Lucene search
K
SnykMost viewed

35355 matches found

Snyk
Snyk
•added 2026/05/22 5:32 a.m.•10 views

Uncaught Exception

Overview github.com/golang/crypto/ssh is a SSH client and server Affected versions of this package are vulnerable to Uncaught Exception in the CertChecker component when used as a public key callback without setting IsUserAuthority or IsHostAuthority. An attacker can cause the server to panic by...

8.7CVSS5.8AI score0.00394EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/22 5:32 a.m.•10 views

Integer Overflow or Wraparound

Overview golang.org/x/crypto/ssh is a SSH client and server Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the payload size calculation within the Write process. An attacker can cause the process to enter an infinite loop and exhaust system resources by...

9.1CVSS5.8AI score0.00466EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/22 5:32 a.m.•10 views

Integer Overflow or Wraparound

Overview github.com/golang/crypto/ssh is a SSH client and server Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the payload size calculation within the Write process. An attacker can cause the process to enter an infinite loop and exhaust system resources by...

9.1CVSS5.8AI score0.00466EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/22 5:32 a.m.•10 views

Incorrect Authorization

Overview github.com/golang/crypto/ssh is a SSH client and server Affected versions of this package are vulnerable to Incorrect Authorization. When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially...

8.8CVSS5.8AI score0.00314EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/22 5:29 a.m.•10 views

Incorrect Type Conversion or Cast

Overview Affected versions of this package are vulnerable to Incorrect Type Conversion or Cast due to the improper handling of crafted input data in the ed25519.PrivateKey component. An attacker can cause the client to panic by supplying malformed wire bytes. Remediation Upgrade...

8.7CVSS5.8AI score0.00313EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/22 5:29 a.m.•10 views

Incorrect Type Conversion or Cast

Overview Affected versions of this package are vulnerable to Incorrect Type Conversion or Cast due to the improper handling of crafted input data in the ed25519.PrivateKey component. An attacker can cause the client to panic by supplying malformed wire bytes. Remediation Upgrade...

8.7CVSS5.8AI score0.00313EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/22 2:43 a.m.•10 views

Malicious Package

Overview compliance-check-runner is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/22 2:43 a.m.•10 views

Malicious Package

Overview deploy-guard-check is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/22 2:42 a.m.•10 views

Malicious Package

Overview solidity-deploy-guard is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/21 9:43 p.m.•10 views

Division by zero

Overview Magick.NET-Q16-HDRI-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

4.8CVSS5.8AI score0.00111EPSS
Exploits0References3
Snyk
Snyk
•added 2026/05/21 9:42 p.m.•10 views

Off-by-one Error

Overview Magick.NET-Q8-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.9CVSS5.9AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/21 9:42 p.m.•10 views

Off-by-one Error

Overview Magick.NET-Q16-HDRI-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.9CVSS5.9AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/21 9:40 p.m.•10 views

Access of Resource Using Incompatible Type ('Type Confusion')

Overview Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type 'Type Confusion' via improper handling of numeric User directives in container configuration. An attacker can gain elevated privileges by supplying a crafted image with an /etc/passwd file that...

7.8CVSS5.7AI score0.00221EPSS
Exploits1References2
Snyk
Snyk
•added 2026/05/21 9:38 p.m.•10 views

Missing Release of Memory after Effective Lifetime

Overview @libp2p/gossipsub is an A typescript implementation of gossipsub Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime through unbounded growth of the topics data structure when processing subscription requests. An attacker can exhaust...

8.7CVSS5.8AI score0.00278EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/21 9:23 p.m.•10 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the IntlExtension process. An attacker can cause excessive memory consumption by supplying a large number of unique arguments to the formatdatetime, formatdate, formattime,...

6.9CVSS5.8AI score0.00056EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/21 5:42 p.m.•10 views

Cleartext Storage of Sensitive Information

Overview sagemaker-serve is a SageMaker Serve package for model serving and deployment Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information in the ModelBuilder/Serve component. An attacker can extract sensitive HMAC signing keys by accessing the SageMaker...

9.1CVSS6.2AI score0.00439EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/21 11:46 a.m.•10 views

Directory Traversal

Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Directory Traversal in the integration action URL process. An attacker can execute arbitrary API calls with system administrator privileges by...

9.9CVSS6.4AI score0.00249EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/21 11:46 a.m.•10 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the integration action URL process. An attacker can execute arbitrary API calls with system administrator privileges by exploiting path traversal in the integration action URL when authenticated with a...

