Lucene search
K

35669 matches found

Snyk
Snyk
added 2026/07/07 3:6 p.m.6 views

Malicious Package

Overview base58-cli is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/07 3:6 p.m.6 views

Malicious Package

Overview solana-address-codec is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/07 3:6 p.m.6 views

Malicious Package

Overview base58-core is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/07 2:48 p.m.5 views

Malicious Package

Overview @sqlite-list/schema-generator is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/07 2:48 p.m.6 views

Malicious Package

Overview @sqlite-list/sql-creator is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/07 2:48 p.m.7 views

Malicious Package

Overview @sqlite-access/nodesql is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/07 2:48 p.m.6 views

Malicious Package

Overview @sqlite-list/createsql is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/07 2:34 p.m.11 views

XML External Entity (XXE) Injection

Overview ebookmeta is a Read/write ebook metadata for fb2, epub2 and epub3 files Affected versions of this package are vulnerable to XML External Entity XXE Injection in the ebookmeta.getmetadata function via lxml dependency allows attackers to access sensitive information or cause a Denial of...

9.1CVSS7AI score0.00532EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/07 1:59 p.m.6 views

Malicious Package

Overview ollama-helpers is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/07 1:59 p.m.7 views

Malicious Package

Overview openai-agents-helpers is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/07 1:59 p.m.7 views

Malicious Package

Overview mcp-server-pg is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/07 1:59 p.m.4 views

Malicious Package

Overview @langgraphjs/toolkit is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/07 1:59 p.m.4 views

Malicious Package

Overview anthropic-toolkit is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/07 1:59 p.m.3 views

Malicious Package

Overview @aspect-security/argon2 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/07 1:59 p.m.7 views

Malicious Package

Overview ai-sdk-helpers is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/07 1:51 p.m.2 views

Malicious Package

Overview @engagehub/core is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/07 1:51 p.m.3 views

Malicious Package

Overview @engagehub/test-claim is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/07 1:51 p.m.3 views

Malicious Package

Overview brunomenozzi-test-pkg is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/07 1:51 p.m.2 views

Malicious Package

Overview @43uh3ig43/telemetry-client is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/07 1:51 p.m.5 views

Malicious Package

Overview harmony-enablers-test-2026 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/07 1:35 p.m.2 views

Malicious Package

Overview @apexcraft/nano-key is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/07 1:2 p.m.3 views

External Control of File Name or Path

Overview egroupware/egroupware is a library that extends a classic groupware with an integrated CRM-system, a secure file-server and Collabora Online Office. Affected versions of this package are vulnerable to External Control of File Name or Path via the processURL2InlineImages process. An...

7.1CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 2026/07/07 1:2 p.m.5 views

NULL Pointer Dereference

Overview onnx is an Open Neural Network Exchange Affected versions of this package are vulnerable to NULL Pointer Dereference in the adaptupsample67 function when processing a model containing an Upsample node with zero inputs. An attacker can cause a crash and denial of service by submitting a...

6.8CVSS6AI score0.0017EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/07 1:1 p.m.5 views

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the GET /api/oauth/email/bind and GET /api/oauth/wechat/bind endpoints. An attacker can alter account binding state by tricking a logged-in user into visiting a crafted link, potentially allowing the...

6CVSS5.9AI score0.00187EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/07 1:1 p.m.5 views

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the GET /api/oauth/email/bind and GET /api/oauth/wechat/bind endpoints. An attacker can alter account binding state by tricking a logged-in user into visiting a crafted link, potentially allowing the...

6CVSS5.9AI score0.00187EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/07 1:1 p.m.4 views

Eval Injection

Overview egroupware/egroupware is a library that extends a classic groupware with an integrated CRM-system, a secure file-server and Collabora Online Office. Affected versions of this package are vulnerable to Eval Injection via the expandname function. An attacker can execute arbitrary OS comman...

8.6CVSS6.3AI score
Exploits0References3
Snyk
Snyk
added 2026/07/07 1:1 p.m.7 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the /skin/ action endpoint when running on Jetty 12 or later. An attacker can access arbitrary files on the server by crafting a URL containing encoded directory traversal sequences. This is only exploitable if th...

8.2CVSS6.5AI score
Exploits0References2
Snyk
Snyk
added 2026/07/07 1:1 p.m.6 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the /skin/ action endpoint when running on Jetty 12 or later. An attacker can access arbitrary files on the server by crafting a URL containing encoded directory traversal sequences. This is only exploitable if th...

8.2CVSS6.5AI score
Exploits0References2
Snyk
Snyk
added 2026/07/07 1:1 p.m.3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the notification URL validation process. An attacker can access internal network resources and potentially expose sensitive internal data by configuring notification URLs to point to hostnames that...

7.7CVSS6AI score0.00437EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/07 1:1 p.m.5 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the notification URL validation process. An attacker can access internal network resources and potentially expose sensitive internal data by configuring notification URLs to point to hostnames that...

7.7CVSS6AI score0.00437EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/07 1:1 p.m.4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the notification URL validation process. An attacker can access internal network resources and potentially expose sensitive internal data by configuring notification URLs to point to hostnames that...

