Lucene search
+L

36053 matches found

Snyk
Snyk
added 2026/07/02 3:26 p.m.5 views

Missing Authentication for Critical Function

Overview mcp-memory-service is an Open-source persistent memory for AI agent pipelines and Claude. REST API + semantic search + knowledge graph + autonomous consolidation. Self-host, zero cloud cost. Affected versions of this package are vulnerable to Missing Authentication for Critical Function ...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/02 2:56 p.m.10 views

Malicious Package

Overview animatecss-postcss-plugin is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/02 2:55 p.m.13 views

Malicious Package

Overview tailwind-animates is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/02 1:50 p.m.5 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation via the BalancerForward process. An attacker can manipulate upstream IP-based logic, such as rate limiting, access control, and audit logging, by injecting a spoofed X-Real-IP header value in requests. Remediation...

6.9CVSS6AI score0.00463EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/02 1:50 p.m.3 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation via the BalancerForward process. An attacker can manipulate upstream IP-based logic, such as rate limiting, access control, and audit logging, by injecting a spoofed X-Real-IP header value in requests. Remediation The...

6.9CVSS6AI score0.00463EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/02 1:50 p.m.4 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation via the BalancerForward process. An attacker can manipulate upstream IP-based logic, such as rate limiting, access control, and audit logging, by injecting a spoofed X-Real-IP header value in requests. Remediation The...

6.9CVSS6AI score0.00463EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/02 1:46 p.m.4 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the Authorizer function. An attacker can determine valid usernames by measuring the response time difference between valid and invalid usernames during authentication attempts. Remediation There is no fixed...

6.9CVSS6AI score0.00517EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/02 1:46 p.m.6 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the Authorizer function. An attacker can determine valid usernames by measuring the response time difference between valid and invalid usernames during authentication attempts. Remediation There is no fixed...

6.9CVSS6AI score0.00517EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/02 1:46 p.m.4 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the Authorizer function. An attacker can determine valid usernames by measuring the response time difference between valid and invalid usernames during authentication attempts. Remediation Upgrade...

6.9CVSS6AI score0.00517EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/02 1:17 p.m.12 views

Malicious Package

Overview cache-section-helper is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/02 1:17 p.m.9 views

Malicious Package

Overview db-plog is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/02 1:17 p.m.10 views

Malicious Package

Overview db-connector-log is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/02 1:17 p.m.12 views

Malicious Package

Overview db-convertor is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/02 1:7 p.m.15 views

Malicious Package

Overview tailwind-typography-stylecss is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/02 1:2 p.m.7 views

Malicious Package

Overview @modhamanish/rn-mm-template is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/02 12:20 p.m.8 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the GetEndpoints process. An attacker can cause the server to allocate excessive memory by sending a GetEndpointsRequest with an extremely large endpointUrl field, delivered in...

7.5CVSS6AI score0.00386EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/02 9:48 a.m.14 views

Malicious Package

Overview vitest-agent is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/02 9:12 a.m.8 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the beforerequest handler in the trace API endpoints. An authenticated attacker can bypass access controls by sending trace read, search, delete, update, linking, or assessment requests for experiments they do...

8.8CVSS7.2AI score0.00348EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/02 9:12 a.m.6 views

Missing Authorization

Overview mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Missing Authorization via the beforerequest handler in the trace A...

8.8CVSS7.3AI score0.00348EPSS
Exploits1References2
Snyk
Snyk
added 2026/07/02 8:13 a.m.8 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the FindServers process. An attacker can cause the server to allocate excessive memory by sending a FindServersRequest with an unbounded serverUris field, delivering a very large...

8.7CVSS6.2AI score0.00388EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/02 7:33 a.m.4 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of enforced limits in the parser when processing JSON input. An attacker can cause excessive CPU and memory consumption by submitting very large or deeply nested JSON...

8.7CVSS6AI score0.00366EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/01 11:15 p.m.6 views

Cross-site Scripting (XSS)

Overview wagtail is an open source content management system built on Django. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the dynamic image URL generator view within the admin interface. An attacker with a limited-permission editor account can execute arbitrary...

8.5CVSS5.8AI score0.00203EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/01 11:15 p.m.3 views

Improper Handling of Insufficient Permissions or Privileges

Overview wagtail is an open source content management system built on Django. Affected versions of this package are vulnerable to Improper Handling of Insufficient Permissions or Privileges in the simpletranslation process. An attacker can access and create translations for pages without the...