9.9CVSS6.4AI score0.00249EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/21 7:35 a.m.•10 views

Access Control Bypass

Overview mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Access Control Bypass via the SearchModelVersions REST API endpoin...

7.1CVSS6.7AI score0.00441EPSS
Exploits1References2
Snyk
Snyk
•added 2026/05/20 4:3 p.m.•10 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition in the daemon file handling. An attacker can create or overwrite arbitrary files by replacing parent directory components with symbolic links during the window between validation and use...

7.8CVSS5.9AI score0.00152EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/20 3:45 p.m.•10 views

Weak Password Recovery Mechanism for Forgotten Password

Overview phpmyfaq/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Weak Password Recovery Mechanism for Forgotten Password via the updatePassword function. An attacker can enumerate valid user accounts and forcibly chan...

8.8CVSS5.8AI score0.00241EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/20 3:37 p.m.•10 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the authorization process in UserDeactivateView, UserActivateView, and delete in wger/core/views/user.py due to improper gym-scope checks when both the attacker and victim have gym=None. An attacker with the...

9CVSS5.5AI score
Exploits0References3
Snyk
Snyk
•added 2026/05/20 3:35 p.m.•10 views

Arbitrary Argument Injection

Overview Affected versions of this package are vulnerable to Arbitrary Argument Injection via recipient handling in SendmailTransport when using sendmail -t mode. An attacker can inject arbitrary sendmail command-line options by supplying a recipient address beginning with -, as recipient address...

9.2CVSS5.9AI score0.00062EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/20 3:35 p.m.•10 views

Incorrect Authorization

Overview symfony/security-http is a provides an infrastructure for sophisticated authorization systems, which makes it possible to easily separate the actual authorization logic from so called user providers that hold the users credentials. Affected versions of this package are vulnerable to...

8.6CVSS5.8AI score0.00052EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/20 3:35 p.m.•10 views

Arbitrary Code Execution

Overview modelscope is a ModelScope: bring the notion of Model-as-a-Service to life. Affected versions of this package are vulnerable to Arbitrary Code Execution from the pipeline interface. There, a user can supply a malicious model that loads arbitrary modules via an acoustic-echo-cancellation...

8.8CVSS5.7AI score0.00529EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/20 3:35 p.m.•10 views

Missing Authentication for Critical Function

Overview symfony/mailtrap-mailer is a Symfony Mailtrap Mailer Bridge Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the doParse webhook request parser in the Mailtrap mailer bridge. An attacker can submit forged webhook events because the pars...

6.9CVSS5.8AI score0.00026EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/20 3:35 p.m.•10 views

Missing Authentication for Critical Function

Overview symfony/lox24-notifier is a Symfony LOX24 Notifier Bridge Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the doParse webhook request parsers in the Mailjet maile bridge and LOX24 SMS notifier bridge. An attacker can submit forged...

6.9CVSS5.8AI score0.00103EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/20 3:35 p.m.•10 views

Interpretation Conflict

Overview symfony/html-sanitizer is a Provides an object-oriented API to sanitize untrusted HTML input for safe insertion into a document's DOM. Affected versions of this package are vulnerable to Interpretation Conflict via URL parsing and policy enforcement in UrlSanitizer/UrlAttributeSanitizer...

5.4CVSS5.8AI score0.00048EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/20 3:35 p.m.•10 views

User Interface (UI) Misrepresentation of Critical Information

Overview symfony/html-sanitizer is a Provides an object-oriented API to sanitize untrusted HTML input for safe insertion into a document's DOM. Affected versions of this package are vulnerable to User Interface UI Misrepresentation of Critical Information via UrlSanitizer::parse in the...

7.1CVSS5.8AI score0.00069EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/20 3:35 p.m.•10 views

SQL Injection

Overview symfony/cache is a cache component provides an extended PSR-6 implementation for adding cache to your applications. Affected versions of this package are vulnerable to SQL Injection via PdoAdapter::doClear method. An attacker can influence SQL query to expand deletion scope or perform...

8.4CVSS6AI score0.00062EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/20 3:31 p.m.•10 views

Command Injection

Overview setup-php is a Setup PHP for use with GitHub Actions Affected versions of this package are vulnerable to Command Injection via the process that resolves PHP version from repository-controlled files such as .php-version, composer.lock, or composer.json and incorporates the value into the...

