Lucene search
K
SnykMost viewed

35723 matches found

Snyk
Snyk
added 2026/03/06 7:14 a.m.11 views

Malicious Package

Overview web3-docs is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2026/03/06 7:14 a.m.11 views

Malicious Package

Overview sap-autofix is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2026/03/06 7:14 a.m.11 views

Malicious Package

Overview sap-activate is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2026/03/06 7:14 a.m.11 views

Malicious Package

Overview sap-b is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2026/03/06 7:14 a.m.11 views

Malicious Package

Overview gbc-viewer is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2026/03/06 7:14 a.m.11 views

Malicious Package

Overview vue-cli-plugin-changelog is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2026/03/03 9:5 p.m.11 views

Authorization Bypass Through User-Controlled Key

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the duplicateElements function. An attacker can gain unauthorized access and duplicate other users' entries by sending direct requests wit...

7.1CVSS5.8AI score0.00234EPSS
Exploits1References2
Snyk
Snyk
added 2026/02/26 3:13 a.m.11 views

Improper Encoding or Escaping of Output

Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the forgot password process. An attacker can gain unauthorized access to user accounts by manipulating the Host header to injecting custom domains into the password reset link sent to users...

9.3CVSS6AI score0.00245EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/25 7:12 p.m.11 views

Out-of-bounds Read

Overview Magick.NET-Q8-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package ar...

6.3CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/02/24 1:43 a.m.11 views

Allocation of Resources Without Limits or Throttling

Overview Magick.NET-Q8-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

8.7CVSS6AI score0.00501EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/19 8:28 p.m.11 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview svelte is a package for building web applications. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes in server-side rendering when attribute spreading is performed on elements. An attacker can inject...

6.8CVSS5.6AI score0.00377EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/17 6:40 p.m.11 views

Arbitrary Code Injection

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Arbitrary Code Injection via the incorporation of untrusted Slack channel metadata into the system prompt. An attacker can execute unauthorized commands or access sensitive information by...

3.7CVSS6AI score0.002EPSS
Exploits1References2
Snyk
Snyk
added 2026/02/16 8:59 a.m.11 views

Command Injection

Overview lu2 is a Simple and flexible UI component library based on native HTML and JavaScript Affected versions of this package are vulnerable to Command Injection due to the use of childprocess.exec function in run.js. An attacker can execute arbitrary operating system commands by supplying...

8.6CVSS6.1AI score0.02249EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/05 5:23 p.m.11 views

Improper Certificate Validation

Overview std/crypto/tls is a Go standard library package std/crypto/tls Affected versions of this package are vulnerable to Improper Certificate Validation. Go Vulnerability Report: During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated betwe...

10CVSS8.4AI score0.00765EPSS
Exploits1References4
Snyk
Snyk
added 2026/02/02 6:29 p.m.11 views

Improper Encoding or Escaping of Output

Overview jspdf is a PDF Document creation from JavaScript Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the AcroformChoiceField.addOption, AcroformChoiceField.setOptions, AcroFormCheckBox.appearanceState, or AcroFormRadioButton.appearanceState...

9.3CVSS6AI score0.00532EPSS
Exploits1References2
Snyk
Snyk
added 2026/01/29 10:21 p.m.11 views

Prototype Pollution

Overview deephas is a package to test for existence of nested object key and optionally return that key. Affected versions of this package are vulnerable to Prototype Pollution via the add and indexer functions. An attacker can modify global object behavior and inject arbitrary properties into...

9.4CVSS6.7AI score0.00717EPSS
Exploits4References2
Snyk
Snyk
added 2026/01/28 4:33 p.m.11 views

Malicious Package

Overview mindmeld-ui is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/01/28 4:33 p.m.11 views

Malicious Package

Overview @volcenjine/tos-sdk is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/01/28 4:33 p.m.11 views

Malicious Package

Overview api-cache-worker is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/01/28 4:33 p.m.11 views

Malicious Package

Overview bytes-guide is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/01/28 4:33 p.m.11 views

Malicious Package

Overview @metrics-service/mf-client is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/01/28 4:33 p.m.11 views

Malicious Package

Overview @douinfe/semi-illustrations is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/01/16 4:43 p.m.11 views

Malicious Package

Overview chakra-ui-2--react-utils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS6.8AI score
Exploits0References2
Snyk
Snyk
added 2026/01/13 9:36 a.m.11 views

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception in the TLS module when a TLS server is configured with pskCallback or ALPNCallback. A remote attacker can crash or exhaust resources of a TLS server by sending input that causes the callback to throw an error...

