Lucene search
K

32882 matches found

Snyk
Snyk
added 2026/04/15 12:11 p.m.5 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the /debugging/config/dump endpoint if there are second level Properties objects in the configuration. An attacker can obtain sensitive configuration details, including database credentials, by sending requests ...

7.5CVSS5.7AI score0.00544EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/15 11:15 a.m.6 views

Interpretation Conflict

Overview @fastify/express is an Express compatibility layer for Fastify Affected versions of this package are vulnerable to Interpretation Conflict due to improper handling of middleware paths in the onRegister function. An attacker can gain unauthorized access to protected routes by exploiting t...

9.3CVSS5.7AI score0.0043EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/15 11:15 a.m.4 views

Interpretation Conflict

Overview @fastify/express is an Express compatibility layer for Fastify Affected versions of this package are vulnerable to Interpretation Conflict via improper URL normalization gaps. An attacker can gain unauthorized access to protected routes by manipulating the URL path with duplicate slashes...

9.1CVSS5.7AI score0.00483EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/15 11:15 a.m.6 views

HTTP Header Injection

Overview @fastify/http-proxy is a proxy http requests, for Fastify Affected versions of this package are vulnerable to HTTP Header Injection via improper handling of the Connection header after proxy-added headers have been set. An attacker can remove headers intended for routing, access control,...

9CVSS5.8AI score0.00441EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/15 11:15 a.m.6 views

HTTP Header Injection

Overview @fastify/reply-from is a forward your HTTP request to another server, for fastify Affected versions of this package are vulnerable to HTTP Header Injection via improper handling of the Connection header after proxy-added headers have been set. An attacker can remove headers intended for...

9CVSS5.8AI score0.00441EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/15 11:15 a.m.7 views

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF in the authentication process. An attacker can modify a user's authentication method by tricking the user into visiting a malicious page. Remediation Upgrade...

8.1CVSS5.8AI score0.00129EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/15 10:16 a.m.10 views

LDAP Injection

Overview Affected versions of this package are vulnerable to LDAP Injection via the parseDN handling and the LDAP store helpers in X509LDAPCertStoreSpi and LDAPStoreHelper. An attacker can influence LDAP search filters by supplying a crafted X.500 subject or issuer string that is parsed into an...

7.3CVSS5.7AI score0.00527EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/15 10:16 a.m.8 views

LDAP Injection

Overview org.bouncycastle:bcprov-jdk14 is a Java implementation of cryptographic algorithms. Affected versions of this package are vulnerable to LDAP Injection via the parseDN handling and the LDAP store helpers in X509LDAPCertStoreSpi and LDAPStoreHelper. An attacker can influence LDAP search...

7.3CVSS5.7AI score0.00527EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/15 10:16 a.m.6 views

LDAP Injection

Overview Affected versions of this package are vulnerable to LDAP Injection via the parseDN handling and the LDAP store helpers in X509LDAPCertStoreSpi and LDAPStoreHelper. An attacker can influence LDAP search filters by supplying a crafted X.500 subject or issuer string that is parsed into an...

7.3CVSS5.7AI score0.00527EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/15 10:16 a.m.7 views

LDAP Injection

Overview Affected versions of this package are vulnerable to LDAP Injection via the parseDN handling and the LDAP store helpers in X509LDAPCertStoreSpi and LDAPStoreHelper. An attacker can influence LDAP search filters by supplying a crafted X.500 subject or issuer string that is parsed into an...

7.3CVSS5.7AI score0.00527EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/15 10:16 a.m.7 views

LDAP Injection

Overview org.bouncycastle:bcprov-jdk15to18 is a Java implementation of cryptographic algorithms. Affected versions of this package are vulnerable to LDAP Injection via the parseDN handling and the LDAP store helpers in X509LDAPCertStoreSpi and LDAPStoreHelper. An attacker can influence LDAP searc...

7.3CVSS5.7AI score0.00527EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/15 10:16 a.m.6 views

LDAP Injection

Overview Affected versions of this package are vulnerable to LDAP Injection via the parseDN handling and the LDAP store helpers in X509LDAPCertStoreSpi and LDAPStoreHelper. An attacker can influence LDAP search filters by supplying a crafted X.500 subject or issuer string that is parsed into an...

7.3CVSS5.7AI score0.00527EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/15 10:16 a.m.13 views

Use of a Broken or Risky Cryptographic Algorithm

Overview Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm due to the generateCTR process in G3413CTRBlockCipher. An attacker can recover relationships between encrypted plaintext blocks by driving the cipher past its counter range and causing th...

