Lucene search
K
SnykMost viewed

35122 matches found

Snyk
Snyk
added 2025/09/06 7:42 p.m.10 views

Directory Traversal

Overview internetarchive is an A Python interface to archive.org. Affected versions of this package are vulnerable to Directory Traversal via the download function in the file.py file, which does not properly sanitize user-supplied filenames or validate the final download path. An attacker can...

9.6CVSS7.7AI score0.01402EPSS
Exploits0References2
Snyk
Snyk
added 2025/08/13 9:52 a.m.10 views

Allocation of Resources Without Limits or Throttling

Overview org.bouncycastle:bcprov-jdk16 is a Bouncy Castle Crypto package that is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.6. Affected versions of this package are vulnerable to Allocatio...

6.3CVSS6.8AI score0.0043EPSS
Exploits0References2
Snyk
Snyk
added 2025/05/14 6:44 p.m.10 views

Division by zero

Overview Affected versions of this package are vulnerable to Division by zero via the startinputtga function in rdtarga.c. An attacker can cause a denial of service by sending an image with a zero width or height, resulting in a SIGFPE. Remediation A fix was pushed into the master branch but not...

8.7CVSS6.8AI score0.00392EPSS
Exploits0References2
Snyk
Snyk
added 2025/04/14 1:44 p.m.10 views

Cross-site Scripting (XSS)

Overview krayin/laravel-crm is a hand tailored CRM framework built on some of the hottest opensource technologies such as Laravel a PHP framework and Vue.js a progressive Javascript framework. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the storeMedia function...

5.4CVSS5.4AI score0.00356EPSS
Exploits2References2
Snyk
Snyk
added 2025/03/24 10:0 p.m.10 views

Improper Isolation or Compartmentalization

Overview Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization that allows an attacker who can convince a user to follow a malicious link to escape sandbox protections, due to a logic error in the Mojo component. This vulnerability does not enable code...

8.3CVSS7.6AI score0.08404EPSS
Exploits6References2
Snyk
Snyk
added 2022/08/05 8:9 a.m.10 views

Malicious Package

Overview gcore-cdn-stats is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package w...

9.8CVSS7.1AI score
Exploits0References3
Snyk
Snyk
added 2022/06/23 9:25 a.m.10 views

Malicious Package

Overview contentsource-connector is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...

9.8CVSS7AI score
Exploits0References3
Snyk
Snyk
added 2022/06/13 11:15 a.m.10 views

Improper Verification of Cryptographic Signature

Overview jsrsasign is a free pure JavaScript cryptographic library. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature when JWS or JWT signature with non Base64URL encoding special characters or number escaped characters may be validated as valid ...

9.8CVSS7AI score0.01096EPSS
Exploits1References2
Snyk
Snyk
added 2021/05/24 7:53 p.m.10 views

Malicious Package

Overview testerdexa is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2021/05/24 7:53 p.m.10 views

Malicious Package

Overview string-utils-assistant is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2020/11/17 1:2 p.m.10 views

Code Injection

Overview Affected versions of this package are vulnerable to Code Injection due the improper validation of options.variable key names in .template. An attacker can execute arbitrary code at template compilation time by injecting malicious expressions. If Object.prototype has been polluted,...

7.2CVSS7.2AI score0.2241EPSS
Exploits3References2
Snyk
Snyk
added 2020/08/17 2:29 p.m.10 views

Prototype Pollution

Overview worksmith is an A purely functional workflow engine Affected versions of this package are vulnerable to Prototype Pollution via the setValue function. POC const worksmith = require'worksmith'; worksmith.setValue, 'proto.polluted', true; console.logpolluted; // true Details Prototype...

9.8CVSS9AI score0.01916EPSS
Exploits1References2
Snyk
Snyk
added 2020/04/17 12:0 a.m.10 views

Malicious Package

Overview spider-bot is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using spider-bot...

8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2020/04/17 12:0 a.m.10 views

Malicious Package

Overview batchrails is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using batchrails...

8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2020/04/17 12:0 a.m.10 views

Malicious Package

Overview active-model-permalink is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using...

8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/07/02 2:55 p.m.9 views

Malicious Package

Overview tailwind-animates is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/06/30 11:20 p.m.9 views

Uncontrolled Search Path Element

Overview app-builder-bin is an app-builder precompiled binaries Affected versions of this package are vulnerable to Uncontrolled Search Path Element through the execWine/executeAppBuilder command path in builder-util and app-builder-lib on non-Windows systems. An attacker can execute...

7.8CVSS6.3AI score0.00129EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/30 5:25 p.m.9 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the LookupOrg handler in the /api/orgs/lookup endpoint when unauthenticated requests are made. An attacker can cause repeated NULL pointer dereferences, resulting in excessive log entries and increased disk...

