Lucene search
K
SnykMost viewed

35345 matches found

Snyk
Snyk
added 2026/06/10 6:43 a.m.9 views

Malicious Package

Overview xnder-sdk is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2026/06/10 12:0 a.m.9 views

Incorrect Authorization

Overview org.springframework.graphql:spring-graphql is a GraphQL Support for Spring Applications Affected versions of this package are vulnerable to Incorrect Authorization via annotation resolution for @Controller data fetchers in Spring GraphQL. An attacker can bypass authorization checks when...

8.3CVSS5.3AI score0.00352EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/10 12:0 a.m.9 views

Replay Attack

Overview Affected versions of this package are vulnerable to Replay Attack due to the Wss4jSecurityInterceptor class in Wss4jSecurityInterceptor.java not consistently wiring configured Apache WSS4J ReplayCache instances into RequestData for validation-time checks. As a result, replay protections...

6.3CVSS5.4AI score0.00223EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/10 12:0 a.m.9 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure due to the Spring Security integration paths in SpringSecurityUtils.checkUserValidity, SpringSecurityPasswordValidationCallbackHandler, and X509AuthenticationProvider, which surface account status exceptions such as...

6.9CVSS5.4AI score0.00366EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/10 12:0 a.m.9 views

Insecure Defaults

Overview Affected versions of this package are vulnerable to Insecure Defaults due to the Wss4jSecurityInterceptor class in Wss4jSecurityInterceptor.java initializing its bspCompliant flag to false, so inbound validation always calls RequestData.setDisableBSPEnforcementtrue and disables WSS4J's...

8.8CVSS5.4AI score0.00229EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/09 8:31 p.m.9 views

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the handling of raw data arguments in IMAP commands id and enable. An attacker can inject arbitrary IMAP commands by supplying specially crafted input containing CRLF sequences as arguments. This may allo...

5.9CVSS6.2AI score0.00131EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/09 6:33 p.m.9 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the QUIC stack, when flooded with PATHCHALLENGE frames. A malicious remote peer can exhaust heap memory and terminate a QUIC client or server. Remediation Upgrade openssl to versio...

8.7CVSS7.1AI score0.00511EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/09 6:32 p.m.9 views

Missing Cryptographic Step

Overview Affected versions of this package are vulnerable to Missing Cryptographic Step in the AES-SIV RFC 5297 and AES-GCM-SIV RFC 8452 provider cipher implementations. An attacker can forge an empty message with arbitrary AAD under a key they do not know, because the expected tag is computed on...

8.2CVSS7.2AI score0.0021EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/09 6:32 p.m.9 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in OSSLCRMFENCRYPTEDVALUEdecrypt. An attacker in a MitM position can return a CRMF CertRepMessage whose EncryptedValue carries a symmAlg field with an algorithm OID but no parameters, dereferencing NULL when the...

8.2CVSS7.1AI score0.00349EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/09 5:5 p.m.9 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. An attacker can exhaust system resources by sending specially crafted requests over the network, resulting in service unavailability for legitimate users. Remediation Upgrade...

8.7CVSS5.3AI score0.0243EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/09 5:5 p.m.9 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. An attacker can exhaust system resources by sending specially crafted requests over the network, resulting in service unavailability for legitimate users. Remediation Upgrade...

8.7CVSS5.3AI score0.0243EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/09 5:4 p.m.9 views

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack via improper link resolution before file access. An attacker can modify local files by exploiting symbolic links to redirect file operations to unintended locations. Remediation Upgrade Microsoft.NetCore.App.Runtime.win-x...

6.9CVSS5.3AI score0.00388EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/09 4:48 p.m.9 views

Malicious Package

Overview comos-sdk is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.5AI score
Exploits0References2
Snyk
Snyk
added 2026/06/09 10:23 a.m.9 views

Arbitrary File Upload

Overview Affected versions of this package are vulnerable to Arbitrary File Upload through the image decoding process. An attacker can cause the server process to crash by uploading a specially crafted TIFF file that triggers excessive memory allocation. Remediation Upgrade...

7.1CVSS5.4AI score0.00479EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/09 12:0 a.m.9 views

Deserialization of Untrusted Data

Overview org.springframework.security:spring-security-saml2-service-provider is a security component for the Spring Framework. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via deserialization of credential data stored in JdbcAssertingPartyMetadataRepositor...

7.3CVSS6.1AI score0.00198EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/08 11:2 p.m.9 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to unbounded nesting of composite buffers in the SCTP message reassembly process. An attacker can exhaust system memory and cause a denial of service by sending a large number of...

8.7CVSS5.7AI score0.0038EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/08 11:2 p.m.9 views

Insufficient Verification of Data Authenticity

Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity due to missing validation of the origin of CNAME records in DNS responses within the DnsResolveContext function. An attacker can inject unauthorized DNS records by supplying malicious DNS...