9.3CVSS5.7AI score0.00313EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/15 10:16 a.m.7 views

Use of a Broken or Risky Cryptographic Algorithm

Overview Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm due to the generateCTR process in G3413CTRBlockCipher. An attacker can recover relationships between encrypted plaintext blocks by driving the cipher past its counter range and causing th...

9.3CVSS5.7AI score0.00313EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/15 10:16 a.m.11 views

Use of a Broken or Risky Cryptographic Algorithm

Overview org.bouncycastle:bcprov-jdk15to18 is a Java implementation of cryptographic algorithms. Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm due to the generateCTR process in G3413CTRBlockCipher. An attacker can recover relationships betwee...

9.3CVSS5.7AI score0.00313EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/15 10:16 a.m.9 views

Use of a Broken or Risky Cryptographic Algorithm

Overview Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm due to the generateCTR process in G3413CTRBlockCipher. An attacker can recover relationships between encrypted plaintext blocks by driving the cipher past its counter range and causing th...

9.3CVSS5.7AI score0.00313EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/15 10:16 a.m.9 views

Use of a Broken or Risky Cryptographic Algorithm

Overview Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm due to the generateCTR process in G3413CTRBlockCipher. An attacker can recover relationships between encrypted plaintext blocks by driving the cipher past its counter range and causing th...

9.3CVSS5.7AI score0.00313EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/15 10:16 a.m.12 views

Use of a Broken or Risky Cryptographic Algorithm

Overview org.bouncycastle:bcprov-jdk14 is a Java implementation of cryptographic algorithms. Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm due to the generateCTR process in G3413CTRBlockCipher. An attacker can recover relationships between...

9.3CVSS5.7AI score0.00313EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/15 10:13 a.m.3 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the AEADEncDataPacket parser in AEADEncDataPacket.java. An attacker can crash packet parsing by supplying an AEAD-encrypted OpenPGP packet with an out-of-range chunk size valu...

8.7CVSS5.7AI score0.00758EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/15 10:13 a.m.4 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the AEADEncDataPacket parser in AEADEncDataPacket.java. An attacker can crash packet parsing by supplying an AEAD-encrypted OpenPGP packet with an out-of-range chunk size valu...

8.7CVSS5.7AI score0.00758EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/15 10:13 a.m.6 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the AEADEncDataPacket parser in AEADEncDataPacket.java. An attacker can crash packet parsing by supplying an AEAD-encrypted OpenPGP packet with an out-of-range chunk size valu...

8.7CVSS5.7AI score0.00758EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/15 10:13 a.m.5 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the AEADEncDataPacket parser in AEADEncDataPacket.java. An attacker can crash packet parsing by supplying an AEAD-encrypted OpenPGP packet with an out-of-range chunk size valu...

8.7CVSS5.7AI score0.00758EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/15 10:13 a.m.4 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the AEADEncDataPacket parser in AEADEncDataPacket.java. An attacker can crash packet parsing by supplying an AEAD-encrypted OpenPGP packet with an out-of-range chunk size valu...

8.7CVSS5.7AI score0.00758EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/15 10:13 a.m.4 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the AEADEncDataPacket parser in AEADEncDataPacket.java. An attacker can crash packet parsing by supplying an AEAD-encrypted OpenPGP packet with an out-of-range chunk size valu...

8.7CVSS5.7AI score0.00758EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/15 10:13 a.m.9 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the verifybyte expected function in JcaContentVerifierProviderBuilder. An attacker can forge a protected CMP/PKI message by supplying an empty composite signature sequence that...

9.2CVSS5.7AI score0.00392EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/15 10:13 a.m.6 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the verifybyte expected function in JcaContentVerifierProviderBuilder. An attacker can forge a protected CMP/PKI message by supplying an empty composite signature sequence that...

9.2CVSS5.7AI score0.00392EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/15 10:13 a.m.9 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the verifybyte expected function in JcaContentVerifierProviderBuilder. An attacker can forge a protected CMP/PKI message by supplying an empty composite signature sequence that...

9.2CVSS5.7AI score0.00392EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/15 10:13 a.m.7 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the verifybyte expected function in JcaContentVerifierProviderBuilder. An attacker can forge a protected CMP/PKI message by supplying an empty composite signature sequence that...

