Lucene search
K

33544 matches found

Snyk
Snyk
added 2026/04/13 5:34 p.m.5 views

Improper Check for Unusual or Exceptional Conditions

Overview Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions in the bsonvalidate function. An attacker can cause malformed or invalid UTF-8 sequences to bypass validation and be processed incorrectly by submitting specially crafted BSON data to...

7.5CVSS5.8AI score0.00184EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/13 5:15 p.m.11 views

Expired Pointer Dereference

Overview Affected versions of this package are vulnerable to Expired Pointer Dereference in the lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile modules. An attacker can execute arbitrary code or access sensitive information by triggering a use-after-free condition through repeated...

9.2CVSS6.1AI score0.00579EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/13 4:45 p.m.5 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the opjpiinitialiseencode function. An attacker can cause the application to crash or become unresponsive by providing specially crafted input that triggers an integer overflow during encoding...

4.8CVSS4.5AI score0.00112EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/13 4:39 p.m.7 views

Cross-site Scripting (XSS)

Overview github.com/prometheus/prometheus/web/ui is a systems and service monitoring system Affected versions of this package are vulnerable to Cross-site Scripting XSS via various UI components whose innerHTML is rendered unsanitized, based on user input. The metric names and label values used b...

6.1CVSS5.3AI score0.0024EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/13 4:38 p.m.5 views

Improper Encoding or Escaping of Output

Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the getCommand process. An attacker can execute arbitrary operating system commands by supplying specially crafted values to the INFILEENDING or OUTFILEENDING configuration keys, which are...

8.8CVSS6.1AI score0.00861EPSS
Exploits1References3
Snyk
Snyk
added 2026/04/13 4:35 p.m.9 views

Command Injection

Overview simple-git is a light weight interface for running git commands in any node.js application. Affected versions of this package are vulnerable to Command Injection through improper option parsing in the clone method. An attacker can execute arbitrary system commands by supplying specially...

9.8CVSS6AI score0.02712EPSS
Exploits2References2
Snyk
Snyk
added 2026/04/13 4:35 p.m.4 views

Command Injection

Overview org.webjars.npm:simple-git is an A light weight interface for running git commands in any node.js application. Affected versions of this package are vulnerable to Command Injection through improper option parsing in the clone method. An attacker can execute arbitrary system commands by...

9.8CVSS7.6AI score0.02712EPSS
Exploits2References2
Snyk
Snyk
added 2026/04/13 4:12 p.m.4 views

Insertion of Sensitive Information into Log File

Overview apache-airflow-task-sdk is a The Apache Airflow Task SDK includes interfaces for Dag authors and Task execution logic for Python. Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File which had masksecret applied. The DAG run logs UI exposes...

7.5CVSS5.9AI score0.00439EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/13 4:12 p.m.6 views

Deserialization of Untrusted Data

Overview keras is a Keras is a high-level neural networks API for Python.. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the TFSMLayer class. An attacker can execute arbitrary code by providing a malicious TensorFlow SavedModel during deserialization of...

8.8CVSS7.6AI score0.00328EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/13 4:12 p.m.8 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the XCom API. A privileged DAG Author can execute code on the webserver by invoking a class via legacy serialization keys type/var. Details Serialization is a process of converting an object into a...

8.8CVSS6AI score0.00592EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/13 4:12 p.m.4 views

Deserialization of Untrusted Data

Overview apache-airflow-task-sdk is a The Apache Airflow Task SDK includes interfaces for Dag authors and Task execution logic for Python. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the XCom API. A privileged DAG Author can execute code on the...

8.8CVSS6.1AI score0.00592EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/13 3:45 p.m.4 views

Malicious Package

Overview @lamoda/seller-ui-kit is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/13 3:33 p.m.8 views

Malicious Package

Overview upstartloans is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/13 3:33 p.m.7 views

Malicious Package

Overview upstart-offer-container is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/13 3:33 p.m.4 views

Malicious Package

Overview upstartdr is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/13 3:33 p.m.6 views

Malicious Package

Overview upstartapplicationstatus is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/13 3:33 p.m.7 views

Malicious Package

Overview upstartportal is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/13 3:33 p.m.6 views

Malicious Package

Overview upstartadmindashboard- is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/13 3:33 p.m.6 views

Malicious Package

Overview upstart.previewcss is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/13 3:33 p.m.5 views

Malicious Package

Overview upstart-loan-status is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/13 3:33 p.m.11 views

Malicious Package

Overview upstart-lending-status is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/13 3:33 p.m.4 views

Malicious Package

Overview paysafe-apple-pay is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/13 3:33 p.m.3 views

Malicious Package

Overview paysafe-venmo is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/13 3:33 p.m.7 views

Malicious Package

Overview walmart-internal is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/13 3:33 p.m.10 views

Malicious Package

Overview upstartautoretailadmin is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/13 3:33 p.m.4 views

Malicious Package

Overview paysafe-payments-sdk-common is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/13 3:33 p.m.6 views

Malicious Package

Overview paysafe-google-pay is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/13 3:33 p.m.7 views

Malicious Package

Overview paysafe-card-payments is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/13 3:31 p.m.4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the SW-URL header in the MCP server. An attacker can access internal resources and potentially exfiltrate sensitive information by sending crafted requests that are processed by the server. Remediati...

7.1CVSS5.8AI score0.00346EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/13 3:31 p.m.4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the SW-URL header in the MCP server. An attacker can access internal resources and potentially exfiltrate sensitive information by sending crafted requests that are processed by the server. Remediati...

7.1CVSS5.8AI score0.00346EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/13 3:25 p.m.5 views

Malicious Package

Overview @dtc-campaign-wizard/campaign-wizard is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization a...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/13 3:25 p.m.6 views

Malicious Package

Overview @ids-alpha/theme is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/13 3:25 p.m.4 views

Malicious Package

Overview @mx-shared/utils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/13 3:25 p.m.5 views

Malicious Package

Overview @pes-ui/components is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/13 3:25 p.m.4 views

Malicious Package

Overview @op-microfrontends/config is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/13 3:25 p.m.5 views

Malicious Package

Overview @spoonflower/ui is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/13 3:25 p.m.6 views

Malicious Package

Overview @hrb-web/nuxt is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/13 3:25 p.m.9 views

Malicious Package

Overview @sap-px/pxapi is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/13 3:25 p.m.6 views

Malicious Package

Overview @kucoin-gbiz-next/tools is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/13 3:25 p.m.6 views

Malicious Package

Overview @sage-active/ui is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/13 3:25 p.m.4 views

Malicious Package

Overview @zgny/onboarding-consumer is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/13 3:25 p.m.6 views

Malicious Package

Overview @sports-api/api-sdk is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/13 3:25 p.m.6 views

Malicious Package

Overview @spreadjs/js-calc is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/13 3:25 p.m.8 views

Malicious Package

Overview @relxui/react is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/13 3:25 p.m.4 views

Malicious Package

Overview gp-auth-lib is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/13 3:25 p.m.5 views

Malicious Package

Overview @aircall-ecosystem/integrations-msteams-frontend is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/13 3:25 p.m.8 views

Malicious Package

Overview wm-plugin-wm-smart-tip-dont-embed-tooltip is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/13 3:25 p.m.6 views

Malicious Package

Overview @ascend-ops/web-client is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/13 3:25 p.m.4 views

Malicious Package

Overview @amplify-js/datastore is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/13 3:25 p.m.4 views

Malicious Package

Overview @bokehjs/core is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Total number of security vulnerabilities33544