Lucene search
K
SnykMost viewed

35749 matches found

Snyk
Snyk
added 2026/06/16 9:0 p.m.9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. An attacker using the npm account ehindero hijacked the @mastra npm organization and, in a roughly 30–45 minute burst starting around 01:12 UTC, republished the entire @mastra catalog. The Mastra source code was...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/06/16 9:0 p.m.9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. An attacker using the npm account ehindero hijacked the @mastra npm organization and, in a roughly 30–45 minute burst starting around 01:12 UTC, republished the entire @mastra catalog. The Mastra source code was...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/06/16 9:0 p.m.9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. An attacker using the npm account ehindero hijacked the @mastra npm organization and, in a roughly 30–45 minute burst starting around 01:12 UTC, republished the entire @mastra catalog. The Mastra source code was...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/06/16 9:0 p.m.9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. An attacker using the npm account ehindero hijacked the @mastra npm organization and, in a roughly 30–45 minute burst starting around 01:12 UTC, republished the entire @mastra catalog. The Mastra source code was...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/06/16 9:0 p.m.9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. An attacker using the npm account ehindero hijacked the @mastra npm organization and, in a roughly 30–45 minute burst starting around 01:12 UTC, republished the entire @mastra catalog. The Mastra source code was...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/06/16 9:0 p.m.9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. An attacker using the npm account ehindero hijacked the @mastra npm organization and, in a roughly 30–45 minute burst starting around 01:12 UTC, republished the entire @mastra catalog. The Mastra source code was...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/06/16 9:0 p.m.9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. An attacker using the npm account ehindero hijacked the @mastra npm organization and, in a roughly 30–45 minute burst starting around 01:12 UTC, republished the entire @mastra catalog. The Mastra source code was...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/06/16 9:0 p.m.9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. An attacker using the npm account ehindero hijacked the @mastra npm organization and, in a roughly 30–45 minute burst starting around 01:12 UTC, republished the entire @mastra catalog. The Mastra source code was...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/06/16 9:0 p.m.9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. An attacker using the npm account ehindero hijacked the @mastra npm organization and, in a roughly 30–45 minute burst starting around 01:12 UTC, republished the entire @mastra catalog. The Mastra source code was...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/06/16 9:0 p.m.9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. An attacker using the npm account ehindero hijacked the @mastra npm organization and, in a roughly 30–45 minute burst starting around 01:12 UTC, republished the entire @mastra catalog. The Mastra source code was...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/06/16 9:0 p.m.9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. An attacker using the npm account ehindero hijacked the @mastra npm organization and, in a roughly 30–45 minute burst starting around 01:12 UTC, republished the entire @mastra catalog. The Mastra source code was...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/06/16 9:0 p.m.9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. An attacker using the npm account ehindero hijacked the @mastra npm organization and, in a roughly 30–45 minute burst starting around 01:12 UTC, republished the entire @mastra catalog. The Mastra source code was...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/06/16 9:0 p.m.9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. An attacker using the npm account ehindero hijacked the @mastra npm organization and, in a roughly 30–45 minute burst starting around 01:12 UTC, republished the entire @mastra catalog. The Mastra source code was...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/06/16 9:0 p.m.9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. An attacker using the npm account ehindero hijacked the @mastra npm organization and, in a roughly 30–45 minute burst starting around 01:12 UTC, republished the entire @mastra catalog. The Mastra source code was...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/06/16 9:0 p.m.9 views

