Lucene search
+L

36451 matches found

Snyk
Snyk
added 2026/07/08 6:47 p.m.19 views

Prototype Pollution

Overview protobufjs is a protocol buffer for JavaScript & TypeScript. Affected versions of this package are vulnerable to Prototype Pollution through the textformat file. An attacker can modify the prototype of the returned map object by supplying a specially crafted map entry with the key proto...

8.3CVSS6.5AI score0.00219EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/08 6:47 p.m.6 views

Allocation of Resources Without Limits or Throttling

Overview tar is a full-featured Tar for Node.js. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of enforced upper bounds on total decompressed data, entry counts, or decompression ratio in extraction and parsing paths such ...

9.2CVSS6.1AI score0.00358EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/08 6:47 p.m.5 views

Directory Traversal

Overview bbot is an OSINT automation for hackers. Affected versions of this package are vulnerable to Directory Traversal via the githubworkflows process. An attacker can write files outside the intended output directory by supplying a crafted CODEREPOSITORY URL containing directory traversal...

3.1CVSS6.5AI score0.00198EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/08 6:46 p.m.7 views

Symlink Attack

Overview bbot is an OSINT automation for hackers. Affected versions of this package are vulnerable to Symlink Attack in the unarchive process when extracting zip or 7z archives containing symlink entries with a DOS-attribute prefix before the unix mode, as produced by legacy versions of p7zip. An...

3.1CVSS6.2AI score0.00291EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/08 6:46 p.m.6 views

Inefficient Algorithmic Complexity

Overview js-yaml is a human-friendly data serialization language. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in the omapTag.addItem function of src/tag/sequence/omap.ts, which performs a linear scan for duplicate keys on every insertion into an ordered...

7.5CVSS6.5AI score0.00358EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/08 6:46 p.m.6 views

Prototype Pollution

Overview cyberchef is a simple, intuitive web app for carrying out all manner of "cyber" operations within a web browser. Affected versions of this package are vulnerable to Prototype Pollution leading to cross-site scripting in the Series Chart operation and the objToTable function in...

5CVSS6.5AI score0.00094EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/08 6:46 p.m.9 views

Server-side Request Forgery (SSRF)

Overview repomix is an A tool to pack repository contents to single file for AI consumption Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the processRemoteRepo path in POST /api/pack and its repository URL handling before git clone. An attacker can...

9.3CVSS6.2AI score0.00324EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/08 6:46 p.m.10 views

Infinite loop

Overview protobufjs is a protocol buffer for JavaScript & TypeScript. Affected versions of this package are vulnerable to Infinite loop in the option parsing. An attacker can cause the application to enter an infinite loop by submitting a crafted .proto schema that opens an option declaration and...

8.7CVSS6.2AI score0.0037EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/08 6:46 p.m.6 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the setListBounds function in src/List.js when handling an index or size in the range 2 30 to 2 31. An attacker can cause an empty list to enter an uncatchable infinite loop, trigger unbounded memory...

8.7CVSS6.1AI score0.0037EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/08 6:46 p.m.8 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the setListBounds function in src/List.js when handling an index or size in the range 2 30 to 2 31. An attacker can cause an empty list to enter an uncatchable infinite loop, trigger unbounded memory...

8.7CVSS6.1AI score0.0037EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/08 6:46 p.m.6 views

Incorrect Type Conversion or Cast

Overview tar is a full-featured Tar for Node.js. Affected versions of this package are vulnerable to Incorrect Type Conversion or Cast via the src/pax.ts file. An attacker can cause a process crash by providing all-digit PAX path or linkpath values that are coerced to JavaScript numbers, leading ...

7.5CVSS6.1AI score0.00358EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/08 6:46 p.m.6 views

Cross-site Scripting (XSS)

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Cross-site Scripting XSS via the cx class-name handling in src/helper/css/index.ts. An attacker can inject arbitrary HTML into rendered JSX by supplying a malicious class string to cx...

6.1CVSS6.2AI score0.00187EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/08 6:46 p.m.7 views

Inefficient Algorithmic Complexity

Overview Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity via the HashCollisionNode class in Immutable.Map and Immutable.Set. An attacker can cause excessive CPU consumption by supplying a large number of keys with identical 32-bit hashes, leading to degraded...

8.7CVSS6.1AI score0.0037EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/08 6:46 p.m.7 views

Use of Less Trusted Source

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Use of Less Trusted Source through the getHeaders processing in the AWS API Gateway v1 EventV1Processor and the Lattice LatticeV2Processor. An attacker can cause a repeated header value t...

6.3CVSS6.1AI score0.00126EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/08 6:46 p.m.9 views

Inefficient Algorithmic Complexity

Overview Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity via the HashCollisionNode class in Immutable.Map and Immutable.Set. An attacker can cause excessive CPU consumption by supplying a large number of keys with identical 32-bit hashes, leading to degraded...

