Lucene search
K

33544 matches found

Snyk
Snyk
added 2026/04/13 3:25 p.m.8 views

Malicious Package

Overview @guards-lib/auth is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/13 3:25 p.m.8 views

Malicious Package

Overview @hmm-app/api is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/13 3:25 p.m.8 views

Malicious Package

Overview @hpcc/js-api is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/13 3:25 p.m.6 views

Malicious Package

Overview @bookiply/core is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/13 3:25 p.m.4 views

Malicious Package

Overview viewer-assets-generator is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/13 3:25 p.m.6 views

Malicious Package

Overview @cash-web/no-hardcoded-font-styles is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/13 3:25 p.m.9 views

Malicious Package

Overview portal-common-ui is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/13 3:25 p.m.10 views

Malicious Package

Overview wm-plugin-visions-recorder is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/13 3:25 p.m.6 views

Malicious Package

Overview babel-plugin-fbtee is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/13 3:25 p.m.8 views

Malicious Package

Overview etsy-advocacy is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/13 3:25 p.m.6 views

Malicious Package

Overview cms-site-api-js-client is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/13 3:25 p.m.9 views

Malicious Package

Overview ccn-common-react-library is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/13 3:25 p.m.6 views

Malicious Package

Overview stats-api-js-client is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/13 3:25 p.m.7 views

Malicious Package

Overview ih-icon is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/13 3:25 p.m.7 views

Malicious Package

Overview twilio-video.js is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/13 3:25 p.m.8 views

Malicious Package

Overview trade-in-lib is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/13 3:25 p.m.4 views

Malicious Package

Overview mdb-react-sortable is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/13 3:25 p.m.6 views

Malicious Package

Overview dwaiter-company-web is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/13 3:25 p.m.7 views

Malicious Package

Overview symphony-core is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/13 3:25 p.m.6 views

Malicious Package

Overview experian-design-system-themes is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/13 3:25 p.m.6 views

Malicious Package

Overview kaltura-ngx-client is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/13 3:14 p.m.8 views

Malicious Package

Overview @b2b-portal/uch is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/13 3:14 p.m.7 views

Malicious Package

Overview @b2b-portal/core is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/13 3:14 p.m.7 views

Malicious Package

Overview @b2b-portal/form is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/13 3:14 p.m.5 views

Malicious Package

Overview @b2b-portal/kit is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/13 3:13 p.m.4 views

Stack-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow in the experimental/tinyobjloaderopt.h process. An attacker can cause the application to crash or become unresponsive by supplying a specially crafted .mtl file. Remediation A fix was pushed into the master...

6.8CVSS5.8AI score0.00173EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/13 12:31 p.m.3 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the TGT credential field via the Nimbus Thrift API, due to deserialization of base64-encoded data using ObjectInputStream.readObject without class filtering or validation. A user with topology...

8.8CVSS6.5AI score0.01011EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/13 12:31 p.m.3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the parseNode and parseEdge functions when topology metadata such as component IDs, stream names, or grouping values are interpolated into HTML without proper sanitization. An attacker can execute arbitrary...

5.4CVSS5.8AI score0.00466EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/13 12:10 p.m.3 views

Cross-site Scripting (XSS)

Overview librenms/librenms is a fully featured network monitoring system that provides a wealth of features and device support. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the showconfig page when administrative privileges are present. An attacker can execute...

4.8CVSS5.8AI score0.00225EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/13 9:31 a.m.4 views

Arbitrary Code Injection

Overview google-adk is an Agent Development Kit Affected versions of this package are vulnerable to Arbitrary Code Injection via the the builder UI on Python OSS, Cloud Run, and GKEdue to missing authentication in the process. An attacker can execute arbitrary code on the server by uploading YAML...

10CVSS6.3AI score0.01816EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/13 12:0 a.m.7 views

Improper Certificate Validation

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Improper Certificate Validation via packed self-attestation in WebAuthn registration. An attacker can bypass...

3.1CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/13 12:0 a.m.8 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the readglobalparam function. An attacker can cause the application to crash or become unavailable by supplying specially crafted input that triggers an out-of-bounds read. Remediation Upgrade ffmpeg to version...

8.7CVSS6.6AI score0.00337EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/13 12:0 a.m.9 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through improper resource deallocation in the zmqsend.c process. An attacker can cause the application to become unresponsive or crash by providing specially crafted input. Remediatio...

8.7CVSS5.8AI score0.004EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/13 12:0 a.m.8 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the avbprintfinalize function. An attacker can cause a crash or make the application unavailable by sending specially crafted input that triggers a heap buffer overflow. Remediation A fix was pushed into th...

9.2CVSS5.9AI score0.00452EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/13 12:0 a.m.6 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the readelf process. An attacker can cause the process to become unresponsive or crash by enticing a user to execute it on a specially crafted ELF file, resulting in resource exhaustion or a segmentation...

