Lucene search
K

35669 matches found

Snyk
Snyk
•added 2026/07/07 4:40 p.m.•5 views

Use of Cache Containing Sensitive Information

Overview Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information in the UpdateCacheMiddleware and cachepage process when responses that vary on...

5.3CVSS6AI score0.00375EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/07 4:40 p.m.•5 views

Buffer Access with Incorrect Length Value

Overview Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to Buffer Access with Incorrect Length Value in the GDALRaster process when constructed from a bytes object. An attacker can access...

6.3CVSS6AI score0.00291EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/07 4:38 p.m.•7 views

Improper Neutralization

Overview Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to Improper Neutralization via the DomainNameValidator process. An attacker can inject arbitrary HTTP headers by submitting input...

6.1CVSS6AI score0.00217EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/07 4:19 p.m.•6 views

Malicious Package

Overview whs4npmtest is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/07 4:19 p.m.•3 views

Malicious Package

Overview @whs4/whs4npm is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/07 4:19 p.m.•6 views

Malicious Package

Overview whs4nmp is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/07 4:19 p.m.•3 views

Malicious Package

Overview whs4pnm is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/07 4:19 p.m.•4 views

Malicious Package

Overview wsh4npm is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/07 4:19 p.m.•6 views

Malicious Package

Overview whs4npm is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/07 4:19 p.m.•6 views

Malicious Package

Overview wsh4-nmp is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/07 4:17 p.m.•7 views

Malicious Package

Overview warp-dependency is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/07 4:16 p.m.•6 views

Malicious Package

Overview paperclip-host-utils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/07 4:16 p.m.•6 views

Malicious Package

Overview vps-adapter-core is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/07 4:13 p.m.•6 views

Malicious Package

Overview syco1 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/07 4:13 p.m.•5 views

Malicious Package

Overview sypoi1 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/07 4:12 p.m.•7 views

Malicious Package

Overview runtimedev-link is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/07 4:7 p.m.•6 views

Malicious Package

Overview polytrade is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/07 4:0 p.m.•6 views

Malicious Package

Overview zod-pino444 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/07 4:0 p.m.•6 views

Malicious Package

Overview zod-pino434 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/07 4:0 p.m.•5 views

Malicious Package

Overview zredis-typed is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/07 4:0 p.m.•6 views

Malicious Package

Overview pinokio-redis is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/07 3:46 p.m.•6 views

Malicious Package

Overview evm-typechain is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/07 3:35 p.m.•4 views

Malicious Package

Overview hello244a is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/07 3:34 p.m.•4 views

Malicious Package

Overview nuxt-fonts-devtools is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/07 3:34 p.m.•7 views

Malicious Package

Overview load-nuxt-dev is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/07 3:34 p.m.•5 views

Malicious Package

Overview load-nuxt is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/07 3:34 p.m.•6 views

Malicious Package

Overview gen-ai-opt-in is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/07 3:34 p.m.•6 views

Malicious Package

Overview rnx-align-deps is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/07 3:34 p.m.•4 views

Malicious Package

Overview shopify-internel is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/07 3:34 p.m.•4 views

Malicious Package

Overview nonexistent-package is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/07 3:34 p.m.•6 views

Malicious Package

Overview annotator-harvardx is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/07 3:34 p.m.•4 views

Malicious Package

Overview hook-augmenting-module is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/07 3:34 p.m.•6 views

Malicious Package

Overview some-theme is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/07 3:29 p.m.•5 views

Malicious Package

Overview debugcli is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/07 3:29 p.m.•3 views

Malicious Package

Overview tx-guard-snap is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/07 3:26 p.m.•3 views

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials in the registryFor process. An attacker can obtain authentication credentials and trusted CA configuration by registering a sibling-domain registry that matches the unanchored suffix. Remediation...

6.3CVSS6.1AI score
Exploits0References3
Snyk
Snyk
•added 2026/07/07 3:26 p.m.•4 views

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception via the maxdatagramframesize parameter when it is set to a very small value. An attacker can cause the server to crash by sending specially crafted datagram frames that exploit this configuration. Remediation Upgrade...

8.7CVSS6.1AI score
Exploits0References3
Snyk
Snyk
•added 2026/07/07 3:26 p.m.•6 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass via the core process. An attacker can access internal network resources by sending specially crafted UDP requests that bypass access control checks. Remediation Upgrade github.com/apernet/hysteria/extras/v2/outboun...

7.4CVSS6.1AI score
Exploits0References3
Snyk
Snyk
•added 2026/07/07 3:26 p.m.•4 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass via the core process. An attacker can access internal network resources by sending specially crafted UDP requests that bypass access control checks. Remediation Upgrade github.com/apernet/hysteria/core/v2/server to...

7.4CVSS6.1AI score
Exploits0References3
Snyk
Snyk
•added 2026/07/07 3:26 p.m.•4 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the http process. An attacker can cause the server to become unresponsive by sending HTTP requests with excessively large headers, leading to resource exhaustion. Remediation Ther...

8.7CVSS6.1AI score
Exploits0References3
Snyk
Snyk
•added 2026/07/07 3:26 p.m.•2 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the http process. An attacker can cause the server to become unresponsive by sending HTTP requests with excessively large headers, leading to resource exhaustion. Remediation...

8.7CVSS6.1AI score
Exploits0References3
Snyk
Snyk
•added 2026/07/07 3:26 p.m.•4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the OIDC discovery process. An attacker can cause the service to follow malicious redirects, leading to server-side request forgery and potential exposure of Kubernetes service-account tokens by...

8.2CVSS6.1AI score
Exploits0References3
Snyk
Snyk
•added 2026/07/07 3:26 p.m.•3 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the TIFF image parsing process due to missing validation of the IFD offset in the image header before memory allocation. An attacker can cause excessive memory consumption or a...

7.1CVSS6.1AI score0.00245EPSS
Exploits0References3
Snyk
Snyk
•added 2026/07/07 3:25 p.m.•4 views

Always-Incorrect Control Flow Implementation

Overview Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation in the checksdpcrypto function due to an inverted boolean condition. An attacker can weaken the binding between DTLS certificates and SDP by intercepting and modifying WebRTC signaling...

6.3CVSS6.1AI score0.0015EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/07 3:20 p.m.•4 views

Malicious Package

Overview chai-sdk is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/07 3:13 p.m.•6 views

Malicious Package

Overview notifier-utils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/07 3:13 p.m.•6 views

Malicious Package

Overview jsf-utils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/07 3:13 p.m.•4 views

Malicious Package

Overview chai-chain-dom is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/07 3:6 p.m.•4 views

Malicious Package

Overview crypto-base58 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/07 3:6 p.m.•6 views

Malicious Package

Overview typescript-base58 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6AI score
Exploits0References2
Total number of security vulnerabilities35669