Lucene search
K

35547 matches found

Snyk
Snyk
•added 2026/07/06 6:52 p.m.•4 views

Malicious Package

Overview emojiprint-prettier is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/06 6:52 p.m.•3 views

Malicious Package

Overview emojiprint-logger is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/06 6:52 p.m.•5 views

Malicious Package

Overview cjs-biginteger is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/06 6:52 p.m.•4 views

Malicious Package

Overview devkit-scripts is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/06 6:52 p.m.•5 views

Malicious Package

Overview chain-await-test is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/06 6:52 p.m.•3 views

Malicious Package

Overview cookie-ease is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/06 6:52 p.m.•3 views

Malicious Package

Overview chalks-logger is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/06 6:51 p.m.•4 views

Malicious Package

Overview chalk-logger-prettier is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/06 6:51 p.m.•6 views

Malicious Package

Overview chalk-prettier is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/06 6:51 p.m.•2 views

Malicious Package

Overview chai-dec is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/06 6:51 p.m.•5 views

Malicious Package

Overview bytecore is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/06 6:51 p.m.•3 views

Malicious Package

Overview chai-as-polished is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/06 6:51 p.m.•2 views

Malicious Package

Overview chai-as-init is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/06 6:51 p.m.•6 views

Malicious Package

Overview bubblestr is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/06 6:51 p.m.•5 views

Malicious Package

Overview chai-as-decrypted is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/06 6:51 p.m.•3 views

Malicious Package

Overview bn-eslint.js is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/06 6:51 p.m.•3 views

Malicious Package

Overview bjs-lint-builder is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/06 6:51 p.m.•3 views

Malicious Package

Overview bigint.os is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/06 6:50 p.m.•5 views

Malicious Package

Overview btd-smart is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/06 6:50 p.m.•3 views

Malicious Package

Overview bn-math is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/06 6:50 p.m.•5 views

Malicious Package

Overview bjs-lint-builders is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/06 6:50 p.m.•3 views

Malicious Package

Overview bjs-biginteger is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/06 6:50 p.m.•4 views

Malicious Package

Overview bigint.fs is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/06 6:50 p.m.•2 views

Malicious Package

Overview big256-ts is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/06 6:50 p.m.•3 views

Malicious Package

Overview big-numerator is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/06 6:50 p.m.•6 views

Malicious Package

Overview big-numer is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/06 6:50 p.m.•5 views

Malicious Package

Overview big-numerate is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/06 6:49 p.m.•3 views

Malicious Package

Overview argonflux is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/06 6:49 p.m.•5 views

Malicious Package

Overview awesome-cli-logger is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/06 6:41 p.m.•3 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data through the deserialize function. An attacker can execute arbitrary code by supplying a crafted serialized payload to the deserialize function, which is processed without proper input filtering. Details...

9.8CVSS6.2AI score0.08786EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/06 6:3 p.m.•5 views

Malicious Package

Overview ts-webplug is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/06 6:3 p.m.•3 views

Malicious Package

Overview vite-config-field is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/06 6:3 p.m.•5 views

Malicious Package

Overview ts-eslint-helper is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/06 6:2 p.m.•6 views

Malicious Package

Overview rollup-plugin-polyfill-handler is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and thi...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/06 6:2 p.m.•4 views

Malicious Package

Overview react-next-dom is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/06 6:1 p.m.•8 views

Malicious Package

Overview mongoose-lean-hooks is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/06 6:0 p.m.•5 views

Malicious Package

Overview db-query-log is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/06 6:0 p.m.•5 views

Malicious Package

Overview chalk-plus-ts is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/06 5:41 p.m.•4 views

Missing Authentication for Critical Function

Overview flyto-core is an A workflow engine with 412 built-in modules. Trace every step. Replay from any point. Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the executemodule process. An attacker can execute arbitrary operating system comman...

8.6CVSS6.2AI score
Exploits0References3
Snyk
Snyk
•added 2026/07/06 5:30 p.m.•4 views

Server-side Request Forgery (SSRF)

Overview flyto-core is an A workflow engine with 412 built-in modules. Trace every step. Replay from any point. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the validateurlssrf process. An attacker can access internal or sensitive resources by submitting...

7.1CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/06 5:30 p.m.•4 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Scriban is a Scriban is a fast, powerful, safe and lightweight scripting language and engine for .NET, which was primarily developed for text templating with a compatibility mode for parsing liquid templates. Today, not only Scriban can be used in text templating scenarios, but also can ...

8.7CVSS6AI score
Exploits0References3
Snyk
Snyk
•added 2026/07/06 5:29 p.m.•5 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview weasyprint is a The Awesome Document Factory Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' in the processing of presentational hints when unescaped attribute values are embedded into CS...

6.9CVSS6.1AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/06 5:3 p.m.•2 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the Envoy admin socket when L7 functionality is enabled. An attacker can access sensitive information or disrupt cluster operations by connecting to the world-accessible socket and invoking administrative...

9.2CVSS6AI score0.00017EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/06 4:52 p.m.•3 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the assetPredictedDatapointService.updateValues process. An attacker can modify predicted datapoints for assets by sending write requests to the predicted datapoint endpoint using only read-level privileges...

5.3CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/06 4:52 p.m.•4 views

Improper Neutralization of Special Elements Used in a Template Engine

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine via the Hidden::getFrontEndInputOptions process. An attacker can execute arbitrary code, access sensitive information, or modify application state by supplying...

9.8CVSS6.1AI score
Exploits0References2
Snyk
Snyk
•added 2026/07/06 12:40 p.m.•4 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes in the processing of Exchange headers that are not prefixed with 'Camel', which bypasses the HeaderFilterStrategy. An attacker can override operations by...

7.3CVSS6AI score0.00399EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/06 12:40 p.m.•5 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the handling of Exchange headers that are not prefixed with 'Camel', which bypass the HeaderFilterStrategy process. An attacker can override operations b...

7.3CVSS6AI score0.00399EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/06 12:40 p.m.•5 views

Directory Traversal

Overview apache-airflow-providers-google is a Provider for Apache Airflow. Implements apache-airflow-providers-google package Affected versions of this package are vulnerable to Directory Traversal through GCSToSFTPOperator.resolvedestinationpath in...

8.1CVSS6.5AI score0.01058EPSS
Exploits1References2
Snyk
Snyk
•added 2026/07/06 12:40 p.m.•4 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes in the filter process. An attacker can bypass intended security restrictions by supplying specially crafted argument headers that are not properly validated...

7.3CVSS6AI score0.00399EPSS
Exploits0References2
Snyk
Snyk
•added 2026/07/06 12:40 p.m.•4 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes in the filter process. An attacker can bypass intended security restrictions by supplying specially crafted argument headers that are not properly validated...

7.3CVSS6AI score0.00399EPSS
Exploits0References2
Total number of security vulnerabilities35547