Lucene search
K
SnykMost viewed

35355 matches found

Snyk
Snyk
added 2026/03/25 9:10 p.m.10 views

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization in the authentication process. An attacker can maintain unauthorized access to resources by using valid API tokens, CalDAV credentials, or OpenID Connect authentication even after the account has been disabled or...

8.1CVSS5.8AI score0.00453EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/25 9:3 p.m.10 views

Uncontrolled Recursion

Overview smol-toml is an A small, fast, and correct TOML parser/serializer Affected versions of this package are vulnerable to Uncontrolled Recursion. An attacker can cause the application to crash by submitting TOML documents containing thousands of consecutive commented lines, which triggers...

6.9CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/03/25 6:45 p.m.10 views

Command Injection

Overview textract is an Extracting text from files of various type including html, pdf, doc, docx, xls, xlsx, csv, pptx, png, jpg, gif, rtf, text/, and various open office. Affected versions of this package are vulnerable to Command Injection via the filePath parameter in multiple extractors. An...

9.8CVSS6.1AI score0.02421EPSS
Exploits4References2
Snyk
Snyk
added 2026/03/25 3:3 p.m.10 views

Malicious Package

Overview allergan is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/03/24 10:27 p.m.10 views

User Impersonation

Overview github.com/nats-io/nats-server/v2/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to User Impersonation through the createOrRestoreSession function in the MQTT session manager. ...

8.3CVSS5.9AI score0.0024EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/24 12:48 p.m.10 views

Malicious Package

Overview agoda-test-poc is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/03/24 2:33 a.m.10 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the pathfor function in DiskService. An attacker can read, write, or delete arbitrary files on the server by supplying blob keys containing path traversal sequences like ../. Note: In most cases, blob keys are...

9.8CVSS6.4AI score0.00567EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/23 10:34 p.m.10 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the gstwavparseadtlchunk function. An attacker can cause an out-of-bounds read by crafting input where the lsize value is odd, leading the parser to advance more bytes than validated due to improper handling of siz...

7.5CVSS5.9AI score0.00225EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/23 10:0 p.m.10 views

Malicious Package

Overview coinbase-desktop-sdk is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/03/19 12:41 a.m.10 views

Resources Downloaded over Insecure Protocol

Overview Affected versions of this package are vulnerable to Resources Downloaded over Insecure Protocol through the dependency resolution of openapi-to-java-records-mustache-templates artifact that if compromised may include arbitrary .mustache files. An attacker can introduce and distribute...

3.4CVSS6AI score0.00321EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/18 12:14 a.m.10 views

Malicious Package

Overview @0xengine/meow is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2026/03/17 5:12 p.m.10 views

Out-of-bounds Write

Overview Magick.NET-Q8-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

7.5CVSS5.8AI score0.00475EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/17 2:7 p.m.10 views

Uncontrolled Recursion

Overview justhtml is an A pure Python HTML5 parser that just works. Affected versions of this package are vulnerable to Uncontrolled Recursion in the construction, when parsing deeply nested HTML structures. An attacker can cause the application to terminate unexpectedly or fail requests by...

7.1CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/03/17 12:46 p.m.10 views

Exposure of Resource to Wrong Sphere

Overview apache-airflow-providers-fab is a Provider package apache-airflow-providers-fab for Apache Airflow Affected versions of this package are vulnerable to Exposure of Resource to Wrong Sphere due to improper handling of the session token cookie path. An attacker can gain unauthorized access ...

9.3CVSS5.8AI score0.00677EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/13 8:41 p.m.10 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the RIFF parser when handling palette data in AVI files. An attacker can execute arbitrary code by convincing a user to open a specially crafted AVI file with an application linked against the affected...

8.4CVSS7.5AI score0.00867EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/13 8:39 p.m.10 views

Stack-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow in the H.266 video bitstream parser. An attacker can achieve process crash or arbitrary code execution by enticing a user to open specially crafted H.266 media content with an application that processes...

8.4CVSS7.7AI score0.00425EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/13 6:55 p.m.10 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal through a discrepancy in path normalization between protocol handlers and internal routing. An attacker can bypass folder-level permissions or escape the boundaries of a configured virtual folder by crafting specific...

8.1CVSS6.3AI score0.00521EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/13 4:45 p.m.10 views

Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')

Overview Affected versions of this package are vulnerable to Selection of Less-Secure Algorithm During Negotiation 'Algorithm Downgrade' in the TLS 1.3 server key agreement group selection when the server configuration includes the 'DEFAULT' keyword. An attacker can influence the negotiation to u...

6.5CVSS5.9AI score0.00435EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/13 3:47 p.m.10 views

Missing Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authorization through the configWrites authorization. An attacker can modify protected configuration data of sibling accounts by issuing channel commands that target accounts with...

7.1CVSS5.9AI score0.00194EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/12 10:39 p.m.10 views

Stack-based Buffer Overflow

Overview Magick.NET-Q16-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

6.7CVSS5.8AI score0.00096EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/12 10:39 p.m.10 views

Stack-based Buffer Overflow

Overview Magick.NET-Q8-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.7CVSS5.8AI score0.00096EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/12 4:23 p.m.10 views

Malicious Package

Overview urql-introspection is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious Behavior The...

