Lucene search
K
SnykMost viewed

35345 matches found

Snyk
Snyk
added 2026/04/14 11:47 a.m.9 views

Malicious Package

Overview onewin-landing is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/14 4:4 a.m.9 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the getHostByName function in the v2 template engine. An attacker can cause sensitive data to be disclosed by crafting or updating templated resources that trigger DNS queries containing secret-derived values fr...

7.1CVSS5.7AI score0.00262EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/14 12:7 a.m.9 views

Malicious Package

Overview getcardslib is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/13 11:6 p.m.9 views

Use After Free

Overview Magick.NET-Q16-HDRI-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.8CVSS5.8AI score0.00184EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/13 10:11 p.m.9 views

Heap-based Buffer Overflow

Overview Magick.NET-Q16-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

8.8CVSS5.8AI score0.00566EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/13 10:11 p.m.9 views

Heap-based Buffer Overflow

Overview Magick.NET-Q16-HDRI-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

6.9CVSS6AI score0.00428EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/13 10:11 p.m.9 views

Heap-based Buffer Overflow

Overview Magick.NET-Q16-HDRI-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

6.9CVSS6AI score0.00428EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/13 10:11 p.m.9 views

Heap-based Buffer Overflow

Overview Magick.NET-Q16-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

6.9CVSS6AI score0.00428EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/13 10:11 p.m.9 views

Heap-based Buffer Overflow

Overview Magick.NET-Q8-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

6.9CVSS6AI score0.00428EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/13 10:11 p.m.9 views

Heap-based Buffer Overflow

Overview Magick.NET-Q16-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.9CVSS6AI score0.00428EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/13 10:11 p.m.9 views

Out-of-bounds Read

Overview Magick.NET-Q16-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

7.1CVSS5.8AI score0.00194EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/13 10:11 p.m.9 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the -sample operation when a specific offset is set through the sample:offset define. An attacker can cause a denial of service by providing crafted input that triggers an out-of-bounds read. Remediation A fix was...

7.1CVSS5.8AI score0.00194EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/13 10:11 p.m.9 views

Integer Overflow or Wraparound

Overview Magick.NET-Q16-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

8.7CVSS5.8AI score0.00434EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/13 10:11 p.m.9 views

Integer Overflow or Wraparound

Overview Magick.NET-Q8-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

8.7CVSS5.8AI score0.00434EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/13 10:11 p.m.9 views

Uncontrolled Recursion

Overview Magick.NET-Q16-HDRI-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

8.7CVSS5.8AI score0.0051EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/13 10:11 p.m.9 views

Uncontrolled Recursion

Overview Magick.NET-Q16-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

8.7CVSS5.8AI score0.0051EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/13 10:11 p.m.9 views

Heap-based Buffer Overflow

Overview Magick.NET-Q16-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

6.9CVSS5.8AI score0.0018EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/13 10:11 p.m.9 views

Heap-based Buffer Overflow

Overview Magick.NET-Q16-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.9CVSS5.8AI score0.0018EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/13 10:11 p.m.9 views

Heap-based Buffer Overflow

Overview Magick.NET-Q8-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.9CVSS5.8AI score0.0018EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/13 10:11 p.m.9 views

Heap-based Buffer Overflow

Overview Magick.NET-Q16-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.9CVSS5.8AI score0.0018EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/13 10:11 p.m.9 views

Heap-based Buffer Overflow

Overview Magick.NET-Q8-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.8CVSS6.1AI score0.00187EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/13 10:11 p.m.9 views

Heap-based Buffer Overflow

Overview Magick.NET-Q16-HDRI-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

6.8CVSS6.1AI score0.00187EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/13 9:52 p.m.9 views

Arbitrary Argument Injection

Overview Affected versions of this package are vulnerable to Arbitrary Argument Injection via the webbrowser.open function. An attacker can execute arbitrary commands by supplying a specially crafted URL containing %action that is processed by the API. Note: This issue is due to incomplete fix fo...

7.1CVSS6.7AI score0.00308EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/13 7:22 p.m.9 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via decompression bomb, in FitsGzipDecoder. An attacker can cause an OOM and crash the application or severely degrade its performance by supplying a malicious FITS file containing...

8.7CVSS5.8AI score0.00671EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/13 3:25 p.m.9 views

Malicious Package

Overview @relxui/react is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/13 3:25 p.m.9 views

Malicious Package

Overview @sap-px/pxapi is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/13 3:25 p.m.9 views

Malicious Package

Overview @hrb-web/nuxt is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/13 3:25 p.m.9 views

Malicious Package

Overview wm-plugin-wm-smart-tip-dont-embed-tooltip is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/13 3:25 p.m.9 views

Malicious Package

Overview trade-in-lib is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/12 7:7 p.m.9 views

Integer Underflow (Wrap or Wraparound)

Overview Affected versions of this package are vulnerable to Integer Underflow Wrap or Wraparound via the MakerNote decoding process for Fuji and Olympus cameras. An attacker can cause a crash or leak information by providing specially crafted image files. Remediation Upgrade libexif to version...

7.1CVSS5.3AI score0.0014EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/12 3:30 a.m.9 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview metagpt is a The Multi-Agent Framework Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the generatethoughts function in the Tree-of-Thought Solver component. An attacker can execute...

9.8CVSS7.8AI score0.00409EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/11 3:30 a.m.9 views

Command Injection

Overview aws-mcp is an AWS Model Context Protocol Server Affected versions of this package are vulnerable to Command Injection via improper validation of user-supplied input in the allowed commands process. An attacker can execute arbitrary system commands by supplying crafted input that is used ...

