Lucene search
K
SnykMost viewed

35749 matches found

Snyk
Snyk
added 2026/06/02 9:0 p.m.9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that hides inside binary executable files triggered by a postinstall script. IronWorm is a sophisticated, Rust-based infostealer that functions as a self-replicating supply-chain attack. Its primary characteristi...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/02 9:0 p.m.9 views

Embedded Malicious Code

Overview ai-sdk-ollama is a Vercel AI SDK Provider for Ollama using official ollama-js library Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious binding.gyp file that drops and runs a self-propagating cloud secret stealer. The malicious code attemp...

9.8CVSS5.6AI score
Exploits0References2
Snyk
Snyk
added 2026/06/02 9:0 p.m.9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious binding.gyp file that drops and runs a self-propagating cloud secret stealer. The malicious code attempts to exfiltrate AWS, GCP, Azure, Vault, and Kubernetes credentials, as well as npm an...

9.8CVSS5.6AI score
Exploits0References2
Snyk
Snyk
added 2026/06/02 9:11 a.m.9 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal due to insufficient validation of file paths in getospath function within jupyterserver/services/contents/fileio.py. An attacker can gain unauthorized read and write access to files outside the intended directory by...

8.1CVSS7.1AI score0.00437EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/02 5:16 a.m.9 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the Import function in the TTS Configuration Endpoint. An attacker can access internal resources or services by sending crafted requests through the vulnerable endpoint. Remediation Upgrade...

5.8CVSS5AI score0.00227EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/01 9:0 p.m.9 views

Malicious Package

Overview backupsitetuff3 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/01 9:0 p.m.9 views

Malicious Package

Overview abuden218 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertisin...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/01 9:0 p.m.9 views

Malicious Package

Overview ishowfeet13 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/01 9:0 p.m.9 views

Malicious Package

Overview ishowfeet3 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertisi...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/01 9:0 p.m.9 views

Malicious Package

Overview abuden228 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertisin...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/01 9:0 p.m.9 views

Malicious Package

Overview @vpmdhaj/elastic-helper is a malicious package. This package contains malicious code, and its content has been removed from the official package manager. While this package typosquats well-known libraries to impersonate valid open-source ecosystems, there is no connection between those...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/06/01 9:0 p.m.9 views

Malicious Package

Overview abuden227 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertisin...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/01 9:0 p.m.9 views

Malicious Package

Overview omgyesyesyes is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/01 9:0 p.m.9 views

Malicious Package

Overview abuden215 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertisin...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/01 9:0 p.m.9 views

Malicious Package

Overview @vpmdhaj/opensearch-setup is a malicious package. This package contains malicious code, and its content has been removed from the official package manager. While this package typosquats well-known libraries to impersonate valid open-source ecosystems, there is no connection between those...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/06/01 3:43 p.m.9 views

Malicious Package

Overview xarc-webpack-cli is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/01 2:12 p.m.9 views

Cross-site Scripting (XSS)

Overview @vitest/browser is a Browser running for Vitest Affected versions of this package are vulnerable to Cross-site Scripting XSS via the otelCarrier query parameter being directly inserted into an inline script without sanitization. An attacker can execute arbitrary JavaScript in the context...

9.6CVSS5.8AI score0.00367EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/01 2:9 p.m.9 views

Missing Authorization

Overview @vitest/browser is a Browser running for Vitest Affected versions of this package are vulnerable to Missing Authorization through the api and browser.api request handlers in the server and UI components. An attacker can run tests, modify project files, or overwrite snapshots by connectin...

9.2CVSS6AI score0.01024EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/01 2:9 p.m.9 views

Missing Authorization

Overview @vitest/ui is an UI for Vitest Affected versions of this package are vulnerable to Missing Authorization through the api and browser.api request handlers in the server and UI components. An attacker can run tests, modify project files, or overwrite snapshots by connecting to an exposed...

9.2CVSS6AI score0.01024EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/01 2:7 p.m.9 views

Cross-site Scripting (XSS)

Overview org.webjars.npm:dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the HTML allowlist in dist/purify.cjs.js and related build artifacts. An attacker can inject a selectedcontent element into...

8.2CVSS6.2AI score0.00278EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/01 12:3 p.m.9 views

Malicious Package

Overview jingmeideshishi is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/01 10:29 a.m.9 views

Improper Authorization

Overview org.apache.activemq:activemq-broker is a high performance Apache 2.0 licensed Message Broker and JMS 1.1 implementation. Affected versions of this package are vulnerable to Improper Authorization due to incomplete authorization checks in the destination removal process. An attacker can...

6.5CVSS5.4AI score0.00335EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/01 10:29 a.m.9 views

Improper Input Validation

Overview org.apache.activemq:activemq-broker is a high performance Apache 2.0 licensed Message Broker and JMS 1.1 implementation. Affected versions of this package are vulnerable to Improper Input Validation over the /api/jolokia MBeans interface. A user can execute arbitrary code on the broker's...

8.8CVSS7AI score0.96666EPSS
Exploits13References2
Snyk
Snyk
added 2026/06/01 10:29 a.m.9 views

Insecure Default Initialization of Resource

Overview org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene Affected versions of this package are vulnerable to Insecure Default Initialization of Resource in the Basic Authentication setup bin/solr auth enable tool. An attacker can gain full...