8.7CVSS6.1AI score0.0037EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/08 6:46 p.m.6 views

Inefficient Algorithmic Complexity

Overview Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity through the parsing process in formatting.py when handling long sequences of , ==, or ^^ markers. An attacker can cause excessive CPU consumption by submitting specially crafted input containing long...

8.7CVSS6.1AI score0.00366EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/08 6:46 p.m.5 views

Origin Validation Error

Overview Affected versions of this package are vulnerable to Origin Validation Error via the CookieJar process. An attacker can access or manipulate cookies belonging to other hosts by exploiting improper domain matching for IP-address or bare-numeric domains. Remediation Upgrade guzzlehttp/guzzl...

6.1CVSS6.1AI score0.00115EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/08 6:46 p.m.6 views

Inefficient Algorithmic Complexity

Overview org.webjars.npm:linkify-it is a Links recognition library with FULL unicode support Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in the mailto: validator scan-loop on attacker-supplied text. An attacker can cause excessive CPU consumption by...

8.7CVSS6.1AI score0.00346EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/08 6:46 p.m.7 views

Inefficient Algorithmic Complexity

Overview linkify-it is a Links recognition library with FULL unicode support Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in the mailto: validator scan-loop on attacker-supplied text. An attacker can cause excessive CPU consumption by submitting specially...

8.7CVSS6.1AI score0.00346EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/08 6:46 p.m.4 views

Uncaught Exception

Overview @opentelemetry/propagator-jaeger is an OpenTelemetry Jaeger propagator provides HTTP header propagation for systems that are using Jaeger HTTP header format. Affected versions of this package are vulnerable to Uncaught Exception via the JaegerPropagator class when handling incoming HTTP...

8.7CVSS6.1AI score0.00436EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/08 6:46 p.m.6 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the renderadmonition function. An attacker can execute arbitrary scripts in the context of the user by injecting malicious content into the :class: option of the Admonition directive, which is not properly...

6.1CVSS6.2AI score0.00191EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/08 6:46 p.m.8 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the safeurl process. An attacker can inject malicious URLs into rendered href and src attributes by crafting links that use legacy or chained schemes, potentially leading to script execution in affected user...

6.1CVSS6.1AI score0.00198EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/08 6:46 p.m.8 views

Insufficient Verification of Data Authenticity

Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity via the toc process. An attacker can interfere with same-page navigation, CSS selectors, or JavaScript handlers by creating content with predictable id attributes that collide with...

5.3CVSS6.1AI score0.00128EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/08 6:46 p.m.6 views

Inefficient Algorithmic Complexity

Overview Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in the inlineparser process. An attacker can cause excessive resource consumption by submitting input containing long sequences of double-asterisk or triple-asterisk emphasis pairs, leading to...

8.7CVSS6.1AI score0.00358EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/08 6:46 p.m.7 views

Improper Handling of Unicode Encoding

Overview Affected versions of this package are vulnerable to Improper Handling of Unicode Encoding in the process that applies exclusion directives from MANIFEST.in due to improper Unicode normalization handling on macOS APFS or HFS+ filesystems. An attacker can cause unintended files to be...

6.9CVSS6.1AI score0.0029EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/08 6:46 p.m.9 views

Use of Non-Canonical URL Paths for Authorization Decisions

Overview astro is an Astro is a modern site builder with web best practices, performance, and DX front-of-mind. Affected versions of this package are vulnerable to Use of Non-Canonical URL Paths for Authorization Decisions in validateAndDecodePathname and rewrite routing in findRouteToRewrite. An...

8.8CVSS6AI score0.00267EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/08 6:46 p.m.7 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the safeurl function. An attacker can execute arbitrary scripts in the rendered HTML by supplying specially crafted percent-encoded javascript URIs in Markdown links or images. Details Cross-site scripting o...

6.1CVSS6.2AI score0.00199EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/08 6:45 p.m.5 views

Inefficient Algorithmic Complexity

Overview Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity via the blockparser process. An attacker can cause excessive CPU consumption by submitting specially crafted Markdown documents containing numerous repeated or distinct reference-link definitions...

8.7CVSS6.1AI score0.00366EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/08 6:45 p.m.6 views

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion through the include process. An attacker can cause the application to crash by creating two markdown files that recursively include each other, leading to unbounded recursion and a RecursionError. Remediation...

6.9CVSS6.1AI score0.00307EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/08 6:45 p.m.9 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the HordeVfsSmb process. An attacker can execute arbitrary operating system commands by supplying specially crafted filenames containing command substitution payloads, which are processed in a shell context during...

8.8CVSS6.3AI score0.01803EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/08 6:45 p.m.8 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the sqlite3changesetapplyv3 function when processing a malformed changeset blob. An attacker can cause the application to crash by supplying a specially crafted changeset that leads to a NULL pointer...

8.7CVSS6AI score0.00112EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/08 6:45 p.m.5 views

Infinite loop

Overview tar is a full-featured Tar for Node.js. Affected versions of this package are vulnerable to Infinite loop via the replace method. An attacker can cause the archive scanner to enter an infinite loop by providing a tar header with a negative base-256 encoded entry size. Remediation Upgrade...

