Lucene search
+L

35986 matches found

snyk
snyk
added 2026/07/02 9:48 a.m.14 views

Malicious Package

Overview vitest-agent is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6AI score
Exploits0References2
snyk
snyk
added 2026/07/02 9:12 a.m.6 views

Missing Authorization

Overview mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Missing Authorization via the beforerequest handler in the trace A...

8.8CVSS7.3AI score0.00348EPSS
Exploits1References2
snyk
snyk
added 2026/07/02 9:12 a.m.8 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the beforerequest handler in the trace API endpoints. An authenticated attacker can bypass access controls by sending trace read, search, delete, update, linking, or assessment requests for experiments they do...

8.8CVSS7.2AI score0.00348EPSS
Exploits1References2
snyk
snyk
added 2026/07/02 8:13 a.m.8 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the FindServers process. An attacker can cause the server to allocate excessive memory by sending a FindServersRequest with an unbounded serverUris field, delivering a very large...

8.7CVSS6.2AI score0.00388EPSS
Exploits0References2
snyk
snyk
added 2026/07/02 7:33 a.m.4 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of enforced limits in the parser when processing JSON input. An attacker can cause excessive CPU and memory consumption by submitting very large or deeply nested JSON...

8.7CVSS6AI score0.00366EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 11:15 p.m.6 views

Cross-site Scripting (XSS)

Overview wagtail is an open source content management system built on Django. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the dynamic image URL generator view within the admin interface. An attacker with a limited-permission editor account can execute arbitrary...

8.5CVSS5.8AI score0.00203EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 11:15 p.m.8 views

Improper Handling of Insufficient Permissions or Privileges

Overview wagtail is an open source content management system built on Django. Affected versions of this package are vulnerable to Improper Handling of Insufficient Permissions or Privileges in the chosen endpoint for Documents and Images, which incorrectly lists items for which the user has not...

5.3CVSS5.9AI score0.00162EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 11:15 p.m.3 views

Improper Handling of Insufficient Permissions or Privileges

Overview wagtail is an open source content management system built on Django. Affected versions of this package are vulnerable to Improper Handling of Insufficient Permissions or Privileges in the simpletranslation process. An attacker can access and create translations for pages without the...

5.3CVSS6AI score0.00162EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 11:14 p.m.6 views

Improper Handling of Insufficient Permissions or Privileges

Overview wagtail is an open source content management system built on Django. Affected versions of this package are vulnerable to Improper Handling of Insufficient Permissions or Privileges via the preview view in wagtail/images/views/images.py. An attacker can preview images they do not have...

6.5CVSS6AI score0.00201EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 11:12 p.m.6 views

Allocation of Resources Without Limits or Throttling

Overview wagtail is an open source content management system built on Django. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the previewrequest, imageid, filterspec view in wagtail/images/views/images.py. An authenticated admin can...

5.1CVSS5.8AI score0.0022EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 10:17 p.m.9 views

Prototype Pollution

Overview jodit is a Jodit is awesome and usefully wysiwyg editor with filebrowser Affected versions of this package are vulnerable to Prototype Pollution via the ConfigMerge and ConfigProto helpers in the configuration code. An attacker can mutate Object.prototype by supplying user-controlled...

6.5CVSS6.5AI score0.00273EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 10:17 p.m.7 views

Prototype Pollution

Overview org.webjars.npm:jodit is a Jodit is awesome and usefully wysiwyg editor with filebrowser Affected versions of this package are vulnerable to Prototype Pollution via the ConfigMerge and ConfigProto helpers in the configuration code. An attacker can mutate Object.prototype by supplying...

6.5CVSS6.5AI score0.00273EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 10:12 p.m.7 views

Cross-site Scripting (XSS)

Overview jodit is a Jodit is awesome and usefully wysiwyg editor with filebrowser Affected versions of this package are vulnerable to Cross-site Scripting XSS via the safeHTML sanitizer in src/core/helpers/html/safe-html.ts and the clean-html plugin’s value-set/on-change sanitization paths. An...

7.2CVSS5.7AI score0.00179EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 10:12 p.m.4 views

Cross-site Scripting (XSS)

Overview org.webjars.npm:jodit is a Jodit is awesome and usefully wysiwyg editor with filebrowser Affected versions of this package are vulnerable to Cross-site Scripting XSS via the safeHTML sanitizer in src/core/helpers/html/safe-html.ts and the clean-html plugin’s value-set/on-change...

7.2CVSS5.7AI score0.00179EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 10:12 p.m.5 views

Cross-site Scripting (XSS)

Overview silverstripe/framework is a PHP framework forming the base for the SilverStripe CMS. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the "Insert media from web" functionality in the CMS is vulnerable to XSS from a specially crafted embed. Details Cross-si...

