Lucene search
K
SnykMost viewed

35345 matches found

Snyk
Snyk
•added 2026/05/31 9:0 p.m.•9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to the "Miasma" supply chain attack targeting the @redhat-cloud-services npm namespace. A malicious actor compromised the publication pipeline and published versions containing malicious code that includes...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/31 9:0 p.m.•9 views

Malicious Package

Overview @car-loans/wait-task-props is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/31 9:0 p.m.•9 views

Malicious Package

Overview @cloudplatform-single-spa/virtual-machines is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/31 9:0 p.m.•9 views

Malicious Package

Overview @cloudplatform-single-spa/vpc-endpoint is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/31 9:0 p.m.•9 views

Malicious Package

Overview @cloudplatform-single-spa/dataplatform-cloudberry is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/31 9:0 p.m.•9 views

Malicious Package

Overview @cloudplatform-single-spa/rabbitmq is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/31 9:0 p.m.•9 views

Malicious Package

Overview @cloudplatform-single-spa/paas-kafka is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization a...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/31 9:0 p.m.•9 views

Malicious Package

Overview @cloudplatform-single-spa/svp-bare-metal-servers is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/31 9:0 p.m.•9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to the "Miasma" supply chain attack targeting the @redhat-cloud-services npm namespace. A malicious actor compromised the publication pipeline and published versions containing malicious code that includes...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/31 9:0 p.m.•9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to the "Miasma" supply chain attack targeting the @redhat-cloud-services npm namespace. A malicious actor compromised the publication pipeline and published versions containing malicious code that includes...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/31 9:0 p.m.•9 views

Malicious Package

Overview @cloudplatform-single-spa/search is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/31 9:0 p.m.•9 views

Malicious Package

Overview @cloudplatform-single-spa/ml-ai-agents-evo-claw is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/31 9:0 p.m.•9 views

Malicious Package

Overview @car-loans/show-car-year-module is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and th...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/31 9:0 p.m.•9 views

Malicious Package

Overview Sicoob-Cooperativa.Sicoob.Poupanca is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/31 9:0 p.m.•9 views

Malicious Package

Overview Sicoob-Cooperativa.Sicoob.SpbTransferencias is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/31 9:0 p.m.•9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to the "Miasma" supply chain attack targeting the @redhat-cloud-services npm namespace. A malicious actor compromised the publication pipeline and published versions containing malicious code that includes...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/31 9:0 p.m.•9 views

Malicious Package

Overview @cloudplatform-single-spa/dataplatform-clusters is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/31 9:0 p.m.•9 views

Malicious Package

Overview @mlspace/dtransfer is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/31 9:0 p.m.•9 views

Malicious Package

Overview @cloudplatform-single-spa/airflow is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/31 9:0 p.m.•9 views

Malicious Package

Overview @cloudplatform-single-spa/virtual-ip is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization a...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/31 9:0 p.m.•9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to the "Miasma" supply chain attack targeting the @redhat-cloud-services npm namespace. A malicious actor compromised the publication pipeline and published versions containing malicious code that includes...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/31 9:0 p.m.•9 views

Malicious Package

Overview @cloudplatform-single-spa/ml-finetuning is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organizatio...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/31 9:0 p.m.•9 views

Malicious Package

Overview @cloudplatform-single-spa/svp-vm-migration is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/31 9:0 p.m.•9 views

Malicious Package

Overview @cloudplatform-single-spa/serverless-containers is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/31 9:0 p.m.•9 views

Malicious Package

Overview @cloudplatform-single-spa/svp-managed-kubernetes is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/31 9:0 p.m.•9 views

Malicious Package

Overview @cloudplatform-single-spa/pangolin is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/31 9:0 p.m.•9 views

Malicious Package

Overview @cloudplatform-single-spa/notification-gateway is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/31 9:0 p.m.•9 views

Malicious Package

Overview @cloudplatform-single-spa/mlspace-access-request is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/31 9:0 p.m.•9 views

Malicious Package

Overview @car-loans/save is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/29 11:52 p.m.•9 views

Malicious Package

Overview @t-in-one/prefilltransformersdatatoken is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/29 10:54 p.m.•9 views

Malicious Package

Overview @cloudplatform-single-spa/dataplatform-trino is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/29 10:30 p.m.•9 views

Missing Authorization

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

8.7CVSS5.5AI score0.00075EPSS
Exploits0References3
Snyk
Snyk
•added 2026/05/29 10:29 p.m.•9 views

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview praisonaiagents is a Praison AI agents for completing complex tasks with Self Reflection Agents Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere via the direct-prompt CLI. An attacker can access sensitive local...