8.7CVSS6.1AI score0.00358EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/08 6:45 p.m.7 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the changegroup process. An attacker can access sensitive information by merging crafted changesets through local interaction. Remediation A fix was pushed into the master branch but not yet published. References ...

6.9CVSS6.1AI score0.00111EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/08 6:45 p.m.7 views

Incomplete List of Disallowed Inputs

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs through workspace dotenv loading in the gateway's provider credential resolution path. An attacker can supply a workspace .env file or controlled path...

8.4CVSS6.1AI score0.00192EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/08 6:45 p.m.6 views

Improper Resource Shutdown or Release

Overview engine.io is a realtime engine behind Socket.IO. It provides the foundation of a bidirectional connection between client and server Affected versions of this package are vulnerable to Improper Resource Shutdown or Release through the polling request handler in Polling transport processin...

8.7CVSS6.2AI score0.00354EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/08 6:45 p.m.9 views

Interpretation Conflict

Overview Affected versions of this package are vulnerable to Interpretation Conflict via the assertValidHost function. An attacker can cause security or routing decisions to be made based on a mismatched host by crafting a URI with authority delimiters, embedded ports, or malformed IPv6 brackets...

6.5CVSS6.1AI score0.00186EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/08 6:45 p.m.9 views

Race Condition

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Race Condition through server-side rendering context handling in createContext and useContext. An attacker can read another in-flight request’s provided value by causing an async componen...

8.3CVSS6.2AI score0.00191EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/08 6:44 p.m.5 views

Memory Allocation with Excessive Size Value

Overview pypdf is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the image parsing process. An attacker can cause excessive memory consumption by...

6.9CVSS6.1AI score0.00303EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/08 6:44 p.m.5 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the Include.parse process. An attacker can access arbitrary files outside the intended markdown directory by supplying crafted include paths when markdown files are processed using md.read. Details A Directory...

8.2CVSS6.5AI score0.0034EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/08 6:44 p.m.9 views

Excessive Iteration

Overview pypdf is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to Excessive Iteration via the processing of repeated malformed cross-reference streams. An attacker can cause excessive resource...

7.5CVSS6.1AI score0.00345EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/08 5:14 p.m.5 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the push/pull state-handling process. An attacker can cause memory exhaustion and terminate the process by sending crafted network traffic to the gossip listener. This is only...

7.5CVSS6AI score0.00251EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/08 4:39 p.m.6 views

Cross-site Scripting (XSS)

Overview n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to Cross-site Scripting XSS n the credential management flow, where the Authorization URL field of an OAuth2 credential accepts a javascript: URL that is not sanitized before being wired to the OAuth...

5.4CVSS6.1AI score0.00141EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/08 4:39 p.m.7 views

Incorrect Authorization

Overview n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to Incorrect Authorization in the evaluations test run creation endpoint POST /workflows/workflowId/test-runs/new, which authorizes against the workflow:read scope instead of workflow:execute. A user...

7.4CVSS6.1AI score0.00161EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/08 4:39 p.m.9 views

SQL Injection

Overview n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to SQL Injection in the MySQL v1 node's executeQuery operation, which interpolates evaluated ... expression values directly into raw SQL strings without parameterization. An attacker can execute...

8.8CVSS6.3AI score0.00314EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/08 4:39 p.m.5 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the getAuthorizedSpaces function of the gitspaces endpoint. An attacker can gain unauthorized access to information by sending crafted requests to the affected API endpoint. Remediatio...

5.3CVSS6.1AI score0.00396EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/08 4:39 p.m.7 views

Arbitrary Command Injection

Overview openllm is an OpenLLM: Self-hosting LLMs Made Easy. Affected versions of this package are vulnerable to Arbitrary Command Injection via the asyncruncommand function in the Model Repository Directory Name Handler process. An attacker can execute arbitrary system commands by manipulating t...

7.8CVSS6.4AI score0.01338EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/08 4:39 p.m.6 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via unsanitized data source input in the process. An attacker can execute arbitrary SQL commands and gain unauthorized access to sensitive data or create accounts with attacker-controlled credentials by influencing a...

8.8CVSS6.3AI score0.00371EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/08 4:38 p.m.5 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to the lack of authentication or authorization on the public gRPC port :9080 for the external snapshot import process. An attacker can overwrite and replace the database contents by sendi...

9.1CVSS6.1AI score0.00388EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/08 4:38 p.m.5 views

Missing Authentication for Critical Function

Overview github.com/dgraph-io/dgraph/edgraph is a Dgraph is a horizontally scalable and distributed GraphQL database with a graph backend. Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to the lack of authentication or authorization on the...

9.1CVSS6.1AI score0.00388EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/08 4:38 p.m.5 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to the lack of authentication or authorization on the public gRPC port :9080 for the external snapshot import process. An attacker can overwrite and replace the database contents by sendi...

9.1CVSS6.1AI score0.00388EPSS
Exploits0References2
Total number of security vulnerabilities36451