Malicious Package

Overview endpointmap is a malicious package. This package is part of a coordinated malicious campaign that conceals a Windows binary dropper. While the package itself might not contain standalone malicious logic and masquerades as a benign micro-utility, it is part of a broader attack and should...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 2026/06/16 9:0 p.m.9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. An attacker using the npm account ehindero hijacked the @mastra npm organization and, in a roughly 30–45 minute burst starting around 01:12 UTC, republished the entire @mastra catalog. The Mastra source code was...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/06/16 9:0 p.m.9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. An attacker using the npm account ehindero hijacked the @mastra npm organization and, in a roughly 30–45 minute burst starting around 01:12 UTC, republished the entire @mastra catalog. The Mastra source code was...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/06/16 9:0 p.m.9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. An attacker using the npm account ehindero hijacked the @mastra npm organization and, in a roughly 30–45 minute burst starting around 01:12 UTC, republished the entire @mastra catalog. The Mastra source code was...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/06/16 9:0 p.m.9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. An attacker using the npm account ehindero hijacked the @mastra npm organization and, in a roughly 30–45 minute burst starting around 01:12 UTC, republished the entire @mastra catalog. The Mastra source code was...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/06/16 9:0 p.m.9 views

Embedded Malicious Code

Overview @mastra/mcp-docs-server is a MCP server for accessing Mastra.ai documentation, changelogs, and news. Affected versions of this package are vulnerable to Embedded Malicious Code. An attacker using the npm account ehindero hijacked the @mastra npm organization and, in a roughly 30–45 minut...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/06/16 9:0 p.m.9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. An attacker using the npm account ehindero hijacked the @mastra npm organization and, in a roughly 30–45 minute burst starting around 01:12 UTC, republished the entire @mastra catalog. The Mastra source code was...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/06/16 8:59 p.m.9 views

Improper Restriction of Names for Files and Other Resources

Overview yt-dlp is an A youtube-dl fork with additional features and patches Affected versions of this package are vulnerable to Improper Restriction of Names for Files and Other Resources via insufficient sanitization of file extensions during the file download. An attacker can cause arbitrary...

9.6CVSS6.4AI score0.00555EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/16 2:35 p.m.9 views

Malicious Package

Overview middleware-jwt is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/16 2:15 p.m.9 views

Permissive Cross-domain Policy with Untrusted Domains

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Permissive Cross-domain Policy with Untrusted Domains in the CORS middleware. An attacker can access sensitive information and perform unauthorized actions by sending cross-origin request...

7.1CVSS6AI score0.00248EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/16 2:5 p.m.9 views

Infinite loop

Overview pypdf is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to Infinite loop via the font retrieving. An attacker can cause the application to enter an infinite loop by crafting a specially...

6.9CVSS5.9AI score0.00123EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/16 1:47 p.m.9 views

Allocation of Resources Without Limits or Throttling

Overview pypdf is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the text extraction when handling form XObjects with self-references. An...

6.9CVSS5.9AI score0.00123EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/16 6:9 a.m.9 views

Malicious Package

Overview simple-auth-basic is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2026/06/16 6:9 a.m.9 views

Malicious Package

Overview fabric-graphics is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2026/06/16 12:36 a.m.9 views

Malicious Package

Overview flow-lending-sdk is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2026/06/16 12:5 a.m.9 views

Malicious Package

Overview sp-api-dev-assistant-mcp-server is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and th...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2026/06/16 12:5 a.m.9 views

Malicious Package

Overview worker-build is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2026/06/15 11:56 p.m.9 views

Malicious Package

Overview vemos-sdk is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2026/06/15 11:45 p.m.9 views

Malicious Package

Overview prettierv2 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2026/06/15 11:37 p.m.9 views

Malicious Package

Overview internallibv984 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2026/06/15 11:37 p.m.9 views

Malicious Package

Overview internallibv557 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2026/06/15 11:34 p.m.9 views

Malicious Package

Overview ect-839201 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2026/06/15 8:37 p.m.9 views

Operation on a Resource after Expiration or Release

Overview tornado is a Python web framework and asynchronous networking library, originally developed at FriendFeed. Affected versions of this package are vulnerable to Operation on a Resource after Expiration or Release in the CurlAsyncHTTPClient, where per-request credentials such as client TLS...

7CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/06/15 8:20 p.m.9 views

Buffer Overflow

Overview org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Buffer Overflow in the Buffer API. An attacker can cause application crashes or trigger incorrect memory...

