.java. An attacker can...

8.2CVSS5.9AI score0.00441EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/20 4:53 a.m.11 views

Malicious Package

Overview svg-content-validation is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/03/20 4:45 a.m.11 views

Malicious Package

Overview hiagenttest is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/03/18 8:19 p.m.11 views

Cross-site Scripting (XSS)

Overview justhtml is an A pure Python HTML5 parser that just works. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the tomarkdown function. An attacker can inject arbitrary HTML content by supplying specially crafted input that includes HTML-significant characters...

6.1CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/03/18 12:59 p.m.11 views

Server-side Request Forgery (SSRF)

Overview @aborruso/ckan-mcp-server is a MCP server for interacting with CKAN open data portals Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the baseurl parameter in the ckanpackagesearch, sparqlquery, and ckandatastoresearchsql tools. An attacker can...

6CVSS5.8AI score0.00289EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/18 6:54 a.m.11 views

Information Exposure

Overview Glances is an A cross-platform curses-based monitoring tool Affected versions of this package are vulnerable to Information Exposure via the web server which runs without authentication by default when started with glances -w. An attacker can access sensitive system information, includin...

8.7CVSS5.8AI score0.0155EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/16 2:49 p.m.11 views

Malicious Package

Overview n8n-nodes-csv-parse is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/03/13 10:37 a.m.11 views

Malicious Package

Overview hardhat2-config is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/03/12 8:41 p.m.11 views

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion via the parse function due to using a recursive revive phase to resolve circular references in deserialized JSON. An attacker can cause a stack overflow and crash the process by supplying a crafted payload with...

8.7CVSS5.9AI score0.00777EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/12 7:56 p.m.11 views

HTTP Request Smuggling

Overview undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to HTTP Request Smuggling in the processHeader while handling HTTP/1.1 requests containing duplicate Content-Length headers with differing casing. An attacker can bypass...

9.8CVSS5.8AI score0.00493EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/12 4:23 p.m.11 views

Malicious Package

Overview transform-minify-booleans is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious Behavio...

9.8CVSS5.9AI score
Exploits0References3
Snyk
Snyk
added 2026/03/12 4:23 p.m.11 views

Malicious Package

Overview add-react-displayname is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious Behavior Th...

9.8CVSS5.9AI score
Exploits0References3
Snyk
Snyk
added 2026/03/12 2:15 p.m.11 views

Heap-based Buffer Overflow

Overview Magick.NET-Q16-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

8.6CVSS5.8AI score0.00108EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/12 2:8 p.m.11 views

Integer Overflow or Wraparound

Overview Magick.NET-Q16-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

8.3CVSS5.9AI score0.00194EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/12 2:18 a.m.11 views

Malicious Package

Overview praxis-scripts is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/03/10 9:2 p.m.11 views

Out-of-bounds Read

Overview Magick.NET-Q8-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

8.2CVSS5.8AI score0.00258EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/09 9:42 p.m.11 views

Out-of-bounds Write

Overview Magick.NET-Q16-HDRI-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

9.2CVSS5.8AI score0.00334EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/09 9:39 p.m.11 views

Stack-based Buffer Overflow

Overview Magick.NET-Q8-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

8.6CVSS5.8AI score0.00096EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/09 7:52 p.m.11 views

Use of GET Request Method With Sensitive Query Strings

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Use of GET Request Method With Sensitive Query Strings via the process that appends authentication material to the browser URL query string and persists it in browser localStorage. An...

8.4CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/03/06 7:14 a.m.11 views

Malicious Package

Overview web3-docs is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.4AI score
Exploits0References2
Total number of security vulnerabilities5000