Lucene search
K

32391 matches found

Snyk
Snyk
added 2026/04/21 8:47 p.m.4 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the HTTP resolver process. An attacker can cause excessive memory consumption and termination of the tekton-pipelines-resolvers pod by directing it to retrieve a very large HT...

7.1CVSS5.8AI score0.00318EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/21 8:45 p.m.4 views

Arbitrary Argument Injection

Overview Affected versions of this package are vulnerable to Arbitrary Argument Injection via the ResolutionRequest process. An attacker can execute arbitrary code on the resolver pod and exfiltrate cluster-wide secrets by injecting malicious commands into the revision parameter of the git...

8.5CVSS6.1AI score0.00788EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/21 8:39 p.m.4 views

Cross-site Scripting (XSS)

Overview astro is an Astro is a modern site builder with web best practices, performance, and DX front-of-mind. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the defineScriptVars function due to incomplete sanitization of closing tags within injected variables. A...

6.1CVSS5.5AI score0.00189EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/21 8:38 p.m.4 views

XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection via the iterparse or ETCompatXMLParser functions when resolveentities is set to allow external entities. An attacker can access local files by providing crafted XML input containing external entity...

8.7CVSS6AI score0.00324EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/21 8:19 p.m.5 views

Incomplete List of Disallowed Inputs

Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs via the run function of the CSVAgents class when evaluating LLM-generated Python scripts in a pyodide environment without sufficient sandboxing. An attack...

9.8CVSS6.3AI score0.00529EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/21 8:14 p.m.5 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the commentable field in the API, which allows access to all commentable resources without permission checks. An attacker can retrieve sensitive information by sending unauthenticated requests to the /api...

8.7CVSS5.5AI score0.00287EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 8:14 p.m.4 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the commentable field in the API, which allows access to all commentable resources without permission checks. An attacker can retrieve sensitive information by sending unauthenticated requests to the /api...

8.7CVSS5.5AI score0.00287EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 8:0 p.m.7 views

Infinite loop

Overview org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages. Affected versions of this package are...

8.7CVSS7.4AI score0.00635EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 8:0 p.m.4 views

Uncontrolled Recursion

Overview org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages. Affected versions of this package are...

6.9CVSS7.4AI score0.00305EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 8:0 p.m.4 views

Use of a Broken or Risky Cryptographic Algorithm

Overview Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm in the cryptographic algorithm implementation. An attacker can compromise the confidentiality of sensitive information by exploiting weak or insufficient cryptographic algorithms...

2.9CVSS7.2AI score0.00124EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 8:0 p.m.5 views

Cleartext Transmission of Sensitive Information

Overview org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages. Affected versions of this package are...

6CVSS7.3AI score0.0028EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 8:0 p.m.33 views

XML External Entity (XXE) Injection

Overview org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages. Affected versions of this package are...

8.7CVSS7.4AI score0.00702EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 8:0 p.m.4 views

Use of a Broken or Risky Cryptographic Algorithm

Overview org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages. Affected versions of this package are...

2.9CVSS7.3AI score0.00124EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 8:0 p.m.5 views

Use of a Broken or Risky Cryptographic Algorithm

Overview Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm in the key generation. An attacker can compromise the confidentiality of generated cryptographic keys by exploiting weak or predictable key material. Remediation A fix was pushed into the...

2.9CVSS7.2AI score0.00122EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 8:0 p.m.5 views

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion via certificate chain validation logic. An attacker can cause a denial of service by supplying a crafted certificate chain that triggers excessive recursion or stack usage during validation, resulting in a stack...

6.9CVSS5.9AI score0.00305EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 8:0 p.m.7 views

XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection via the XML parsing. An attacker can access sensitive information by submitting a specially crafted XML input that is processed without proper external entity restrictions. Details XXE Injection is a ty...

8.7CVSS7.3AI score0.00702EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 8:0 p.m.4 views

Out-of-bounds Read

Overview org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages. Affected versions of this package are...

8.7CVSS7.3AI score0.00269EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 8:0 p.m.10 views

Use of a Broken or Risky Cryptographic Algorithm

Overview org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages. Affected versions of this package are...

2.9CVSS7.3AI score0.00122EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 8:0 p.m.6 views

Cleartext Transmission of Sensitive Information

Overview Affected versions of this package are vulnerable to Cleartext Transmission of Sensitive Information in the Kerberos credentialing. An attacker can intercept sensitive information by capturing unencrypted credentials during transmission. Remediation A fix was pushed into the master branch...