6.9CVSS5.5AI score0.00014EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/29 10:26 p.m.•9 views

Unsafe Dependency Resolution

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

6.8CVSS6AI score0.00102EPSS
Exploits0References3
Snyk
Snyk
•added 2026/05/29 10:9 p.m.•9 views

Malicious Package

Overview hardhat-evmchain is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/29 10:6 p.m.•9 views

Incorrect Authorization

Overview admidio/admidio is a free open source user management system for websites of organizations and groups. Affected versions of this package are vulnerable to Incorrect Authorization in the movesave process. An attacker can gain unauthorized access to confidential files and alter their...

8.6CVSS5.8AI score0.00032EPSS
Exploits0References3
Snyk
Snyk
•added 2026/05/29 10:5 p.m.•9 views

Incorrect Authorization

Overview admidio/admidio is a free open source user management system for websites of organizations and groups. Affected versions of this package are vulnerable to Incorrect Authorization through insufficient authorization checks in the renameFile process. An attacker can modify file names and...

7.1CVSS5.8AI score0.00029EPSS
Exploits0References3
Snyk
Snyk
•added 2026/05/29 10:4 p.m.•9 views

Malicious Package

Overview @cplace-workflow-fe/cf-workflow is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and th...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/29 10:3 p.m.•9 views

Malicious Package

Overview evmchain-config is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/29 10:2 p.m.•9 views

Malicious Package

Overview material-ui-plugin-cache-endpoint is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/29 10:2 p.m.•9 views

Malicious Package

Overview @breezeai-frontend/cargo-ui is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/29 10:2 p.m.•9 views

Malicious Package

Overview @timelycare/common is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/29 9:14 p.m.•9 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the decoding process. An attacker can cause application crashes or bypass memory allocation limits by supplying specially crafted Avro data that exploits integer arithmetic errors during decoding...

8.7CVSS5.8AI score0.00397EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/29 9:14 p.m.•9 views

Infinite loop

Overview Affected versions of this package are vulnerable to Infinite loop through the Avro Decoder process. An attacker can exhaust CPU resources by providing a specially crafted payload with a large block-count value, causing the decoder to perform excessive iterations before propagating an...

8.7CVSS5.8AI score0.00378EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/29 8:18 p.m.•9 views

Allocation of Resources Without Limits or Throttling

Overview zeroconf is a Pure Python Multicast DNS Service Discovery Library Bonjour/Avahi compatible Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the DNSCache.asyncadd. Any unauthenticated host on the local link can exhaust system...

7.1CVSS5.8AI score0.00023EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/29 8:9 p.m.•9 views

Uncontrolled Recursion

Overview zeroconf is a Pure Python Multicast DNS Service Discovery Library Bonjour/Avahi compatible Affected versions of this package are vulnerable to Uncontrolled Recursion via the DNSIncoming.decodelabelsatoffset function. An attacker can cause excessive CPU consumption and log flooding by...

7.1CVSS5.8AI score0.0002EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/29 7:56 p.m.•9 views

Server-side Request Forgery (SSRF)

Overview phanan/koel is a personal audio streaming service. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the processing of unvalidated enclosure URLs in podcast episode feeds. An attacker can access sensitive internal resources and exfiltrate data by...

7.7CVSS5.8AI score0.00263EPSS
Exploits0References2
Snyk
Snyk
•added 2026/05/29 7:55 p.m.•9 views

Asymmetric Resource Consumption (Amplification)

Overview Nerdbank.MessagePack is an A modern, fast and NativeAOT-compatible MessagePack serialization library Affected versions of this package are vulnerable to Asymmetric Resource Consumption Amplification in the deserialization of collection-shaped types, where the element count from MessagePa...

6.9CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/29 7:43 p.m.•9 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the parsing of maliciously crafted Git repository data, such as .pack, .idx, or loose objects. An attacker can cause the application to panic by providing a payload that excee...

6.9CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/05/29 7:18 p.m.•9 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection in the path query parameter of the volume browser endpoint, which is passed unsanitized to a shell command. An attacker can execute arbitrary commands within the helper container by injecting shell metacharacters into...

6.3CVSS6AI score0.0021EPSS
Exploits0References2
Total number of security vulnerabilities5000