9.8CVSS5.9AI score
Exploits0References3
Snyk
Snyk
added 2026/03/12 4:23 p.m.10 views

Malicious Package

Overview transform-function-bind is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious Behavior...

9.8CVSS5.9AI score
Exploits0References3
Snyk
Snyk
added 2026/03/12 4:23 p.m.10 views

Malicious Package

Overview transform-dynamic-import is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious Behavior...

9.8CVSS5.9AI score
Exploits0References3
Snyk
Snyk
added 2026/03/12 2:16 p.m.10 views

Heap-based Buffer Overflow

Overview Magick.NET-Q16-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

7CVSS5.9AI score0.00099EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/12 2:9 p.m.10 views

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free in the MSL decoder. An attacker can cause the application to access freed memory by submitting a malicious MSL file. Remediation A fix was pushed into the master branch but not yet published. References - GitHub Commit...

7.5CVSS5.8AI score0.00243EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/12 2:9 p.m.10 views

Heap-based Buffer Overflow

Overview Magick.NET-Q16-HDRI-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

8.2CVSS5.8AI score0.00113EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/12 2:8 p.m.10 views

Integer Overflow or Wraparound

Overview Magick.NET-Q8-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

8.3CVSS5.9AI score0.00194EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/12 2:18 a.m.10 views

Malicious Package

Overview unibody is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/03/11 11:0 p.m.10 views

Prototype Pollution

Overview graphql-upload-minimal is a Minimalistic and developer friendly middleware and an Upload scalar to add support for GraphQL multipart requests file uploads via queries and mutations to various Node.js GraphQL servers. Affected versions of this package are vulnerable to Prototype Pollution...

9.3CVSS7.5AI score
Exploits0References2
Snyk
Snyk
added 2026/03/11 10:40 p.m.10 views

Improper Encoding or Escaping of Output

Overview shescape is a simple shell escape library Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output in the escape function. An attacker can cause unintended expansion of shell arguments by supplying input containing square brackets, which may result in...

6.9CVSS5.8AI score0.00214EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/10 11:57 p.m.10 views

Infinite loop

Overview Affected versions of this package are vulnerable to Infinite loop in the FileTypeParser class. This is triggered when the ASF WMV/WMA parser receives input including an ASF sub-header with a size value of 0. An attacker can interrupt service with a 55-byte payload. Remediation Upgrade...

6.9CVSS5.8AI score0.00325EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/10 11:44 p.m.10 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the DistSpecAuthzHandler process. An attacker can overwrite an existing latest tag without the required update permission by exploiting the authorization logic that incorrectly treats overwrite attempts as...

8.3CVSS5.8AI score0.00212EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/10 9:5 p.m.10 views

Heap-based Buffer Overflow

Overview Magick.NET-Q8-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

8.6CVSS5.9AI score0.00093EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/10 9:5 p.m.10 views

Out-of-bounds Write

Overview Magick.NET-Q16-HDRI-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

8.6CVSS6AI score0.00123EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/10 9:5 p.m.10 views

Out-of-bounds Write

Overview Magick.NET-Q8-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

8.6CVSS6AI score0.00123EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/09 9:42 p.m.10 views

Out-of-bounds Write

Overview Magick.NET-Q16-HDRI-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

9.2CVSS5.8AI score0.00334EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/09 9:42 p.m.10 views

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write or read, in ReadDIBImage and WriteDIBImage in the DIB coder, due to an integer overflow. Remediation A fix was pushed into the master branch but not yet published. References - GitHub Commit - Red Hat Bugzilla Bug...

9.2CVSS5.8AI score0.00334EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/09 9:38 p.m.10 views

Use After Free

Overview Magick.NET-Q16-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

5.5CVSS5.8AI score0.00193EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/09 9:38 p.m.10 views

Use After Free

Overview Magick.NET-Q16-HDRI-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...

5.5CVSS5.8AI score0.00193EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/06 7:14 a.m.10 views

Malicious Package

Overview sap-activate is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2026/03/06 7:14 a.m.10 views

Malicious Package

Overview @bytedanc/mona-max is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2026/03/06 7:14 a.m.10 views

Malicious Package

Overview prajwalkewat-test-package is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2026/03/06 7:14 a.m.10 views

Malicious Package

Overview testinbro is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2026/03/06 7:14 a.m.10 views

Malicious Package

Overview vue-cli-plugin-changelog is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2026/03/06 7:14 a.m.10 views

Malicious Package

Overview netflixdesign is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2026/03/06 7:14 a.m.10 views

Malicious Package

Overview network-web is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2026/03/06 7:14 a.m.10 views

Malicious Package

Overview sap-catname is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2026/03/06 7:14 a.m.10 views

Malicious Package

Overview mhnumjp is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2026/03/06 7:14 a.m.10 views

Malicious Package

Overview gbc-viewer is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.4AI score
Exploits0References2
Total number of security vulnerabilities5000