Lucene search
K
SnykMost viewed

35353 matches found

Snyk
Snyk
added 2026/06/08 7:2 p.m.9 views

Insecure Default Initialization of Resource

Overview Affected versions of this package are vulnerable to Insecure Default Initialization of Resource due to the lack of an enforced maximum header size limit in the default configuration of the Http3ConnectionHandler. An attacker can exhaust server memory and cause application crashes by...

8.7CVSS5.5AI score0.00279EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/08 7:2 p.m.9 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the decodeLength function. An attacker can exhaust the server's direct memory pool by sending continuous streams of digits without a terminating \r\n across multiple concurren...

8.7CVSS5.5AI score0.0038EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/08 7:1 p.m.9 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS in the RedisArrayAggregator function. An attacker can exhaust system memory by sending specially crafted Redis payloads containing deeply nested arrays, resulting in allocation of excessive state objects and...

8.7CVSS5.5AI score0.0038EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/08 7:0 p.m.9 views

Incorrect Comparison

Overview io.netty:netty-handler is a library that provides an asynchronous event-driven network application framework and tools for rapid development of maintainable high performance and high scalability protocol servers and clients. In other words, Netty is a NIO client server framework which...

9.2CVSS5.5AI score0.00573EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/08 2:15 a.m.9 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the denied function. An attacker can access arbitrary files on the server by supplying crafted input to the filename argument. Details A Directory Traversal attack also known as path traversal aims to access file...

6.5CVSS7.2AI score0.00301EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/08 12:0 a.m.9 views

Incorrect Authorization

Amendment This was deemed not a vulnerability. Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Incorrect Authorization via the partialImport feature. An...

8.6CVSS6AI score0.00329EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/08 12:0 a.m.9 views

Allocation of Resources Without Limits or Throttling

Overview org.springframework:spring-webflux is a Spring Framework module that contains support for reactive HTTP and WebSocket clients as well as for reactive server web applications including REST, HTML browser, and WebSocket style interactions. Affected versions of this package are vulnerable t...

8.2CVSS5.5AI score0.00399EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/08 12:0 a.m.9 views

Incorrect Implementation of Authentication Algorithm

Overview org.springframework.ldap:spring-ldap-core is a maven plugin for LDAP for Sping. Affected versions of this package are vulnerable to Incorrect Implementation of Authentication Algorithm via LDAP authentication handling in DirContextAuthenticationStrategy implementations. An attacker can...

8.9CVSS5.5AI score0.00257EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/08 12:0 a.m.9 views

Allocation of Resources Without Limits or Throttling

Overview org.springframework:spring-core is a core package within the spring-framework that contains multiple classes and utilities. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via caching of parsed Spring Expression Language SpEL...

8.2CVSS5.5AI score0.0036EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/08 12:0 a.m.9 views

Inefficient Algorithmic Complexity

Overview Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity via evaluation of user-controlled Spring Expression Language SpEL expressions. An attacker can cause denial of service by supplying specially crafted SpEL expressions that trigger excessive CPU or memo...

8.7CVSS5.4AI score0.0036EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/08 12:0 a.m.9 views

Session Fixation

Overview org.springframework:spring-web is a package that provides a comprehensive programming and configuration model for modern Java-based enterprise applications - on any kind of deployment platform. Affected versions of this package are vulnerable to Session Fixation via session fixation...

6.5CVSS5.3AI score0.00197EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/08 12:0 a.m.9 views

Directory Traversal

Overview org.springframework:spring-webflux is a Spring Framework module that contains support for reactive HTTP and WebSocket clients as well as for reactive server web applications including REST, HTML browser, and WebSocket style interactions. Affected versions of this package are vulnerable t...

8.2CVSS6.3AI score0.00341EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/08 12:0 a.m.9 views

Exposed Dangerous Method or Function

Overview Affected versions of this package are vulnerable to Exposed Dangerous Method or Function via Spring Expression Language SpEL method invocation handling. An attacker can invoke arbitrary zero-argument methods by supplying crafted SpEL expressions, even in contexts intended to restrict...

6.9CVSS5.7AI score0.00164EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/08 12:0 a.m.9 views

Missing Release of Memory after Effective Lifetime

Overview org.springframework:spring-web is a package that provides a comprehensive programming and configuration model for modern Java-based enterprise applications - on any kind of deployment platform. Affected versions of this package are vulnerable to Missing Release of Memory after Effective...