8.2CVSS6.8AI score0.01056EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/16 10:32 p.m.11 views

Malicious Package

Overview onchain-commerce-template is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2025/12/16 10:32 p.m.11 views

Malicious Package

Overview semi-adimation is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2025/12/06 1:4 a.m.11 views

CSV Injection

Overview json-2-csv is an A JSON to CSV and CSV to JSON converter that natively supports sub-documents and auto-generates the CSV heading. Affected versions of this package are vulnerable to CSV Injection via the preventCsvInjection option which can be bypassed. An attacker can inject formulas in...

7CVSS5.9AI score0.00166EPSS
Exploits0References2
Snyk
Snyk
added 2025/11/05 3:47 p.m.11 views

SQL Injection

Overview Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to SQL Injection via the connector argument in the QuerySet.filter, QuerySet.exclude, QuerySet.get, and Q objects. A dictionary usin...

9.1CVSS8.1AI score0.19396EPSS
Exploits10References2
Snyk
Snyk
added 2025/10/22 7:46 p.m.11 views

Unverified Ownership

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Unverified Ownership via the JWT authentication process. An attacker can gain unauthorized access to protected resources by presenting a valid token intended for a different audience when...

9.3CVSS7.2AI score0.0035EPSS
Exploits1References2
Snyk
Snyk
added 2025/10/14 8:32 p.m.11 views

HTTP Request Smuggling

Overview Microsoft.AspNetCore.Server.Kestrel.Core is a core components of ASP.NET Core Kestrel cross-platform web server. Affected versions of this package are vulnerable to HTTP Request Smuggling via the interpretation of chunked HTTP requests. An attacker can bypass security restrictions and...

9.9CVSS9.1AI score0.65838EPSS
Exploits5References2
Snyk
Snyk
added 2025/09/04 8:1 p.m.11 views

Information Exposure

Overview prestashop/prestashop is an Open Source e-commerce platform, committed to providing the best shopping cart experience for both merchants and customers. Affected versions of this package are vulnerable to Information Exposure via manipulation of the idemployee and resettoken parameters on...

4.2CVSS6.6AI score0.00755EPSS
Exploits1References2
Snyk
Snyk
added 2025/08/13 12:46 p.m.11 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS due to incorrect stream accounting in the handling of server-sent stream resets. An attacker can cause excessive server resource consumption by rapidly opening streams and triggering resets using malformed frames o...

8.7CVSS6AI score0.0351EPSS
Exploits3References2
Snyk
Snyk
added 2025/08/13 9:52 a.m.11 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to improper processing of large name constraint structures in PKIXCertPathReviewer. An attacker can cause excessive resource allocation by submitting specially crafted ASN.1...

6.3CVSS6.8AI score0.00461EPSS
Exploits0References2
Snyk
Snyk
added 2025/08/13 9:52 a.m.11 views

Allocation of Resources Without Limits or Throttling

Overview org.bouncycastle:bcprov-jdk15on is a Java implementation of cryptographic algorithms. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to improper processing of large name constraint structures in PKIXCertPathReviewer. An attack...

6.3CVSS6.8AI score0.00461EPSS
Exploits0References2
Snyk
Snyk
added 2025/08/13 9:52 a.m.11 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to improper processing of large name constraint structures in PKIXCertPathReviewer. An attacker can cause excessive resource allocation by submitting specially crafted ASN.1...

6.3CVSS6.8AI score0.00461EPSS
Exploits0References2
Snyk
Snyk
added 2025/08/13 9:52 a.m.11 views

Allocation of Resources Without Limits or Throttling

Overview org.bouncycastle:bcprov-ext-jdk15to18 is a Java implementation of cryptographic algorithms. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to improper processing of large name constraint structures in PKIXCertPathReviewer. An...