5.4CVSS5.7AI score0.00263EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 10:9 p.m.8 views

Open Redirect

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Open Redirect via the MCP SSE process. An attacker can access sensitive information by leveraging redirects that forward Authorization headers to unintended recipients. This is only...

7.1CVSS6AI score
Exploits0References3
snyk
snyk
added 2026/07/01 10:2 p.m.4 views

Server-side Request Forgery (SSRF)

Overview @apify/actors-mcp-server is an Apify MCP Server Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the webServerMcpPath field in the Actor definition, which is concatenated with a trusted base URL without proper validation. An attacker can cause...

8.6CVSS6AI score
Exploits0References2
snyk
snyk
added 2026/07/01 9:59 p.m.4 views

Race Condition

Overview Affected versions of this package are vulnerable to Race Condition through the ShareHandler process. An attacker can bypass intended download limits by making concurrent requests with the same share token, allowing multiple unauthorized downloads beyond the configured cap. Remediation...

8.2CVSS6AI score
Exploits0References2
snyk
snyk
added 2026/07/01 9:59 p.m.4 views

Race Condition

Overview Affected versions of this package are vulnerable to Race Condition through the ShareHandler process. An attacker can bypass intended download limits by making concurrent requests with the same share token, allowing multiple unauthorized downloads beyond the configured cap. Remediation...

8.2CVSS6AI score
Exploits0References2
snyk
snyk
added 2026/07/01 9:59 p.m.7 views

Race Condition

Overview Affected versions of this package are vulnerable to Race Condition through the ShareHandler process. An attacker can bypass intended download limits by making concurrent requests with the same share token, allowing multiple unauthorized downloads beyond the configured cap. Remediation...

8.2CVSS6AI score
Exploits0References2
snyk
snyk
added 2026/07/01 9:59 p.m.7 views

Race Condition

Overview Affected versions of this package are vulnerable to Race Condition through the ShareHandler process. An attacker can bypass intended download limits by making concurrent requests with the same share token, allowing multiple unauthorized downloads beyond the configured cap. Remediation...

8.2CVSS6AI score
Exploits0References2
snyk
snyk
added 2026/07/01 9:58 p.m.4 views

Use of Cache Containing Sensitive Information

Overview ghost is a publishing platform Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information in the handling of the x-ghost-preview header when the application is deployed behind a shared caching layer. An attacker can inject malicious content into...

9.6CVSS6AI score0.00244EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 9:56 p.m.3 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass due to improper enforcement of mode-restriction flags in the WebDAV handler. An attacker can gain unauthorized access to modify, delete, or retrieve files by sending crafted WebDAV requests to the affected service...

8.6CVSS6AI score
Exploits0References2
snyk
snyk
added 2026/07/01 9:56 p.m.4 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass due to improper enforcement of mode-restriction flags in the WebDAV handler. An attacker can gain unauthorized access to modify, delete, or retrieve files by sending crafted WebDAV requests to the affected service...

8.6CVSS6AI score
Exploits0References2
snyk
snyk
added 2026/07/01 9:56 p.m.5 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass due to improper enforcement of mode-restriction flags in the WebDAV handler. An attacker can gain unauthorized access to modify, delete, or retrieve files by sending crafted WebDAV requests to the affected service...

8.6CVSS6AI score
Exploits0References2
snyk
snyk
added 2026/07/01 9:54 p.m.8 views

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials via the Authorization header being forwarded during HTTP redirects or blob upload Location responses across registry origins. An attacker can obtain registry credentials intended for one origin by...

6.9CVSS6AI score
Exploits0References2
snyk
snyk
added 2026/07/01 9:54 p.m.6 views

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials via the Authorization header being forwarded during HTTP redirects or blob upload Location responses across registry origins. An attacker can obtain registry credentials intended for one origin by...

6.9CVSS6AI score
Exploits0References2
snyk
snyk
added 2026/07/01 9:51 p.m.4 views

Not Failing Securely ('Failing Open')

Overview Affected versions of this package are vulnerable to Not Failing Securely 'Failing Open' in the TlsServerEndpoint process when a server presents an X.509 certificate using a modern signature algorithm lacking traditional naming structures. An attacker can bypass strict client-side...

8.2CVSS6AI score
Exploits0References2
snyk
snyk
added 2026/07/01 9:51 p.m.6 views

Not Failing Securely ('Failing Open')

Overview Affected versions of this package are vulnerable to Not Failing Securely 'Failing Open' in the TlsServerEndpoint process when a server presents an X.509 certificate using a modern signature algorithm lacking traditional naming structures. An attacker can bypass strict client-side...