6.8CVSS5.6AI score0.00104EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/13 12:0 a.m.8 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the readelf process. An attacker can cause the application to crash or exhaust system resources by convincing a user to process a specially crafted ELF file. Workaround This vulnerability can be mitigated by...

5.1CVSS5.5AI score0.00126EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/12 7:7 p.m.9 views

Integer Underflow (Wrap or Wraparound)

Overview Affected versions of this package are vulnerable to Integer Underflow Wrap or Wraparound via the MakerNote decoding process for Fuji and Olympus cameras. An attacker can cause a crash or leak information by providing specially crafted image files. Remediation Upgrade libexif to version...

7.1CVSS5.3AI score0.0014EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/12 7:7 p.m.4 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the Nikon MakerNote handling process. An attacker can cause crashes or leak information by triggering an unsigned 32-bit integer overflow. This is only exploitable if the system is 32-bit. Remediation...

7.1CVSS5.4AI score0.00094EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/12 2:7 p.m.4 views

SQL Injection

Overview dolibarr/dolibarr is a modern and easy to use web software to manage your business. Affected versions of this package are vulnerable to SQL Injection via the rowid parameter in the admin/dict.php process. An attacker can access sensitive database information and partially modify data by...

9.1CVSS6AI score0.00311EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/12 11:0 a.m.5 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection in the SpelHelper.parseExpression function of the /warm-flow/save-json endpoint when handling the listenerPath, skipCondition, or permissionFlag arguments. An attacker can execute arbitrary code by supplying...

6.5CVSS7AI score0.00301EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/12 6:3 a.m.4 views

Arbitrary Code Injection

Overview AstrBot is a 易上手的多平台 LLM 聊天机器人及开发框架 Affected versions of this package are vulnerable to Arbitrary Code Injection via the installpluginupload function. An attacker can execute unauthorized code and potentially compromise the application by uploading a crafted file to the affected endpoint...

8.8CVSS6.8AI score0.00224EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/12 6:3 a.m.8 views

Server-side Request Forgery (SSRF)

Overview AstrBot is a 易上手的多平台 LLM 聊天机器人及开发框架 Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the postdata.get function of the API Endpoint component. An attacker can access internal resources or perform unauthorized requests by sending crafted requests to...

7.7CVSS6.6AI score0.00257EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/12 6:2 a.m.5 views

Arbitrary Code Injection

Overview AstrBot is a 易上手的多平台 LLM 聊天机器人及开发框架 Affected versions of this package are vulnerable to Arbitrary Code Injection via the addmcpserver function in the MCP Endpoint component when processing untrusted input in the command argument. An attacker can execute arbitrary system commands by...

8.8CVSS6.8AI score0.02304EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/12 3:30 a.m.6 views

Server-side Request Forgery (SSRF)

Overview metagpt is a The Multi-Agent Framework Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the decodeimage function in the file metagpt/utils/common.py when processing the imgurlorb64 argument. An attacker can access internal resources or perform...

6.5CVSS6.2AI score0.00263EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/12 3:30 a.m.3 views

Cross-site Request Forgery (CSRF)

Overview metagpt is a The Multi-Agent Framework Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the evaluateCode function in the Mineflayer HTTP API. An attacker can execute unauthorized actions by tricking a user into making unwanted requests. Remediation...

8.8CVSS4.9AI score0.00224EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/12 3:30 a.m.8 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview metagpt is a The Multi-Agent Framework Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the generatethoughts function in the Tree-of-Thought Solver component. An attacker can execute...

9.8CVSS7.8AI score0.00409EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/11 3:30 a.m.9 views

Command Injection

Overview aws-mcp is an AWS Model Context Protocol Server Affected versions of this package are vulnerable to Command Injection via improper validation of user-supplied input in the allowed commands process. An attacker can execute arbitrary system commands by supplying crafted input that is used ...

9.8CVSS7.5AI score0.01908EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/10 10:11 p.m.4 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the cloudstore.file.upload action. An attacker can write arbitrary files to the filesystem and potentially execute code by supplying crafted filenames that exploit path traversal and zip slip vulnerabilities...

9.8CVSS6.3AI score
Exploits0References2
Snyk
Snyk
added 2026/04/10 10:11 p.m.5 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the cloudstore.file.upload action. An attacker can write arbitrary files to the filesystem and potentially execute code by supplying crafted filenames that exploit path traversal and zip slip vulnerabilities...

9.8CVSS6.3AI score
Exploits0References2
Snyk
Snyk
added 2026/04/10 10:11 p.m.5 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the cloudstore.file.upload action. An attacker can write arbitrary files to the filesystem and potentially execute code by supplying crafted filenames that exploit path traversal and zip slip vulnerabilities...

9.8CVSS6.3AI score
Exploits0References2
Total number of security vulnerabilities33544