10CVSS5.5AI score0.00224EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/08 11:2 p.m.9 views

Generation of Predictable Numbers or Identifiers

Overview Affected versions of this package are vulnerable to Generation of Predictable Numbers or Identifiers due to the use of a predictable pseudo-random number generator for DNS transaction IDs and a default static UDP source port in the DNS resolution process. An attacker can redirect network...

6.9CVSS5.5AI score0.00256EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/08 7:2 p.m.9 views

Insecure Default Initialization of Resource

Overview Affected versions of this package are vulnerable to Insecure Default Initialization of Resource due to the lack of an enforced maximum header size limit in the default configuration of the Http3ConnectionHandler. An attacker can exhaust server memory and cause application crashes by...

8.7CVSS5.5AI score0.00279EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/08 7:2 p.m.9 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the decodeLength function. An attacker can exhaust the server's direct memory pool by sending continuous streams of digits without a terminating \r\n across multiple concurren...

8.7CVSS5.5AI score0.0038EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/08 7:1 p.m.9 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS in the RedisArrayAggregator function. An attacker can exhaust system memory by sending specially crafted Redis payloads containing deeply nested arrays, resulting in allocation of excessive state objects and...

8.7CVSS5.5AI score0.0038EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/08 7:0 p.m.9 views

Incorrect Comparison

Overview io.netty:netty-handler is a library that provides an asynchronous event-driven network application framework and tools for rapid development of maintainable high performance and high scalability protocol servers and clients. In other words, Netty is a NIO client server framework which...

9.2CVSS5.5AI score0.00573EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/08 2:15 a.m.9 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the denied function. An attacker can access arbitrary files on the server by supplying crafted input to the filename argument. Details A Directory Traversal attack also known as path traversal aims to access file...

6.5CVSS7.2AI score0.00301EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/08 12:0 a.m.9 views

Incorrect Authorization

Amendment This was deemed not a vulnerability. Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Incorrect Authorization via the partialImport feature. An...

8.6CVSS6AI score0.00329EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/08 12:0 a.m.9 views

Allocation of Resources Without Limits or Throttling

Overview org.springframework:spring-webflux is a Spring Framework module that contains support for reactive HTTP and WebSocket clients as well as for reactive server web applications including REST, HTML browser, and WebSocket style interactions. Affected versions of this package are vulnerable t...

8.2CVSS5.5AI score0.00399EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/08 12:0 a.m.9 views

Incorrect Implementation of Authentication Algorithm

Overview org.springframework.ldap:spring-ldap-core is a maven plugin for LDAP for Sping. Affected versions of this package are vulnerable to Incorrect Implementation of Authentication Algorithm via LDAP authentication handling in DirContextAuthenticationStrategy implementations. An attacker can...

8.9CVSS5.5AI score0.00257EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/08 12:0 a.m.9 views

Allocation of Resources Without Limits or Throttling

Overview org.springframework:spring-core is a core package within the spring-framework that contains multiple classes and utilities. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via caching of parsed Spring Expression Language SpEL...

8.2CVSS5.5AI score0.0036EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/08 12:0 a.m.9 views

Inefficient Algorithmic Complexity

Overview Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity via evaluation of user-controlled Spring Expression Language SpEL expressions. An attacker can cause denial of service by supplying specially crafted SpEL expressions that trigger excessive CPU or memo...

8.7CVSS5.4AI score0.0036EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/08 12:0 a.m.9 views

Session Fixation

Overview org.springframework:spring-web is a package that provides a comprehensive programming and configuration model for modern Java-based enterprise applications - on any kind of deployment platform. Affected versions of this package are vulnerable to Session Fixation via session fixation...

6.5CVSS5.3AI score0.00197EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/08 12:0 a.m.9 views

Directory Traversal

Overview org.springframework:spring-webflux is a Spring Framework module that contains support for reactive HTTP and WebSocket clients as well as for reactive server web applications including REST, HTML browser, and WebSocket style interactions. Affected versions of this package are vulnerable t...

8.2CVSS6.3AI score0.00341EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/08 12:0 a.m.9 views

Exposed Dangerous Method or Function

Overview Affected versions of this package are vulnerable to Exposed Dangerous Method or Function via Spring Expression Language SpEL method invocation handling. An attacker can invoke arbitrary zero-argument methods by supplying crafted SpEL expressions, even in contexts intended to restrict...

6.9CVSS5.7AI score0.00164EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/08 12:0 a.m.9 views

Missing Release of Memory after Effective Lifetime

Overview org.springframework:spring-web is a package that provides a comprehensive programming and configuration model for modern Java-based enterprise applications - on any kind of deployment platform. Affected versions of this package are vulnerable to Missing Release of Memory after Effective...

