Lucene search
K
SnykMost viewed

35355 matches found

Snyk
Snyk
•added 2026/03/12 2:9 p.m.•10 views

Heap-based Buffer Overflow

Overview Magick.NET-Q16-HDRI-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

8.2CVSS5.8AI score0.00113EPSS
Exploits0References2
Snyk
Snyk
•added 2026/03/12 2:8 p.m.•10 views

Integer Overflow or Wraparound

Overview Magick.NET-Q8-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

8.3CVSS5.9AI score0.00194EPSS
Exploits0References2
Snyk
Snyk
•added 2026/03/12 2:18 a.m.•10 views

Malicious Package

Overview unibody is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/03/11 11:0 p.m.•10 views

Prototype Pollution

Overview graphql-upload-minimal is a Minimalistic and developer friendly middleware and an Upload scalar to add support for GraphQL multipart requests file uploads via queries and mutations to various Node.js GraphQL servers. Affected versions of this package are vulnerable to Prototype Pollution...

9.3CVSS7.5AI score
Exploits0References2
Snyk
Snyk
•added 2026/03/11 10:40 p.m.•10 views

Improper Encoding or Escaping of Output

Overview shescape is a simple shell escape library Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output in the escape function. An attacker can cause unintended expansion of shell arguments by supplying input containing square brackets, which may result in...

6.9CVSS5.8AI score0.00214EPSS
Exploits1References2
Snyk
Snyk
•added 2026/03/11 12:37 a.m.•10 views

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management due to insufficient authorization enforcement when modifying user group memberships. An attacker can gain higher-level privileges by assigning highly privileged roles without proper validation of their own...

8.6CVSS5.8AI score0.00257EPSS
Exploits0References2
Snyk
Snyk
•added 2026/03/10 11:57 p.m.•10 views

Infinite loop

Overview Affected versions of this package are vulnerable to Infinite loop in the FileTypeParser class. This is triggered when the ASF WMV/WMA parser receives input including an ASF sub-header with a size value of 0. An attacker can interrupt service with a 55-byte payload. Remediation Upgrade...

6.9CVSS5.8AI score0.00325EPSS
Exploits0References2
Snyk
Snyk
•added 2026/03/10 11:44 p.m.•10 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the DistSpecAuthzHandler process. An attacker can overwrite an existing latest tag without the required update permission by exploiting the authorization logic that incorrectly treats overwrite attempts as...

8.3CVSS5.8AI score0.00212EPSS
Exploits1References2
Snyk
Snyk
•added 2026/03/10 9:5 p.m.•10 views

Heap-based Buffer Overflow

Overview Magick.NET-Q8-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

8.6CVSS5.9AI score0.00093EPSS
Exploits0References2
Snyk
Snyk
•added 2026/03/10 9:5 p.m.•10 views

Out-of-bounds Write

Overview Magick.NET-Q16-HDRI-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

8.6CVSS6AI score0.00123EPSS
Exploits0References2
Snyk
Snyk
•added 2026/03/10 9:5 p.m.•10 views

Out-of-bounds Write

Overview Magick.NET-Q8-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

8.6CVSS6AI score0.00123EPSS
Exploits0References2
Snyk
Snyk
•added 2026/03/09 9:42 p.m.•10 views

Out-of-bounds Write

Overview Magick.NET-Q16-HDRI-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

9.2CVSS5.8AI score0.00334EPSS
Exploits0References2
Snyk
Snyk
•added 2026/03/09 9:42 p.m.•10 views

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write or read, in ReadDIBImage and WriteDIBImage in the DIB coder, due to an integer overflow. Remediation A fix was pushed into the master branch but not yet published. References - GitHub Commit - Red Hat Bugzilla Bug...

9.2CVSS5.8AI score0.00334EPSS
Exploits0References2
Snyk
Snyk
•added 2026/03/09 9:38 p.m.•10 views

Use After Free

Overview Magick.NET-Q16-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

5.5CVSS5.8AI score0.00193EPSS
Exploits0References2
Snyk
Snyk
•added 2026/03/09 9:38 p.m.•10 views

Use After Free

Overview Magick.NET-Q16-HDRI-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...