6CVSS7.2AI score0.0028EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 8:0 p.m.4 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the Zip file reading. An attacker can cause a denial of service by providing a specially crafted zip file that triggers an out-of-bounds read. Remediation A fix was pushed into the master branch but not yet...

8.7CVSS7.2AI score0.00269EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 8:0 p.m.6 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the Arena memory allocation. An attacker can cause unintended modification of data by providing specially crafted input that manipulates memory allocation boundaries. Remediation A fix was pushed into the...

6.3CVSS7.2AI score0.00206EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 8:0 p.m.6 views

Infinite loop

Overview Affected versions of this package are vulnerable to Infinite loop via the Java networking APIs. An unauthenticated attacker can cause repeated crashes or hangs by sending crafted network input to applications using the affected networking components, leading to denial of service...

8.7CVSS5.8AI score0.00635EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 7:17 p.m.5 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the Webroot HTTP-01 challenge provider. An attacker can write arbitrary files to the filesystem by supplying crafted challenge tokens containing directory traversal sequences. Details A Directory Traversal attack...

8.8CVSS6.5AI score0.0034EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 7:17 p.m.6 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the Webroot HTTP-01 challenge provider. An attacker can write arbitrary files to the filesystem by supplying crafted challenge tokens containing directory traversal sequences. Details A Directory Traversal attack...

8.8CVSS6.5AI score0.0034EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 7:17 p.m.2 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview org.springframework.security:spring-security-core is a package that provides security services for the Spring IO Platform. Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition in the JdbcOneTimeTokenService component. An attacker can gain...

6.3CVSS5.5AI score0.00124EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 7:11 p.m.4 views

Incorrect Authorization

Overview github.com/oauth2-proxy/oauth2-proxy/v7 is a reverse proxy that provides authentication with Google, Github or other providers. Affected versions of this package are vulnerable to Incorrect Authorization in the email domain validation. An attacker can gain unauthorized access by submitti...

7.6CVSS5.5AI score0.00209EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 7:11 p.m.5 views

Incorrect Authorization

Overview github.com/oauth2-proxy/oauth2-proxy is a reverse proxy that provides authentication with Google, Github or other providers. Affected versions of this package are vulnerable to Incorrect Authorization in the email domain validation. An attacker can gain unauthorized access by submitting ...

7.6CVSS5.5AI score0.00209EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 6:59 p.m.6 views

Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value through the source.view path in font/sfnt. An attacker can force the parser to allocate a large read buffer by supplying a corrupt or malicious font file that advertises data beyond the file's...

6.1CVSS5.9AI score0.00112EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/21 6:59 p.m.17 views

Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value through the source.view path in font/sfnt. An attacker can force the parser to allocate a large read buffer by supplying a corrupt or malicious font file that advertises data beyond the file's...

6.1CVSS5.9AI score0.00112EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/21 6:59 p.m.10 views

Memory Allocation with Excessive Size Value

Overview golang.org/x/image/webp is a Package webp implements a decoder for WEBP images. Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value. An attacker can cause a crash by supplying a WEBP image with an invalid, very large declared size, triggering a...

8.2CVSS5.5AI score0.0034EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/21 6:51 p.m.4 views

UNIX Symbolic Link (Symlink) Following

Overview @anthropic-ai/claude-code is an Use Claude, Anthropic's AI assistant, right from your terminal. Claude can understand your codebase, edit files, run terminal commands, and handle entire workflows for you. Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink...

10CVSS6.4AI score0.00518EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/21 6:31 p.m.4 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the asset and blueprint file operations in the CMS and Tailor editor extensions. An attacker can gain unauthorized access to perform file operations such as create, delete, rename, move, or upload on theme...

3.3CVSS5.8AI score0.00144EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 6:31 p.m.4 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the DataTable widget when a query parameter is rendered without proper output escaping. An attacker can execute arbitrary scripts in the context of the user's browser by tricking a user into visiting a craft...

3.1CVSS5.8AI score0.00144EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 6:31 p.m.3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the handling of CSS preprocessor files. An attacker can access arbitrary files from the server by leveraging the import functionality in .less, .sass, or .scss files, even when cms.safemode is enabled. This is...

6.9CVSS5.9AI score0.00246EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 6:31 p.m.6 views

Incomplete List of Disallowed Inputs

Overview Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs via the Twig sandbox security policy, which permits database write operations even when safe mode is enabled. An attacker with Developer permissions can modify, insert, or delete data in any database...