6.9CVSS6AI score0.00362EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/30 3:59 p.m.9 views

Malicious Package

Overview chai-as-persisted is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/30 3:13 p.m.9 views

Malicious Package

Overview setup-cicd is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/30 12:21 p.m.9 views

Allocation of Resources Without Limits or Throttling

Overview org.apache.activemq:activemq-all is a package that puts together an ActiveMQ jar bundle. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the OpenWire process. An attacker can exhaust system memory by repeatedly sending BrokerInf...

7.5CVSS5.8AI score0.00707EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/29 10:23 p.m.9 views

Improper Authorization

Overview org.apache.tomcat:tomcat is an implementation of the Java Servlet, JavaServer Pages, Java Expression Language and Java WebSocket technologies. Affected versions of this package are vulnerable to Improper Authorization due to the improper enforcement of security constraints in the default...

6.5CVSS5.8AI score0.0041EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/29 4:53 p.m.9 views

Malicious Package

Overview @webda-features/dashboard is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/29 4:53 p.m.9 views

Malicious Package

Overview @e50/utils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/29 4:53 p.m.9 views

Malicious Package

Overview @meego-progressive/cdk is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/29 4:44 p.m.9 views

Malicious Package

Overview rc-icon is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/29 4:44 p.m.9 views

Malicious Package

Overview @grappi/automations is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/29 4:44 p.m.9 views

Malicious Package

Overview @mcconnect/mcc-common-lib is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/29 4:32 p.m.9 views

Malicious Package

Overview react-pinojs is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/29 10:49 a.m.9 views

Malicious Package

Overview vkzmn is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/27 12:2 a.m.9 views

External Control of File Name or Path

Overview @pnpm/installing.deps-installer is a Fast, disk space efficient installation engine Affected versions of this package are vulnerable to External Control of File Name or Path via the lockfile alias handling process. An attacker can overwrite files or directories outside the intended...

7.1CVSS5.8AI score0.00262EPSS
Exploits1References3
Snyk
Snyk
added 2026/06/26 10:49 p.m.9 views

Incorrect Comparison

Overview js-toml is an A TOML parser for JavaScript/TypeScript, targeting TOML 1.0.0 Spec Affected versions of this package are vulnerable to Incorrect Comparison via the load process. An attacker can manipulate configuration values by supplying specially crafted TOML input that uses duplicate ke...

6.9CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/26 12:18 p.m.9 views

Integer Underflow (Wrap or Wraparound)

Overview Affected versions of this package are vulnerable to Integer Underflow Wrap or Wraparound in the rpcreadfromsocket process in lib/socket.c during a connection to a crafted NFS server, when the expected PDU size exceeds the absolute PDU size from the xid/record-marker. An attacker can caus...

7.6CVSS5.8AI score0.00195EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/26 12:16 p.m.9 views

Malicious Package

Overview react-icon-svgs is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/26 11:16 a.m.9 views

Malicious Package

Overview ai-node-relay is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/26 5:55 a.m.9 views

Malicious Package

Overview wao is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/26 5:11 a.m.9 views

Malicious Package

Overview pump-stream-logger is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/26 5:10 a.m.9 views

Malicious Package

Overview ttal2ttml is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/26 3:10 a.m.9 views

Malicious Package

Overview ref-slot is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/25 6:43 p.m.9 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication via the unauthenticated router-key and mcp-init-host paths. An attacker can gain unauthorized access or bypass authentication controls by sending crafted requests to these endpoints. Remediation Upgrade...

9.3CVSS5.8AI score
Exploits0References3
Snyk
Snyk
added 2026/06/25 5:46 a.m.9 views

Malicious Package

Overview ccl-component-resources is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/24 9:0 p.m.9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to a variant of the "Miasma" supply chain attack targeting the LeoPlatform npm ecosystem. A malicious actor compromised a legitimate maintainer account and used it to publish infected versions of this...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/06/24 10:23 a.m.9 views

Malicious Package

Overview rapidsearch is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/24 1:36 a.m.9 views

Malicious Package

Overview aes-decode-runner-pro is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/24 1:17 a.m.9 views

Malicious Package

Overview markdownlint-cli2-fix is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/23 3:32 p.m.9 views

Malicious Package

Overview server-parket is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/23 12:15 p.m.9 views

Malicious Package

Overview new-mjs-eslint is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/23 6:22 a.m.9 views

Malicious Package

Overview ts-wross is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/22 11:19 p.m.9 views

Deserialization of Untrusted Data

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the ensurepip.runpip function. An attacker can execute arbitrary code by crafting malicious pickle files...

9CVSS6.2AI score0.00367EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/21 9:0 p.m.9 views

Malicious Package

Overview apintergrationpost is a malicious package. This package conceals a Linux remote access trojan RAT called MYRA. The package's documentation claims it is designed for "authorized red team exercises and EDR validation." Regardless of the publisher's intent, it should be treated as malicious...

9.8CVSS6AI score
Exploits0References2
Total number of security vulnerabilities5000