8.2CVSS5.5AI score0.00247EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/06 9:0 p.m.9 views

Embedded Malicious Code

Overview embiggen is a graph machine learning submodule of the 🍇 GRAPE library. Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Shai-Hulud / Miasma software supply chain campaign, a large scale operation that ha...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/06/06 9:0 p.m.9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Shai-Hulud / Miasma software supply chain campaign, a large scale operation that has affected numerous packages across open source ecosystems. The malicio...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/06/06 9:0 p.m.9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Shai-Hulud / Miasma software supply chain campaign, a large scale operation that has affected numerous packages across open source ecosystems. The malicio...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/06/06 9:0 p.m.9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Shai-Hulud / Miasma software supply chain campaign, a large scale operation that has affected numerous packages across open source ecosystems. The malicio...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/06/06 9:0 p.m.9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Shai-Hulud / Miasma software supply chain campaign, a large scale operation that has affected numerous packages across open source ecosystems. The malicio...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/06/06 9:0 p.m.9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Shai-Hulud / Miasma software supply chain campaign, a large scale operation that has affected numerous packages across open source ecosystems. The malicio...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/06/06 9:0 p.m.9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Shai-Hulud / Miasma software supply chain campaign, a large scale operation that has affected numerous packages across open source ecosystems. The malicio...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/06/06 9:0 p.m.9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Shai-Hulud / Miasma software supply chain campaign, a large scale operation that has affected numerous packages across open source ecosystems. The malicio...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/06/05 9:43 p.m.9 views

Authorization Bypass Through User-Controlled Key

Overview bugsink is a Self-hosted Error Tracking Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the event lookup process. An attacker can access unauthorized event data by providing a valid event UUID belonging to another project. Note: Thi...

3.1CVSS5.5AI score0.00154EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/05 9:15 p.m.9 views

Untrusted Search Path

Overview Affected versions of this package are vulnerable to Untrusted Search Path in the GlobalAuroraPgDatabaseDialect, which is included in the public schema. A low-privileged user can elevate privileges to rdssuperuser by creating a malicious function that executes when another user connects t...

8.6CVSS5.4AI score0.00305EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/05 8:7 p.m.9 views

Malicious Package

Overview cookie-parser-legacy is a malicious package. This package contains malicious code that uses another malicious package moustick Snyk Advisory as a dependency to fetch a remote payload from attacker-controlled URL https://www.jsonkeeper.com/b/MYUKZ. The payload is designed to extract...

9.8CVSS5.6AI score
Exploits0References2
Snyk
Snyk
added 2026/06/05 4:46 p.m.9 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the SquashFS ReadBlock function. An attacker can cause disclosure of heap memory contents by providing a specially crafted SquashFS archive with a manipulated node.Offset value, which bypasses fragment bounds check...

8.1CVSS5.4AI score0.00324EPSS
Exploits1References3
Snyk
Snyk
added 2026/06/05 2:1 p.m.9 views

Malicious Package

Overview react-ui-polyfills is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.5AI score
Exploits0References2
Snyk
Snyk
added 2026/06/05 10:17 a.m.9 views

Arbitrary Argument Injection

Overview ansible-core is an a radically simple IT automation system. It handles configuration management, application deployment, cloud provisioning, ad-hoc task execution, network automation, and multi-node orchestration. Ansible makes complex changes like zero-downtime rolling updates with load...

8.4CVSS6.5AI score0.00156EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/04 9:0 p.m.9 views

Arbitrary Command Injection

Overview stata-mcp is a Let LLM help you achieve your regression analysis with Stata Affected versions of this package are vulnerable to Arbitrary Command Injection via the logfilename parameter in the Stata command wrapper. An attacker can execute arbitrary commands and write files outside the...

9.8CVSS6.1AI score0.00629EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/04 6:46 p.m.9 views

CSV Injection

Overview Affected versions of this package are vulnerable to CSV Injection via the CSV Presenter export. An attacker can execute arbitrary spreadsheet formulas by registering with crafted input values, which are then exported and opened by an administrator in spreadsheet software. This can result...

7.9CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 2026/06/04 6:17 p.m.9 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the replace-resolve path. An attacker can execute arbitrary code by submitting specially crafted serialized data that bypasses class registration, TypeChecker, and DisallowedList checks, leading to t...

9.3CVSS5.9AI score0.0052EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/04 2:38 p.m.9 views

Uncontrolled Recursion

Overview strawberry-graphql is an A library for creating GraphQL APIs Affected versions of this package are vulnerable to Uncontrolled Recursion in the determinedepth function when processing GraphQL queries containing circular fragment references. An attacker can exhaust server CPU resources and...

6.9CVSS5.5AI score0.00296EPSS
Exploits1References2
Total number of security vulnerabilities5000