8.2CVSS6AI score
Exploits0References2
snyk
snyk
added 2026/07/01 9:48 p.m.4 views

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack through improper validation of hardlink targets during tar extraction. An attacker can access or modify files outside the intended extraction directory by crafting a malicious tarball with a hardlink entry whose target is...

7.1CVSS6AI score
Exploits0References3
snyk
snyk
added 2026/07/01 9:48 p.m.5 views

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack through improper validation of hardlink targets during tar extraction. An attacker can access or modify files outside the intended extraction directory by crafting a malicious tarball with a hardlink entry whose target is...

7.1CVSS6.1AI score
Exploits0References3
snyk
snyk
added 2026/07/01 9:48 p.m.6 views

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack through improper validation of hardlink targets during tar extraction. An attacker can access or modify files outside the intended extraction directory by crafting a malicious tarball with a hardlink entry whose target is...

7.1CVSS6.1AI score
Exploits0References3
snyk
snyk
added 2026/07/01 9:43 p.m.5 views

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path through the pushFile process when symlink traversal is possible within the working directory. An attacker can write files outside the intended directory boundary by supplying a crafted blob title th...

6.9CVSS6AI score
Exploits0References2
snyk
snyk
added 2026/07/01 9:43 p.m.4 views

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path through the pushFile process when symlink traversal is possible within the working directory. An attacker can write files outside the intended directory boundary by supplying a crafted blob title th...

6.9CVSS6AI score
Exploits0References2
snyk
snyk
added 2026/07/01 9:35 p.m.4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the blobStore.completePushAfterInitialPost process. An attacker can obtain sensitive credentials by manipulating the Location header to redirect requests to an attacker-controlled endpoint, causing t...

8.7CVSS6AI score
Exploits0References2
snyk
snyk
added 2026/07/01 9:35 p.m.6 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the blobStore.completePushAfterInitialPost process. An attacker can obtain sensitive credentials by manipulating the Location header to redirect requests to an attacker-controlled endpoint, causing t...

8.7CVSS6AI score
Exploits0References2
snyk
snyk
added 2026/07/01 9:19 p.m.5 views

Directory Traversal

Overview gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Directory Traversal via the preprocess method in the FileExplorer component. An attacker can read arbitrary files outside the configured rootdir by...

8.7CVSS6.5AI score0.0069EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 9:19 p.m.4 views

Allocation of Resources Without Limits or Throttling

Overview Magick.NET-Q8-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

7.1CVSS6AI score0.0009EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 9:19 p.m.4 views

Allocation of Resources Without Limits or Throttling

Overview Magick.NET-Q16-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

7.1CVSS6AI score0.0009EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 9:19 p.m.5 views

Allocation of Resources Without Limits or Throttling

Overview Magick.NET-Q16-HDRI-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

7.1CVSS6AI score0.0009EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 9:19 p.m.6 views

Allocation of Resources Without Limits or Throttling

Overview Magick.NET-Q16-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

7.1CVSS6AI score0.0009EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 9:19 p.m.4 views

Allocation of Resources Without Limits or Throttling

Overview Magick.NET-Q16-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

7.1CVSS6AI score0.0009EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 9:19 p.m.4 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the connected-components when invalid arguments are provided. An attacker can cause the application to enter an infinite loop by supplying specially crafted input. Remediation A fi...

7.1CVSS6AI score0.0009EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 9:19 p.m.4 views

Allocation of Resources Without Limits or Throttling

Overview Magick.NET-Q16-HDRI-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...

7.1CVSS6AI score0.0009EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 9:19 p.m.5 views

Allocation of Resources Without Limits or Throttling

Overview Magick.NET-Q16-HDRI-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

7.1CVSS6AI score0.0009EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 9:19 p.m.5 views

Allocation of Resources Without Limits or Throttling

Overview Magick.NET-Q16-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

7.1CVSS6AI score0.0009EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 9:19 p.m.4 views

Allocation of Resources Without Limits or Throttling

Overview Magick.NET-Q8-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package ar...

7.1CVSS6AI score0.0009EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 9:19 p.m.6 views

Allocation of Resources Without Limits or Throttling

Overview Magick.NET-Q8-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

7.1CVSS6AI score0.0009EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 9:19 p.m.4 views

Allocation of Resources Without Limits or Throttling

Overview Magick.NET-Q16-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

7.1CVSS6AI score0.0009EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 9:19 p.m.4 views

Allocation of Resources Without Limits or Throttling

Overview Magick.NET-Q16-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

7.1CVSS6AI score0.0009EPSS
Exploits0References2
Total number of security vulnerabilities35986