8.2CVSS5.5AI score0.00247EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/06 9:0 p.m.9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Shai-Hulud / Miasma software supply chain campaign, a large scale operation that has affected numerous packages across open source ecosystems. The malicio...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/06/06 9:0 p.m.9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Shai-Hulud / Miasma software supply chain campaign, a large scale operation that has affected numerous packages across open source ecosystems. The malicio...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/06/06 9:0 p.m.9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Shai-Hulud / Miasma software supply chain campaign, a large scale operation that has affected numerous packages across open source ecosystems. The malicio...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/06/06 9:0 p.m.9 views

Embedded Malicious Code

Overview embiggen is a graph machine learning submodule of the 🍇 GRAPE library. Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Shai-Hulud / Miasma software supply chain campaign, a large scale operation that ha...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/06/06 9:0 p.m.9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Shai-Hulud / Miasma software supply chain campaign, a large scale operation that has affected numerous packages across open source ecosystems. The malicio...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/06/06 9:0 p.m.9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Shai-Hulud / Miasma software supply chain campaign, a large scale operation that has affected numerous packages across open source ecosystems. The malicio...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/06/06 9:0 p.m.9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Shai-Hulud / Miasma software supply chain campaign, a large scale operation that has affected numerous packages across open source ecosystems. The malicio...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/06/06 9:0 p.m.9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Shai-Hulud / Miasma software supply chain campaign, a large scale operation that has affected numerous packages across open source ecosystems. The malicio...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/06/05 9:43 p.m.9 views

Authorization Bypass Through User-Controlled Key

Overview bugsink is a Self-hosted Error Tracking Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the event lookup process. An attacker can access unauthorized event data by providing a valid event UUID belonging to another project. Note: Thi...

3.1CVSS5.5AI score0.00154EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/05 9:15 p.m.9 views

Untrusted Search Path

Overview Affected versions of this package are vulnerable to Untrusted Search Path in the GlobalAuroraPgDatabaseDialect, which is included in the public schema. A low-privileged user can elevate privileges to rdssuperuser by creating a malicious function that executes when another user connects t...

8.6CVSS5.4AI score0.00305EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/05 8:7 p.m.9 views

Malicious Package

Overview cookie-parser-legacy is a malicious package. This package contains malicious code that uses another malicious package moustick Snyk Advisory as a dependency to fetch a remote payload from attacker-controlled URL https://www.jsonkeeper.com/b/MYUKZ. The payload is designed to extract...

9.8CVSS5.6AI score
Exploits0References2
Snyk
Snyk
added 2026/06/05 4:46 p.m.9 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the SquashFS ReadBlock function. An attacker can cause disclosure of heap memory contents by providing a specially crafted SquashFS archive with a manipulated node.Offset value, which bypasses fragment bounds check...

8.1CVSS5.4AI score0.00324EPSS
Exploits1References3
Snyk
Snyk
added 2026/06/05 4:22 p.m.9 views

Authorization Bypass Through User-Controlled Key

Overview nocodb is a NocoDB Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the readAttachment tool. An attacker can access files in the shared storage belonging to other users by supplying a known attachment path and a valid MCP token...

3.5CVSS5.3AI score0.00209EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/05 2:1 p.m.9 views

Malicious Package

Overview react-ui-polyfills is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.5AI score
Exploits0References2
Snyk
Snyk
added 2026/06/05 10:17 a.m.9 views

Arbitrary Argument Injection

Overview ansible-core is an a radically simple IT automation system. It handles configuration management, application deployment, cloud provisioning, ad-hoc task execution, network automation, and multi-node orchestration. Ansible makes complex changes like zero-downtime rolling updates with load...

8.4CVSS6.5AI score0.00156EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/04 9:0 p.m.9 views

Arbitrary Command Injection

Overview stata-mcp is a Let LLM help you achieve your regression analysis with Stata Affected versions of this package are vulnerable to Arbitrary Command Injection via the logfilename parameter in the Stata command wrapper. An attacker can execute arbitrary commands and write files outside the...

9.8CVSS6.1AI score0.00629EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/04 6:46 p.m.9 views

CSV Injection

Overview Affected versions of this package are vulnerable to CSV Injection via the CSV Presenter export. An attacker can execute arbitrary spreadsheet formulas by registering with crafted input values, which are then exported and opened by an administrator in spreadsheet software. This can result...

7.9CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 2026/06/04 6:17 p.m.9 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the replace-resolve path. An attacker can execute arbitrary code by submitting specially crafted serialized data that bypasses class registration, TypeChecker, and DisallowedList checks, leading to t...

9.3CVSS5.9AI score0.0052EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/04 2:38 p.m.9 views

Uncontrolled Recursion

Overview strawberry-graphql is an A library for creating GraphQL APIs Affected versions of this package are vulnerable to Uncontrolled Recursion in the determinedepth function when processing GraphQL queries containing circular fragment references. An attacker can exhaust server CPU resources and...