6.3CVSS6.8AI score0.00461EPSS
Exploits0References2
Snyk
Snyk
added 2025/08/12 9:40 a.m.11 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the ASN1ObjectIdentifier. An attacker can cause excessive resource consumption by submitting specially crafted ASN.1 Object Identifiers, potentially leading to service disruption...

6.3CVSS7AI score0.00541EPSS
Exploits0References2
Snyk
Snyk
added 2025/04/14 1:44 p.m.11 views

Cross-site Scripting (XSS)

Overview krayin/laravel-crm is a hand tailored CRM framework built on some of the hottest opensource technologies such as Laravel a PHP framework and Vue.js a progressive Javascript framework. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the storeMedia function...

5.4CVSS5.4AI score0.00356EPSS
Exploits2References2
Snyk
Snyk
added 2025/03/24 10:0 p.m.11 views

Improper Isolation or Compartmentalization

Overview CefSharp.WinForms is a the CefSharp Chromium-based browser component WinForms control. Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization that allows an attacker who can convince a user to follow a malicious link to escape sandbox protections,...

8.3CVSS7.6AI score0.08404EPSS
Exploits6References2
Snyk
Snyk
added 2025/03/24 10:0 p.m.11 views

Improper Isolation or Compartmentalization

Overview Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization that allows an attacker who can convince a user to follow a malicious link to escape sandbox protections, due to a logic error in the Mojo component. This vulnerability does not enable code...

8.3CVSS7.6AI score0.08404EPSS
Exploits6References2
Snyk
Snyk
added 2025/03/14 1:43 p.m.11 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview camaleoncms is a dynamic and advanced content management system based on Ruby on Rails as an alternative to Wordpress. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the updatedajax method of the...

9.9CVSS5.8AI score0.00566EPSS
Exploits17References2
Snyk
Snyk
added 2025/03/11 7:24 p.m.11 views

Improper Authentication

Overview Microsoft.AspNetCore.App.Runtime.linux-musl-x64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Improper Authentication in the RefreshSignInAsyn...

8.3CVSS7.2AI score0.00911EPSS
Exploits1References2
Snyk
Snyk
added 2022/08/05 8:9 a.m.11 views

Malicious Package

Overview gcore-cdn-stats is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package w...

9.8CVSS7.1AI score
Exploits0References3
Snyk
Snyk
added 2021/12/15 1:37 p.m.11 views

Command Injection

Overview com.itextpdf:itextpdf is a software developer toolkit that allows users to integrate PDF functionalities within their applications, processes or products. Affected versions of this package are vulnerable to Command Injection. An attacker controlling the filename passed to the CompareTool...

9.8CVSS7.3AI score0.05172EPSS
Exploits1References2
Snyk
Snyk
added 2020/04/17 12:0 a.m.11 views

Malicious Package

Overview buntopress is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using buntopress...

8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 5 days ago10 views

Directory Traversal

Overview decompress is a package that can be used for extracting archives. Affected versions of this package are vulnerable to Directory Traversal via improper validation in the safeMakeDir function and extraction path validation process. An attacker can write arbitrary files outside the intended...

8.7CVSS6.5AI score0.00268EPSS
Exploits1References2
Snyk
Snyk
added last week10 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation due to improper enforcement of the Certificate Revocation List on the gRPC listener when separate listeners are configured for HTTP and gRPC client endpoints. An attacker can gain unauthorized access and...

8.5CVSS6.1AI score0.00319EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/08 2:25 a.m.10 views

Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal via the scp process. An attacker can cause files to be placed outside the intended directory by crafting a copy operation between two remote destinations. Remediation A fix was pushed into the master branch but n...

5.4CVSS6.1AI score0.00241EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/06 6:53 p.m.10 views

Malicious Package

Overview env-axios is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/04 8:18 p.m.10 views

Out-of-bounds Read

Overview onnx is an Open Neural Network Exchange Affected versions of this package are vulnerable to Out-of-bounds Read through convPoolShapeInferenceopset19 in onnx/defs/nn/old.cc. An attacker can trigger the flaw by supplying a malformed convolution or pooling model that reaches the...

5.3CVSS6.2AI score0.00253EPSS
Exploits0References2
Total number of security vulnerabilities5000