9.8CVSS7AI score0.00529EPSS
Exploits2References3
Snyk
Snyk
added 2026/06/01 10:26 a.m.9 views

Exposure of Sensitive Information Through Metadata

Overview org.apache.activemq:activemq-all is a package that puts together an ActiveMQ jar bundle. Affected versions of this package are vulnerable to Exposure of Sensitive Information Through Metadata in the BrokerInfo component. An attacker can obtain sensitive metadata, including client...

8.2CVSS5.5AI score0.00328EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/01 10:26 a.m.9 views

Exposure of Sensitive Information Through Metadata

Overview org.apache.activemq:activemq-broker is a high performance Apache 2.0 licensed Message Broker and JMS 1.1 implementation. Affected versions of this package are vulnerable to Exposure of Sensitive Information Through Metadata in the BrokerInfo component. An attacker can obtain sensitive...

8.2CVSS5.5AI score0.00328EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/01 9:31 a.m.9 views

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect in the login redirect route, where the issafeurl check can be bypassed. A user who can reach the login redirect route can redirect a user from the trusted Airflow domain to an attacker-controlled origin by crafting a login...

7.2CVSS6.1AI score0.00649EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/01 9:16 a.m.9 views

Insertion of Sensitive Information Into Sent Data

Overview apache-airflow-task-sdk is a The Apache Airflow Task SDK includes interfaces for Dag authors and Task execution logic for Python. Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the handling of rendered template fields when the...

7.1CVSS5.9AI score0.00335EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/01 9:16 a.m.9 views

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the handling of rendered template fields when the length exceeds the configured maximum, causing nested sensitive keys within JSON structures to be stringified before redaction and...

7.1CVSS5.8AI score0.00335EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/01 9:10 a.m.9 views

Malicious Package

Overview @pcldpvkoewpogw/testhacker is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/01 9:9 a.m.9 views

Malicious Package

Overview shopifyto-cms is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/01 9:9 a.m.9 views

Malicious Package

Overview cms-helpgit is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/01 8:26 a.m.9 views

Malicious Package

Overview @antoncallahan/aws-user-helper is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and thi...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/01 8:26 a.m.9 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the extractanimvalue function of the Half-Life 1 MDL Loader component when processing the num.total argument. An attacker can achieve arbitrary code execution or cause application crashes by supplying...

5.3CVSS6.5AI score0.00124EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/01 8:26 a.m.9 views

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free in the aiNode destructor in scene.cpp of the ASE file parser component. An attacker can trigger memory corruption or potentially execute arbitrary code by providing a crafted ASE file that causes the use of a previously...

5.3CVSS6.4AI score0.00115EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/01 8:16 a.m.9 views

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the /api/v2/connections/connectionid REST API endpoint. An attacker can access sensitive credential information stored in the extra JSON blob by making authenticated requests with...

6.5CVSS5.8AI score0.0041EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/01 5:10 a.m.9 views

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management in the handleSave function of the RoleAdmin Gateway component in the ttsconfig.go file. An attacker can gain unauthorized access to privileged operations by exploiting improper privilege management through...

6.5CVSS6.6AI score0.00209EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/31 9:0 p.m.9 views

Malicious Package

Overview @cloudplatform-single-spa/secret-manager is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organizati...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/05/31 9:0 p.m.9 views

Malicious Package

Overview @cloudplatform-single-spa/serverless-containers is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/05/31 9:0 p.m.9 views

Malicious Package

Overview @car-loans/gus is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/05/31 9:0 p.m.9 views

Malicious Package

Overview @cloudplatform-single-spa/key-manager is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/05/31 9:0 p.m.9 views

Malicious Package

Overview @cloudplatform-single-spa/dataplatform-bi is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/05/31 9:0 p.m.9 views

Malicious Package

Overview @cloudplatform-single-spa/monaas-ui is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization an...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/05/31 9:0 p.m.9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to the "Miasma" supply chain attack targeting the @redhat-cloud-services npm namespace. A malicious actor compromised the publication pipeline and published versions containing malicious code that includes...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/31 9:0 p.m.9 views

Malicious Package

Overview @cloudplatform-single-spa/paas-kafka is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization a...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/05/31 9:0 p.m.9 views

Malicious Package

Overview @cloudplatform-single-spa/opensearch is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization a...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/05/31 9:0 p.m.9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to the "Miasma" supply chain attack targeting the @redhat-cloud-services npm namespace. A malicious actor compromised the publication pipeline and published versions containing malicious code that includes...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/31 9:0 p.m.9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code linked to the "Miasma" supply chain attack targeting the @redhat-cloud-services npm namespace. A malicious actor compromised the publication pipeline and published versions containing malicious code that includes...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/31 9:0 p.m.9 views

Malicious Package

Overview @car-loans/show-car-year-module is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and th...

9.8CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/05/31 9:0 p.m.9 views

Malicious Package

Overview Sicoob-Cooperativa.Sicoob.PagamentosV3 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization...

9.8CVSS5.8AI score
Exploits0References2
Total number of security vulnerabilities5000