7.7CVSS6AI score0.00437EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/07 1:1 p.m.4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the notification URL validation process. An attacker can access internal network resources and potentially expose sensitive internal data by configuring notification URLs to point to hostnames that...

7.7CVSS6AI score0.00437EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/07 1:1 p.m.5 views

Authorization Bypass Through User-Controlled Key

Overview egroupware/egroupware is a library that extends a classic groupware with an integrated CRM-system, a secure file-server and Collabora Online Office. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via improper authorization checks in t...

9.3CVSS6.3AI score
Exploits0References4
Snyk
Snyk
added 2026/07/07 12:41 p.m.5 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the BaseSerialization.deserialize process. An attacker can execute arbitrary code on the API Server or Scheduler by embedding a malicious trigger into a serialized DAG, which is then deserialized and...

9.8CVSS6.7AI score0.01649EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/07 12:41 p.m.4 views

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration via the dep.source and dep.target fields in the scheduling graph endpoint. An attacker can obtain identifiers of resources they are not authorized to access by inspecting dependency information exposed...

6.9CVSS6AI score0.00636EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/07 12:41 p.m.5 views

Improper Removal of Sensitive Information Before Storage or Transfer

Overview Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer in the Bulk Variables API due to the redact function being called without the variable key, which prevents the shouldhidevalueforkey check from triggering on...

6.9CVSS6AI score0.00664EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/07 12:41 p.m.5 views

Improper Removal of Sensitive Information Before Storage or Transfer

Overview apache-airflow is a platform to programmatically author, schedule, and monitor workflows. Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer in the Config API when per-key secrets backend overrides are configured via...

6.9CVSS6AI score0.00664EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/07 12:40 p.m.5 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the GET /api/v2/dagSources/dagid endpoint, which returns the entire source file containing multiple DAGs without redacting those the user is not authorized to access. An attacker can...

7.1CVSS6AI score0.00601EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/07 12:36 p.m.5 views

Improper Removal of Sensitive Information Before Storage or Transfer

Overview Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer in the REST API task-instance detail and list endpoints, which returned deferred task trigger keyword arguments without masking sensitive data. An attacker can access...

6.9CVSS6AI score0.00664EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/07 6:27 a.m.4 views

Malicious Package

Overview chai-spycore is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/07 6:27 a.m.8 views

Malicious Package

Overview express-firegate is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/07 6:27 a.m.8 views

Malicious Package

Overview express-deflect is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/07 12:33 a.m.4 views

Improper Restriction of Rendered UI Layers or Frames

Overview ajenti is a Linux & BSD web admin panel. Affected versions of this package are vulnerable to Improper Restriction of Rendered UI Layers or Frames through the lack of anti-framing protections in the HTTP response process. An attacker can trick users into interacting with a maliciously...

5.4CVSS6AI score0.00159EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/07 12:33 a.m.7 views

Cross-site Scripting (XSS)

Overview org.webjars.npm:showdown is a JavaScript Markdown to HTML converter. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the parseHeaders function. An attacker can execute arbitrary scripts in the context of users viewing rendered markdown by injecting special...

6.1CVSS6.1AI score0.00198EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/07 12:33 a.m.8 views

Cross-site Scripting (XSS)

Overview showdown is a JavaScript Markdown to HTML converter. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the parseHeaders function. An attacker can execute arbitrary scripts in the context of users viewing rendered markdown by injecting specially crafted table...

6.1CVSS6.1AI score0.00198EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/07 12:0 a.m.2 views

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free in the query completion process. An attacker can cause memory corruption and application crash by sending crafted DNS responses that manipulate the sequence of query completions, such as forcing an EDNS-downgrade retry an...

8.7CVSS6.1AI score
Exploits0References2
Snyk
Snyk
added 2026/07/06 10:40 p.m.4 views

Uncaught Exception

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Uncaught Exception through the rejection sampler process. An attacker can cause the engine worker to crash and abort concurrent requests by sending...

8.7CVSS5.9AI score0.00343EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/06 10:40 p.m.3 views

Insufficient Verification of Data Authenticity

Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the ForwardAuth process when trustForwardHeader is set to false. An attacker can bypass port-based authorization checks by injecting a crafted X-Forwarded-Proto header over an unencrypte...

6.9CVSS6AI score0.0029EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/06 10:40 p.m.4 views

Insufficient Verification of Data Authenticity

Overview github.com/traefik/traefik/v2/pkg/middlewares/auth is a Cloud Native Application Proxy. Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the ForwardAuth process when trustForwardHeader is set to false. An attacker can bypass port-based...

6.9CVSS6AI score0.0029EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/06 10:40 p.m.4 views

Insufficient Verification of Data Authenticity

Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the ForwardAuth process when trustForwardHeader is set to false. An attacker can bypass port-based authorization checks by injecting a crafted X-Forwarded-Proto header over an unencrypte...

6.9CVSS6AI score0.0029EPSS
Exploits0References2
Total number of security vulnerabilities35669