6.9CVSS5.5AI score0.00296EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/04 2:25 p.m.9 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the GraphQL API Endpoint that lacks depth limiting and complexity analysis for SQL queries. An attacker can cause excessive resource consumption by sending specially crafted reques...

5.3CVSS5.5AI score0.0031EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/04 2:24 p.m.9 views

Regular Expression Denial of Service (ReDoS)

Overview org.webjars.npm:axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the read function when attacker-controlled input is used as the cookie name parameter, which is interpolated...

7.5CVSS5.5AI score0.00622EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/04 2:19 p.m.9 views

Insertion of Sensitive Information Into Sent Data

Overview org.webjars.npm:axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data in the setProxy function. An attacker can obtain proxy credentials by inducing a redirect from an HTTP...

8.2CVSS5.4AI score0.00664EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/04 12:25 p.m.9 views

Use of Weak Hash

Overview ms-swift is a Swift: Scalable lightWeight Infrastructure for Fine-Tuning Affected versions of this package are vulnerable to Use of Weak Hash in the Template.savepilimage function in swift/template/base.py. An attacker can exploit a weakness in cache key integrity to tamper with the...

4.8CVSS5.5AI score0.00075EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/04 6:15 a.m.9 views

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free due to missing handler call depth tracking in the processing of XMLGetBuffer, XMLParse, XMLParseBuffer, XMLParserFree, or XMLParserReset from within handlers when a policy violation occurs. An attacker can cause memory...

5.9CVSS6AI score0.00218EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/03 9:15 p.m.9 views

External Control of File Name or Path

Overview docling-core is an A python library to define and validate data types in Docling. Affected versions of this package are vulnerable to External Control of File Name or Path in the pilimage function, when handling image reference URIs. An attacker can access local files using the file://...

8.1CVSS5.5AI score0.0004EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/03 9:0 p.m.9 views

Malicious Package

Overview midcorp is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.5AI score
Exploits0References2
Snyk
Snyk
added 2026/06/03 9:0 p.m.9 views

Malicious Package

Overview node-background-invoker-v2 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.5AI score
Exploits0References2
Snyk
Snyk
added 2026/06/03 9:0 p.m.9 views

Malicious Package

Overview stackus is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.5AI score
Exploits0References2
Snyk
Snyk
added 2026/06/03 9:0 p.m.9 views

Malicious Package

Overview chai-val is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.5AI score
Exploits0References2
Snyk
Snyk
added 2026/06/03 9:0 p.m.9 views

Malicious Package

Overview chai-as-belonged is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.5AI score
Exploits0References2
Snyk
Snyk
added 2026/06/03 9:0 p.m.9 views

Malicious Package

Overview chai-as-launched is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.5AI score
Exploits0References2
Snyk
Snyk
added 2026/06/03 9:0 p.m.9 views

Malicious Package

Overview react-cleaner is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.5AI score
Exploits0References2
Snyk
Snyk
added 2026/06/03 3:6 p.m.9 views

Permissive Regular Expression

Overview Affected versions of this package are vulnerable to Permissive Regular Expression in the use of re.match to verify alloworiginpat values. This allows an attacker to bypass intended CORS restrictions and gain unauthorized access to sensitive API responses. Code execution is possible by...

8.8CVSS6.5AI score0.00197EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/03 2:29 p.m.9 views

Unchecked Input for Loop Condition

Overview Affected versions of this package are vulnerable to Unchecked Input for Loop Condition via the unicodedata.normalize function. An attacker can cause excessive CPU consumption by submitting specially crafted Unicode input, potentially leading to service disruption. Remediation A fix was...

6.9CVSS5.5AI score0.00492EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/03 8:24 a.m.9 views

Improper Output Neutralization for Logs

Overview morgan is a HTTP request logger middleware for node.js. Affected versions of this package are vulnerable to Improper Output Neutralization for Logs via the :remote-user token, which extracts the Basic auth username from the Authorization header and writes it to the log stream without...

6.9CVSS5.5AI score0.00246EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/03 2:7 a.m.9 views

Improper Resource Shutdown or Release

Overview dask is a Parallel PyData with Task Scheduling Affected versions of this package are vulnerable to Improper Resource Shutdown or Release through the computehllarray function in the HLL Handler component. An attacker can cause excessive resource consumption by remotely invoking this...

3.1CVSS5.3AI score0.00287EPSS
Exploits0References2
Total number of security vulnerabilities5000