Lucene search
K
SnykMost viewed

35508 matches found

Snyk
Snyk
added 2026/03/27 6:21 p.m.11 views

Access of Resource Using Incompatible Type ('Type Confusion')

Overview handlebars is an extension to the Mustache templating language. Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type 'Type Confusion' via the resolvePartial and invokePartial functions. An attacker can execute arbitrary code on the server by...

9.2CVSS6.2AI score0.00703EPSS
Exploits1References3
Snyk
Snyk
added 2026/03/27 5:31 p.m.11 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the logs and logs-stream endpoints. An attacker can access sensitive application log data by authenticating with basic user privileges, as these endpoints do not enforce privilege checks. Remediation There is n...

7.1CVSS5.9AI score0.00244EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/27 3:7 a.m.11 views

Malicious Package

Overview testtestsharp is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/03/26 10:4 p.m.11 views

Improper Verification of Cryptographic Signature

Overview node-forge is a JavaScript implementations of network transports, cryptography, ciphers, PKI, message digests, and various utilities. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the ed25519.verify function. An attacker can bypas...

8.7CVSS5.9AI score0.00348EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/26 6:34 p.m.11 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read through the NEON palette expansion functions in arm/paletteneonintrinsics.c. An attacker can corrupt memory or crash the application by supplying a PNG row whose width is not a multiple of the NEON chunk size. Notes -...

8.6CVSS6.1AI score0.00585EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/26 5:17 p.m.11 views

Out-of-bounds Write

Overview Magick.NET-Q16-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

5.5CVSS5.9AI score0.00141EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/24 12:48 p.m.11 views

Malicious Package

Overview agoda-test-poc is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/03/24 6:31 a.m.11 views

Allocation of Resources Without Limits or Throttling

Overview io.undertow:undertow-core is a Java web server based on non-blocking IO. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the MultiPartParserDefinition multipart parsing process in MultiPartParserDefinition.java. An attacker can...

8.2CVSS5.9AI score0.00441EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/20 4:45 a.m.11 views

Malicious Package

Overview hiagenttest is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/03/18 12:59 p.m.11 views

Server-side Request Forgery (SSRF)

Overview @aborruso/ckan-mcp-server is a MCP server for interacting with CKAN open data portals Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the baseurl parameter in the ckanpackagesearch, sparqlquery, and ckandatastoresearchsql tools. An attacker can...

6CVSS5.8AI score0.00289EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/18 6:54 a.m.11 views

Information Exposure

Overview Glances is an A cross-platform curses-based monitoring tool Affected versions of this package are vulnerable to Information Exposure via the web server which runs without authentication by default when started with glances -w. An attacker can access sensitive system information, includin...

8.7CVSS5.8AI score0.0155EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/18 4:41 a.m.11 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the proxy module due to blindly trusting ExternalIPs/LoadBalancer IPs. An attacker can redirect cluster-wide network traffic or disrupt DNS services by assigning arbitrary external IPs or loadBalancer IPs withou...

7.1CVSS6AI score0.00297EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/17 12:46 p.m.11 views

Exposure of Resource to Wrong Sphere

Overview apache-airflow-providers-fab is a Provider package apache-airflow-providers-fab for Apache Airflow Affected versions of this package are vulnerable to Exposure of Resource to Wrong Sphere due to improper handling of the session token cookie path. An attacker can gain unauthorized access ...

9.3CVSS5.8AI score0.00677EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/16 2:49 p.m.11 views

Malicious Package

Overview n8n-nodes-csv-parse is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/03/13 10:37 a.m.11 views

Malicious Package

Overview hardhat2-config is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/03/12 8:41 p.m.11 views

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion via the parse function due to using a recursive revive phase to resolve circular references in deserialized JSON. An attacker can cause a stack overflow and crash the process by supplying a crafted payload with...

8.7CVSS5.9AI score0.00777EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/12 7:56 p.m.11 views

HTTP Request Smuggling

Overview undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to HTTP Request Smuggling in the processHeader while handling HTTP/1.1 requests containing duplicate Content-Length headers with differing casing. An attacker can bypass...

9.8CVSS5.8AI score0.00493EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/12 4:23 p.m.11 views

Malicious Package

Overview add-react-displayname is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious Behavior Th...

9.8CVSS5.9AI score
Exploits0References3
Snyk
Snyk
added 2026/03/12 2:15 p.m.11 views

Heap-based Buffer Overflow

Overview Magick.NET-Q16-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

8.6CVSS5.8AI score0.00108EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/12 2:15 p.m.11 views

Heap-based Buffer Overflow

Overview Magick.NET-Q16-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

8.6CVSS5.8AI score0.00108EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/12 2:8 p.m.11 views

Integer Overflow or Wraparound

Overview Magick.NET-Q16-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

8.3CVSS5.9AI score0.00194EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/12 2:18 a.m.11 views

Malicious Package

Overview praxis-scripts is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/03/10 9:5 p.m.11 views