7.5CVSS5.8AI score0.00229EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 5:29 p.m.5 views

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write through asyncio.AbstractEventLoop.sockrecvfrominto in the Windows ProactorEventLoop datagram receive path. An attacker can trigger a ValueError-free out-of-bounds receive by supplying an nbytes value larger than the...

8.8CVSS5.9AI score0.00374EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 5:29 p.m.4 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the /index.php/Speciaal:GefacetteerdZoeken parameter. An attacker can execute arbitrary JavaScript in a victim's browser by crafting a malicious URL and tricking the user into visiting it, potentially leadin...

6.1CVSS5.4AI score0.00285EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 5:17 p.m.10 views

Regular Expression Denial of Service (ReDoS)

Overview signalk-server is an An implementation of a Signal K server for boats. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the contextMatcher and pathMatcher functions. An attacker can cause the server to become unresponsive and exhaust CPU...

8.7CVSS5.8AI score0.00427EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/21 4:26 p.m.3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the serverURL parameter when it is set to an attacker-controlled endpoint. An attacker can obtain sensitive API tokens by crafting a resource that omits the Git API token parameter, causing the...

7.7CVSS5.8AI score0.0026EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 4:5 p.m.4 views

Permissive Regular Expression

Overview Affected versions of this package are vulnerable to Permissive Regular Expression in the VerificationPolicy module when matchin refSource.URITekton. An attacker can alter verification modes or keys and potentially compromise the integrity of CI/CD pipelines by supplying resources source...

7.1CVSS5.4AI score0.00264EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/21 3:18 p.m.7 views

SQL Injection

Overview Glances is an A cross-platform curses-based monitoring tool Affected versions of this package are vulnerable to SQL Injection via unsanitized configuration values in the Cassandra export module. An attacker can redirect monitoring data to an unauthorized Cassandra keyspace and exfiltrate...

8.3CVSS5.8AI score0.00212EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/21 3:17 p.m.5 views

Server-side Request Forgery (SSRF)

Overview Glances is an A cross-platform curses-based monitoring tool Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the publicapi configuration parameter of the IP plugin. An attacker can cause the application to send unauthorized HTTP requests to arbitrar...

8.8CVSS5.5AI score0.00396EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/21 3:16 p.m.8 views

Access Control Bypass

Overview @gitlawb/openclaude is an OpenClaude opens coding-agent workflows to any LLM — OpenAI, Gemini, DeepSeek, Ollama, and 200+ models Affected versions of this package are vulnerable to Access Control Bypass via the bashToolHasPermission function. An attacker can access or modify files outsid...

8.4CVSS5.8AI score0.00232EPSS
Exploits2References3
Snyk
Snyk
added 2026/04/21 3:14 p.m.4 views

Permissive Cross-domain Policy with Untrusted Domains

Overview Glances is an A cross-platform curses-based monitoring tool Affected versions of this package are vulnerable to Permissive Cross-domain Policy with Untrusted Domains via the REST API when a permissive CORS policy is configured, allowing unauthenticated cross-origin requests to access...

8.7CVSS5.4AI score0.00408EPSS
Exploits1References3
Snyk
Snyk
added 2026/04/21 3:4 p.m.5 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the loadimage and encodeimagebase64 functions in LMDeploy's vision-language module, which fetch URLs without validating whether the destination is an internal or private address. An attacker can acce...

8.7CVSS6AI score0.4525EPSS
Exploits2References2
Snyk
Snyk
added 2026/04/21 2:53 p.m.10 views

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE via ExpectedArtifactExpressionEvaluationPostProcessor, which may accept and process SpEL expressions that reference and load arbitrary classes. An attacker can execute code by supplying malicious strings as inp...

9.9CVSS6.1AI score0.00553EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 2:48 p.m.7 views

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE via insufficient sanitization of user inputs to reference, path, and branch parameters when handling git resources in GitJobExecutor. An attacker can inject commands, exposing credentials, removing files, or...

9.9CVSS5.9AI score0.00606EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/21 12:5 p.m.5 views

Malicious Package

Overview com.tencent.puerts.agent is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/04/21 11:31 a.m.5 views

Malicious Package

Overview internalinsightsenabled is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/04/21 11:15 a.m.6 views

Cleartext Storage of Sensitive Information

Overview typo3/cms-core is a free open source enterprise content management system. Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information due to the SetupModuleController module merging entity data with user-interface settings before storing them in DB. An...

8.3CVSS5.7AI score0.00167EPSS
Exploits0References2
Total number of security vulnerabilities32391