6.3CVSS6.2AI score0.01576EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/20 9:41 a.m.•10 views

Allocation of Resources Without Limits or Throttling

Overview twig/twig is a flexible, fast, and secure template language for PHP. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via untrusted Twig template evaluation within the sandbox. An attacker can cause denial of service by supplying...

8.7CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/20 3:42 a.m.•10 views

Authentication Bypass by Alternate Name

Overview Affected versions of this package are vulnerable to Authentication Bypass by Alternate Name via the hostname-based access control list enforcement process when configured with chroot. An attacker can gain unauthorized access by manipulating the PTR record for their source IP address,...

6.3CVSS5.8AI score0.00282EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/19 8:9 p.m.•10 views

Server-side Request Forgery (SSRF)

Overview sillytavern is a LLM Frontend for Power Users Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in SearXNG search proxy via unvalidated baseUrl. An authenticated low-privilege user can point baseUrl at an internal or loopback HTTP service and receive th...

8.5CVSS5.8AI score0.00866EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/19 7:56 p.m.•10 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling while processing PDF files. An attacker can cause the server to crash or become unresponsive by uploading a specially crafted PDF file that triggers memory exhaustion or an endless...

6CVSS5.8AI score0.00259EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/19 7:54 p.m.•10 views

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index in the skipGroup function. An attacker can cause a service crash by sending a crafted protobuf payload with a negative length in a length-delimited field inside a group, leading to an unchecked runtime...

8.7CVSS5.8AI score0.00055EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/19 4:25 p.m.•10 views

Missing Authorization

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Missing Authorization via image404Raw.php. An attacker can access arbitrary image files, including those protected by access controls, by supplying crafted path...

6.9CVSS5.9AI score0.00455EPSS
Exploits1References3
Snyk
Snyk
•added 2026/05/19 3:54 p.m.•10 views

Improper Removal of Sensitive Information Before Storage or Transfer

Overview Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer in the HideSecretData function that fails to mask predictedLive argument for --server-side-diff command. An attacker can extract last-applied-configuration which may...

6.3CVSS5.8AI score0.00034EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/19 2:44 p.m.•10 views

Server-side Request Forgery (SSRF)

Overview @haxtheweb/open-apis is a Shared API infrastructure for HAXTheWeb advanced capabilities like importing, parsing, analysis, migration Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via improper hostname validation in the cacheAddress, JOSHelpers, and...

8.7CVSS5.4AI score0.00457EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/19 11:54 a.m.•10 views

Origin Validation Error

Overview mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Origin Validation Error in the /ajax-api endpoints. An attacker ca...

9.6CVSS7.6AI score0.00371EPSS
Exploits1References2
Snyk
Snyk
•added 2026/05/19 11:32 a.m.•10 views

Malicious Package

Overview chai-as-vec is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/19 10:51 a.m.•10 views

User Impersonation

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to User Impersonation through the SessionCodeChecks logic in SessionCodeChecks.java. An attacker can reuse an...

7.7CVSS5.8AI score0.00418EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/19 10:43 a.m.•10 views

Authorization Bypass Through User-Controlled Key

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the generateAccessToken path in...

6.9CVSS5.9AI score0.00398EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/19 1:45 a.m.•10 views

Missing Authorization

Overview glpi/glpi is a free Asset and IT Management Software package with ITIL Service Desk, licenses tracking and software auditing. Affected versions of this package are vulnerable to Missing Authorization in the export process. An attacker can gain access to the structure of forms they are no...

5.1CVSS5.8AI score0.00217EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/18 11:48 p.m.•10 views

Creation of Temporary File With Insecure Permissions

Overview Affected versions of this package are vulnerable to Creation of Temporary File With Insecure Permissions via the getorcreatenfstmpdir and createmodeldownloadingtmpdir functions. An attacker can modify model artifacts by exploiting these permissions, potentially leading to arbitrary code...

7.8CVSS7.6AI score0.00215EPSS
Exploits2References2
Snyk
Snyk
•added 2026/05/18 9:0 p.m.•10 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

9.8CVSS5.9AI score
Exploits0References3
Snyk
Snyk
•added 2026/05/18 9:0 p.m.•10 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

9.8CVSS5.9AI score
Exploits0References3
Snyk
Snyk
•added 2026/05/18 9:0 p.m.•10 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

9.8CVSS5.9AI score
Exploits0References3
Snyk
Snyk
•added 2026/05/18 9:0 p.m.•10 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/18 9:0 p.m.•10 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

9.8CVSS5.9AI score
Exploits0References2
Total number of security vulnerabilities5000