9.8CVSS7.5AI score0.01908EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/10 10:9 p.m.9 views

Server-side Request Forgery (SSRF)

Overview rembg is a Remove image background Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the /api/remove endpoint, which accepts a URL parameter and fetches external resources. An attacker can access internal network resources and retrieve sensitive ima...

5.3CVSS5.8AI score
Exploits0References3
Snyk
Snyk
added 2026/04/10 9:0 p.m.9 views

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization via the CloudSpec method on the Controller facade. An attacker can obtain sensitive cloud credentials by making an authenticated API call with only basic login permissions, without requiring elevated privileges...

9.9CVSS5.8AI score0.00445EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/10 8:8 p.m.9 views

HTTP Response Splitting

Overview axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to HTTP Response Splitting via the parseTokens header processing path in lib/core/AxiosHeaders.js. An attacker can smuggle HTTP requests or inject arbitrary headers by...

9CVSS5.9AI score0.01815EPSS
Exploits5References2
Snyk
Snyk
added 2026/04/10 7:47 p.m.9 views

User Impersonation

Overview ajenti.plugin.core is a Core Affected versions of this package are vulnerable to User Impersonation via 2FA authentication. An attacker can gain unauthorized access by bypassing password authentication. Remediation Upgrade ajenti.plugin.core to version 0.112 or higher. References - GitHu...

9.3CVSS5.8AI score0.00329EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/10 3:31 p.m.9 views

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration due to the lack of server-side validation in the GetLinkShareFromClaims process. An attacker can retain unauthorized access to resources by using previously issued JWT tokens even after a link share is...

6.9CVSS5.8AI score0.00268EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/09 10:8 p.m.9 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation due to improper enforcement of URI name constraints during certificate chain verification in the ConfirmNameConstraints process. An attacker can bypass intended certificate restrictions by presenting a...

7CVSS5.8AI score0.00165EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/09 6:8 p.m.9 views

Arbitrary Code Injection

Overview metagpt is a The Multi-Agent Framework Affected versions of this package are vulnerable to Arbitrary Code Injection via the checksolution function in the HumanEvalBenchmark/MBPPBenchmark component. An attacker can execute arbitrary code by sending specially crafted input remotely...

9.8CVSS7.5AI score0.00387EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/09 4:14 p.m.9 views

Incorrect Authorization

Overview kibana is an open source Apache Licensed, browser-based analytics and search dashboard for Elasticsearch. Affected versions of this package are vulnerable to Incorrect Authorization via the enrollment endpoint. An attacker can access Fleet Server policy details from unauthorized spaces b...

5.3CVSS5.7AI score0.00175EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/09 12:31 p.m.9 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure due to the exposure of sensitive data to unauthorized actors. An attacker can access sensitive data such as database credentials by exploiting this vulnerability. Workaround This vulnerability can be mitigated by...

7.5CVSS7.2AI score0.01201EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/09 12:31 p.m.9 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure due to the exposure of sensitive data to unauthorized actors. An attacker can access sensitive data such as database credentials by exploiting this vulnerability. Workaround This vulnerability can be mitigated by...

7.5CVSS7.2AI score0.01201EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/08 8:13 p.m.9 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the GraphQL query batching endpoint. An attacker can exhaust server resources by sending a single HTTP request containing a large number of operations, bypassing per-query...

8.7CVSS5.8AI score0.00435EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/08 12:8 a.m.9 views

Server-side Request Forgery (SSRF)

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the restreamerURL parameter of the restream log callback flow. An attacker can access internal network resources and retrieve...

7.1CVSS5.9AI score0.0021EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/08 12:7 a.m.9 views

Arbitrary Argument Injection

Overview skilleton is a Skills skeleton: deterministic AI skill dependency manager Affected versions of this package are vulnerable to Arbitrary Argument Injection via improper handling of repository and path input in the normalizeRepoUrl function. An attacker can cause unsafe or inefficient...

6.9CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/04/08 12:5 a.m.9 views

Missing Authorization

Overview github.com/filebrowser/filebrowser/v2/http is a web file browser. Affected versions of this package are vulnerable to Missing Authorization in the resourceGetHandler process. An attacker can access the full content of text files within their authorized scope by sending requests to the...

7.5CVSS5.8AI score0.00274EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/08 12:4 a.m.9 views

Arbitrary Argument Injection

Overview Affected versions of this package are vulnerable to Arbitrary Argument Injection through the Runner.exec process. An attacker can execute arbitrary OS commands on the server by uploading or renaming a file with a crafted filename containing shell metacharacters, which are unsafely...

7.5CVSS6AI score0.01922EPSS
Exploits2References3
Snyk
Snyk
added 2026/04/08 12:0 a.m.9 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the processing of XCOFF object files. An attacker can execute unauthorized code or commands by convincing a user to process a specially crafted file. Remediation A fix was pushed into the master branch but...

8.5CVSS5.5AI score0.00171EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/07 11:9 p.m.9 views

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free in the DANE client authentication process. An attacker can cause memory corruption, application crashes, or potentially execute arbitrary code by manipulating TLSA records with both PKIX-TA/PKIX-EE and DANE-TA certificate...

9.2CVSS6AI score0.00631EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/07 10:53 p.m.9 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview std/internal/syscall/unix is a Go standard library package std/internal/syscall/unix Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition. Go Vulnerability Report:On Linux, if the target of Root.Chmod is replaced with a symlink while the chm...

7.8CVSS5.8AI score0.00292EPSS
Exploits0References3
Total number of security vulnerabilities5000