9.8CVSS5.9AI score0.00253EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/15 8:13 p.m.9 views

Allocation of Resources Without Limits or Throttling

Overview protobufjs is a protocol buffer for JavaScript & TypeScript. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling during binary decoding. An attacker can cause excessive memory usage by supplying crafted protobuf binary data containing...

6.9CVSS6.1AI score0.00293EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/15 8:11 p.m.9 views

Improper Validation of Certificate with Host Mismatch

Overview Affected versions of this package are vulnerable to Improper Validation of Certificate with Host Mismatch in the serverhostname parameter handling during HTTPS connection reuse. An attacker can bypass intended TLS SNI checks by reusing an existing connection with a different...

7.5CVSS5.3AI score0.00266EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/15 8:2 p.m.9 views

Cross-site Scripting (XSS)

Overview org.webjars.npm:dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the SAFEFORTEMPLATES function. An attacker can inject template expressions that survive sanitization inside element content by...

6.1CVSS5.5AI score
Exploits0References2
Snyk
Snyk
added 2026/06/15 8:1 p.m.9 views

Cross-site Scripting (XSS)

Overview dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the INPLACE function when handling a element containing an element with an attached shadow DOM. An attacker can execute arbitrary scripts in the...

6.1CVSS5.3AI score0.00038EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/15 8:0 p.m.9 views

Cross-site Scripting (XSS)

Overview dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the INPLACE process when attacker-controlled live DOM nodes are sanitized. An attacker can execute arbitrary scripts in the context of the...

6.1CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2026/06/15 7:56 p.m.9 views

Trust Boundary Violation

Overview org.webjars.npm:dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG. Affected versions of this package are vulnerable to Trust Boundary Violation in the sanitize function when handling DOM nodes from a different same-origin realm due to improper realm-bound instanceof checks. ...

6.1CVSS6.2AI score0.00055EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/15 7:53 p.m.9 views

Prototype Pollution

Overview org.webjars.npm:dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG. Affected versions of this package are vulnerable to Prototype Pollution in the INPLACE function when sanitizing a root element that is a with event handler attributes and a descendant element whose name...

6.1CVSS6.5AI score0.00042EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/15 5:39 p.m.9 views

Incomplete Cleanup

Overview Affected versions of this package are vulnerable to Incomplete Cleanup in the diskStorage function. An attacker can exhaust disk space by repeatedly initiating and aborting multipart uploads, causing orphaned partial files to accumulate on disk. Remediation Upgrade multer to version 2.2....

7.5CVSS5.3AI score0.00278EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/15 5:39 p.m.9 views

Unintended Proxy or Intermediary ('Confused Deputy')

Overview org.webjars.npm:webpack-dev-server is an Uses webpack with a development server that provides live reloading. It should be used for development only. Affected versions of this package are vulnerable to Unintended Proxy or Intermediary 'Confused Deputy' via permissive user proxy...

7.1CVSS5.9AI score0.00163EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/15 5:35 p.m.9 views

Missing Authorization

Overview org.webjars.npm:nodemailer is an Easy as cake e-mail sending from your Node.js applications Affected versions of this package are vulnerable to Missing Authorization in the jsonTransport message, which fails to enforce file and URL access restrictions during message normalization. An...

6.4CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2026/06/15 5:34 p.m.9 views

Improper Certificate Validation

Overview nodemailer is an Easy as cake e-mail sending from your Node.js applications Affected versions of this package are vulnerable to Improper Certificate Validation due to the use of rejectUnauthorized: false in the internal HTTPS client, which disables TLS certificate verification during...

6CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2026/06/15 5:27 p.m.9 views

Improper Check for Unusual or Exceptional Conditions

Overview protobufjs-cli is a Translates between file formats and generates static code as well as TypeScript definitions. Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions in the schema-derived names that collide with runtime-significant...

6.9CVSS5.6AI score0.00238EPSS
Exploits0References2
Total number of security vulnerabilities5000