Out-of-bounds Write

Overview Magick.NET-Q8-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

8.6CVSS6AI score0.00123EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/10 9:2 p.m.11 views

Out-of-bounds Read

Overview Magick.NET-Q8-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

8.2CVSS5.8AI score0.00258EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/09 9:42 p.m.11 views

Out-of-bounds Write

Overview Magick.NET-Q16-HDRI-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

9.2CVSS5.8AI score0.00334EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/09 9:39 p.m.11 views

Stack-based Buffer Overflow

Overview Magick.NET-Q8-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

8.6CVSS5.8AI score0.00096EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/09 9:38 p.m.11 views

Use After Free

Overview Magick.NET-Q16-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

5.5CVSS5.8AI score0.00193EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/09 7:52 p.m.11 views

Use of GET Request Method With Sensitive Query Strings

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Use of GET Request Method With Sensitive Query Strings via the process that appends authentication material to the browser URL query string and persists it in browser localStorage. An...

8.4CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/03/06 7:14 a.m.11 views

Malicious Package

Overview web3-docs is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2026/03/06 7:14 a.m.11 views

Malicious Package

Overview sap-avatars is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2026/03/06 7:14 a.m.11 views

Malicious Package

Overview relay-github-root is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2026/03/06 7:14 a.m.11 views

Malicious Package

Overview sap-autofix is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2026/03/06 7:14 a.m.11 views

Malicious Package

Overview sap-activate is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2026/03/06 7:14 a.m.11 views

Malicious Package

Overview sap-b is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2026/03/06 7:14 a.m.11 views

Malicious Package

Overview robloxbootstrapper is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2026/03/06 7:14 a.m.11 views

Malicious Package

Overview prajwalkewat-test-package is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2026/03/06 7:14 a.m.11 views

Malicious Package

Overview gbc-viewer is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2026/03/03 9:5 p.m.11 views

Authorization Bypass Through User-Controlled Key

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the duplicateElements function. An attacker can gain unauthorized access and duplicate other users' entries by sending direct requests wit...

7.1CVSS5.8AI score0.00234EPSS
Exploits1References2
Snyk
Snyk
added 2026/02/26 3:13 a.m.11 views

Improper Encoding or Escaping of Output

Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the forgot password process. An attacker can gain unauthorized access to user accounts by manipulating the Host header to injecting custom domains into the password reset link sent to users...

9.3CVSS6AI score0.00245EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/25 7:12 p.m.11 views

Out-of-bounds Read

Overview Magick.NET-Q8-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package ar...

6.3CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/02/24 1:43 a.m.11 views

Allocation of Resources Without Limits or Throttling

Overview Magick.NET-Q8-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

8.7CVSS6AI score0.00501EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/19 8:28 p.m.11 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview svelte is a package for building web applications. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes in server-side rendering when attribute spreading is performed on elements. An attacker can inject...

6.8CVSS5.6AI score0.00377EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/17 6:40 p.m.11 views

Arbitrary Code Injection

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Arbitrary Code Injection via the incorporation of untrusted Slack channel metadata into the system prompt. An attacker can execute unauthorized commands or access sensitive information by...

3.7CVSS6AI score0.002EPSS
Exploits1References2
Snyk
Snyk
added 2026/02/16 8:59 a.m.11 views

Command Injection

Overview lu2 is a Simple and flexible UI component library based on native HTML and JavaScript Affected versions of this package are vulnerable to Command Injection due to the use of childprocess.exec function in run.js. An attacker can execute arbitrary operating system commands by supplying...

8.6CVSS6.1AI score0.02249EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/05 5:23 p.m.11 views

Improper Certificate Validation

Overview std/crypto/tls is a Go standard library package std/crypto/tls Affected versions of this package are vulnerable to Improper Certificate Validation. Go Vulnerability Report: During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated betwe...

10CVSS8.4AI score0.00765EPSS
Exploits1References4
Snyk
Snyk
added 2026/02/02 6:29 p.m.11 views

Improper Encoding or Escaping of Output

Overview jspdf is a PDF Document creation from JavaScript Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the AcroformChoiceField.addOption, AcroformChoiceField.setOptions, AcroFormCheckBox.appearanceState, or AcroFormRadioButton.appearanceState...

9.3CVSS6AI score0.00532EPSS
Exploits1References2
Snyk
Snyk
added 2026/01/29 10:21 p.m.11 views

Prototype Pollution

Overview deephas is a package to test for existence of nested object key and optionally return that key. Affected versions of this package are vulnerable to Prototype Pollution via the add and indexer functions. An attacker can modify global object behavior and inject arbitrary properties into...

9.4CVSS6.7AI score0.00717EPSS
Exploits4References2
Snyk
Snyk
added 2026/01/28 4:33 p.m.11 views

Malicious Package

Overview @volcenjine/tos-sdk is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/01/28 4:33 p.m.11 views

Malicious Package

Overview mindmeld-ui is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/01/28 4:33 p.m.11 views

Malicious Package

Overview @metrics-service/mf-client is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.9AI score
Exploits0References2
Total number of security vulnerabilities5000