5.5CVSS5.8AI score0.00193EPSS
Exploits0References2
Snyk
Snyk
•added 2026/03/06 7:14 a.m.•10 views

Malicious Package

Overview @bytedanc/mona-max is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
•added 2026/03/06 7:14 a.m.•10 views

Malicious Package

Overview prajwalkewat-test-package is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
•added 2026/03/06 7:14 a.m.•10 views

Malicious Package

Overview testinbro is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
•added 2026/03/06 7:14 a.m.•10 views

Malicious Package

Overview vue-cli-plugin-changelog is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
•added 2026/03/06 7:14 a.m.•10 views

Malicious Package

Overview netflixdesign is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
•added 2026/03/06 7:14 a.m.•10 views

Malicious Package

Overview network-web is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
•added 2026/03/06 7:14 a.m.•10 views

Malicious Package

Overview sap-catname is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
•added 2026/03/06 7:14 a.m.•10 views

Malicious Package

Overview mhnumjp is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
•added 2026/03/06 7:14 a.m.•10 views

Malicious Package

Overview gbc-viewer is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
•added 2026/03/05 9:14 p.m.•10 views

Incorrect Authorization

Overview ec-cube/ec-cube is an e-commerce solution. Affected versions of this package are vulnerable to Incorrect Authorization in the admintwofactorauthset process. An attacker can gain unauthorized access to the administrative interface and perform actions such as viewing sensitive information ...

8.6CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/03/05 9:13 p.m.•10 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the loadClusterProps function in the FileConfigStore component. An attacker can exfiltrate sensitive server files by setting imq.cluster.url to an arbitrary local path e.g., file:///etc/passwd and then running...

9.8CVSS6.3AI score0.00616EPSS
Exploits0References2
Snyk
Snyk
•added 2026/03/03 9:6 p.m.•10 views

Template Injection

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Template Injection via the map filter in Twig templates when processing text fields that accept Twig input in the control panel settings or through the System Messages utility. An attacker ca...

8.6CVSS6.1AI score0.00514EPSS
Exploits0References2
Snyk
Snyk
•added 2026/03/03 12:41 a.m.•10 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the exec approval mode on macOS node-hosts when basename-only allowlist entries are configured. An attacker can execute unauthorized local binaries by creating ...

7.8CVSS6AI score0.00122EPSS
Exploits0References2
Snyk
Snyk
•added 2026/03/02 11:33 p.m.•10 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the system.run approvals. An attacker can cause execution of an unintended binary by crafting a command with a trailing-space in the executable token and...

8.8CVSS6.1AI score0.0029EPSS
Exploits0References3
Snyk
Snyk
•added 2026/03/02 9:54 p.m.•10 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the stop triggers and /models command. An attacker can disrupt active sessions and access sensitive model or authentication metadata by sending unauthorized...

6.9CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/02/25 7:12 p.m.•10 views

Out-of-bounds Read

Overview Magick.NET-Q8-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.3CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/02/25 7:12 p.m.•10 views

Out-of-bounds Read

Overview Magick.NET-Q16-HDRI-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.3CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/02/25 6:59 p.m.•10 views

Missing Authorization

Overview parse-dashboard is a The Parse Dashboard for Parse Server Affected versions of this package are vulnerable to Missing Authorization via the agent endpoint. An attacker can gain unauthorized access to other applications' agent endpoints and escalate privileges by modifying the app ID in t...

9.6CVSS5.9AI score0.0022EPSS
Exploits0References2
Snyk
Snyk
•added 2026/02/24 3:27 p.m.•10 views

Out-of-bounds Read

Overview Magick.NET-Q16-HDRI-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...

8.7CVSS6AI score0.00348EPSS
Exploits0References2
Snyk
Snyk
•added 2026/02/19 8:45 p.m.•10 views

Directory Traversal

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Directory Traversal via the applypatch tool when non-sandboxed path resolution fails to enforce workspace containment. An attacker can write or delete files outside the intended workspace...