9.2CVSS5.7AI score0.00392EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/15 10:13 a.m.12 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the verifybyte expected function in JcaContentVerifierProviderBuilder. An attacker can forge a protected CMP/PKI message by supplying an empty composite signature sequence that...

9.2CVSS5.7AI score0.00392EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/15 10:13 a.m.8 views

Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack through the sample and samplematrix functions in FrodoEngine.java. An attacker can recover information about the sampled noise values by observing how long Frodo key generation or encapsulation takes when it processes...

9.9CVSS5.7AI score0.00691EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/15 10:13 a.m.4 views

Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack through the sample and samplematrix functions in FrodoEngine.java. An attacker can recover information about the sampled noise values by observing how long Frodo key generation or encapsulation takes when it processes...

9.9CVSS5.7AI score0.00691EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/15 10:13 a.m.5 views

Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack through the sample and samplematrix functions in FrodoEngine.java. An attacker can recover information about the sampled noise values by observing how long Frodo key generation or encapsulation takes when it processes...

9.9CVSS5.7AI score0.00691EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/15 10:13 a.m.6 views

Timing Attack

Overview org.bouncycastle:bcprov-jdk14 is a Java implementation of cryptographic algorithms. Affected versions of this package are vulnerable to Timing Attack through the sample and samplematrix functions in FrodoEngine.java. An attacker can recover information about the sampled noise values by...

9.9CVSS5.7AI score0.00691EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/15 10:13 a.m.6 views

Timing Attack

Overview org.bouncycastle:bcprov-jdk15to18 is a Java implementation of cryptographic algorithms. Affected versions of this package are vulnerable to Timing Attack through the sample and samplematrix functions in FrodoEngine.java. An attacker can recover information about the sampled noise values ...

9.9CVSS5.7AI score0.00691EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/15 10:13 a.m.9 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the verifybyte expected function in JcaContentVerifierProviderBuilder. An attacker can forge a protected CMP/PKI message by supplying an empty composite signature sequence that...

9.2CVSS5.7AI score0.00392EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/15 10:13 a.m.4 views

Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack through the sample and samplematrix functions in FrodoEngine.java. An attacker can recover information about the sampled noise values by observing how long Frodo key generation or encapsulation takes when it processes...

9.9CVSS5.7AI score0.00691EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/15 3:14 a.m.8 views

Malicious Package

Overview cw-isdk is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/04/15 3:12 a.m.5 views

Malicious Package

Overview snitz-chief-cloud-config is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/04/15 3:12 a.m.4 views

Malicious Package

Overview snitz-chief-cloud is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/04/15 3:12 a.m.6 views

Malicious Package

Overview chief-proxy-out is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/04/15 3:12 a.m.5 views

Malicious Package

Overview pdf-linker is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/04/15 3:12 a.m.3 views

Malicious Package

Overview chief-documentation is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/04/15 3:12 a.m.5 views

Malicious Package

Overview moscova-plural-json-parser is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/04/15 3:7 a.m.7 views

Malicious Package

Overview mongoose-stamps is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/04/15 3:2 a.m.7 views

Malicious Package

Overview ahmedsalemph is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/04/15 2:9 a.m.4 views

Improper Validation of Specified Type of Input

Overview fastify is an overhead web framework, for Node.js. Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input via the schema.body.content when a space is prepended to the Content-Type header. An attacker can bypass input validation by sending...

8.7CVSS5.7AI score0.00408EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/15 1:9 a.m.8 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the zarf package inspect sbom and zarf package inspect documentation subcommands when the output file path is constructed using a user-controlled output directory combined with the untrusted Metadata.Name field...

7.1CVSS6.4AI score0.0032EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/15 1:9 a.m.5 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the zarf package inspect sbom and zarf package inspect documentation subcommands when the output file path is constructed using a user-controlled output directory combined with the untrusted Metadata.Name field...

7.1CVSS6.4AI score0.0032EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/15 1:9 a.m.3 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the zarf package inspect sbom and zarf package inspect documentation subcommands when the output file path is constructed using a user-controlled output directory combined with the untrusted Metadata.Name field...

7.1CVSS6.4AI score0.0032EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/15 12:7 a.m.7 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection in the rules engine process. An attacker can execute arbitrary code on the server, read arbitrary files, steal environment variables including database credentials, and bypass multi-tenant isolation to access da...

9.9CVSS6.3AI score0.00924EPSS
Exploits2References2
Total number of security vulnerabilities32882