8.8CVSS6.2AI score0.00742EPSS
Exploits0References2
Snyk
Snyk
•added 2026/02/19 3:18 p.m.•10 views

Cross-site Scripting (XSS)

Overview svelte is a package for building web applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the svelte:element tags. An attacker can inject arbitrary HTML into the server-side rendered output by supplying a crafted tag name. Details Cross-site...

5.5CVSS5.6AI score0.00189EPSS
Exploits0References2
Snyk
Snyk
•added 2026/01/28 4:33 p.m.•10 views

Malicious Package

Overview bytes-guide is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
•added 2026/01/28 4:33 p.m.•10 views

Malicious Package

Overview @douinfe/semi-illustrations is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
•added 2026/01/28 4:33 p.m.•10 views

Malicious Package

Overview finaustt is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
•added 2026/01/28 4:33 p.m.•10 views

Malicious Package

Overview api-cache-worker is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
•added 2026/01/28 7:50 a.m.•10 views

Malicious Package

Overview converse-rn-lib is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
•added 2026/01/27 7:55 p.m.•10 views

Improper Control of Dynamically-Managed Code Resources

Overview @nyariv/sandboxjs is a Javascript sandboxing library. Affected versions of this package are vulnerable to Improper Control of Dynamically-Managed Code Resources via the AsyncFunction constructor not being properly isolated in the sandboxing function. An attacker can execute arbitrary cod...

10CVSS6.2AI score0.01122EPSS
Exploits1References3
Snyk
Snyk
•added 2026/01/23 5:8 a.m.•10 views

Arbitrary Code Injection

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Arbitrary Code Injection via the loadtoolmodulebyid function in the utils/plugin.py file. An attacker can execute arbitrary code in the context of the service account by supplying a crafted string that is not...

8.8CVSS8.6AI score0.27227EPSS
Exploits1References2
Snyk
Snyk
•added 2026/01/21 1:6 a.m.•10 views

Release of Invalid Pointer or Reference

Overview Magick.NET-Q8-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

8.3CVSS5.6AI score
Exploits0References2
Snyk
Snyk
•added 2026/01/21 1:6 a.m.•10 views

Release of Invalid Pointer or Reference

Overview Magick.NET-Q8-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

8.3CVSS5.6AI score
Exploits0References2
Snyk
Snyk
•added 2026/01/21 1:0 a.m.•10 views

Insufficiently Protected Credentials

Overview @anthropic-ai/claude-code is an Use Claude, Anthropic's AI assistant, right from your terminal. Claude can understand your codebase, edit files, run terminal commands, and handle entire workflows for you. Affected versions of this package are vulnerable to Insufficiently Protected...

7.5CVSS6.1AI score0.2297EPSS
Exploits2References2
Snyk
Snyk
•added 2026/01/20 12:48 a.m.•10 views

Release of Invalid Pointer or Reference

Overview Magick.NET-Q16-HDRI-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

9.8CVSS5.7AI score0.00336EPSS
Exploits0References2
Snyk
Snyk
•added 2026/01/07 7:20 p.m.•10 views

Improper Validation of Specified Type of Input

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input that is passed to the handleFormData function. An attacker can gain unauthorized access to files on the underlying server by requests with unexpected...

10CVSS7.2AI score0.71647EPSS
Exploits18References2
Snyk
Snyk
•added 2025/12/16 10:32 p.m.•10 views

Malicious Package

Overview onchain-commerce-template is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
•added 2025/12/10 6:30 p.m.•10 views

Improper Resource Shutdown or Release

Overview org.jenkins-ci.main:jenkins-core is an open source automation server. Affected versions of this package are vulnerable to Improper Resource Shutdown or Release via the HTTP-based CLI connections. An attacker can cause the service to become unavailable by sending corrupted connection...

8.7CVSS6.8AI score0.00515EPSS
Exploits0References2
Total number of security vulnerabilities5000