5.3CVSS6AI score0.00162EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/01 11:15 p.m.8 views

Improper Handling of Insufficient Permissions or Privileges

Overview wagtail is an open source content management system built on Django. Affected versions of this package are vulnerable to Improper Handling of Insufficient Permissions or Privileges in the chosen endpoint for Documents and Images, which incorrectly lists items for which the user has not...

5.3CVSS5.9AI score0.00162EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/01 11:14 p.m.6 views

Improper Handling of Insufficient Permissions or Privileges

Overview wagtail is an open source content management system built on Django. Affected versions of this package are vulnerable to Improper Handling of Insufficient Permissions or Privileges via the preview view in wagtail/images/views/images.py. An attacker can preview images they do not have...

6.5CVSS6AI score0.00201EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/01 11:12 p.m.6 views

Allocation of Resources Without Limits or Throttling

Overview wagtail is an open source content management system built on Django. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the previewrequest, imageid, filterspec view in wagtail/images/views/images.py. An authenticated admin can...

5.1CVSS5.8AI score0.0022EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/01 10:17 p.m.9 views

Prototype Pollution

Overview jodit is a Jodit is awesome and usefully wysiwyg editor with filebrowser Affected versions of this package are vulnerable to Prototype Pollution via the ConfigMerge and ConfigProto helpers in the configuration code. An attacker can mutate Object.prototype by supplying user-controlled...

6.5CVSS6.5AI score0.00273EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/01 10:17 p.m.7 views

Prototype Pollution

Overview org.webjars.npm:jodit is a Jodit is awesome and usefully wysiwyg editor with filebrowser Affected versions of this package are vulnerable to Prototype Pollution via the ConfigMerge and ConfigProto helpers in the configuration code. An attacker can mutate Object.prototype by supplying...

6.5CVSS6.5AI score0.00273EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/01 10:12 p.m.4 views

Cross-site Scripting (XSS)

Overview org.webjars.npm:jodit is a Jodit is awesome and usefully wysiwyg editor with filebrowser Affected versions of this package are vulnerable to Cross-site Scripting XSS via the safeHTML sanitizer in src/core/helpers/html/safe-html.ts and the clean-html plugin’s value-set/on-change...

7.2CVSS5.7AI score0.00179EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/01 10:12 p.m.7 views

Cross-site Scripting (XSS)

Overview jodit is a Jodit is awesome and usefully wysiwyg editor with filebrowser Affected versions of this package are vulnerable to Cross-site Scripting XSS via the safeHTML sanitizer in src/core/helpers/html/safe-html.ts and the clean-html plugin’s value-set/on-change sanitization paths. An...

7.2CVSS5.7AI score0.00179EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/01 10:12 p.m.5 views

Cross-site Scripting (XSS)

Overview silverstripe/framework is a PHP framework forming the base for the SilverStripe CMS. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the "Insert media from web" functionality in the CMS is vulnerable to XSS from a specially crafted embed. Details Cross-si...

5.4CVSS5.7AI score0.00263EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/01 10:9 p.m.8 views

Open Redirect

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Open Redirect via the MCP SSE process. An attacker can access sensitive information by leveraging redirects that forward Authorization headers to unintended recipients. This is only...

7.1CVSS6AI score
Exploits0References3
Snyk
Snyk
added 2026/07/01 10:2 p.m.4 views

Server-side Request Forgery (SSRF)

Overview @apify/actors-mcp-server is an Apify MCP Server Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the webServerMcpPath field in the Actor definition, which is concatenated with a trusted base URL without proper validation. An attacker can cause...

8.6CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/01 9:59 p.m.4 views

Race Condition

Overview Affected versions of this package are vulnerable to Race Condition through the ShareHandler process. An attacker can bypass intended download limits by making concurrent requests with the same share token, allowing multiple unauthorized downloads beyond the configured cap. Remediation...

8.2CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/01 9:59 p.m.7 views

Race Condition

Overview Affected versions of this package are vulnerable to Race Condition through the ShareHandler process. An attacker can bypass intended download limits by making concurrent requests with the same share token, allowing multiple unauthorized downloads beyond the configured cap. Remediation...

8.2CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/01 9:59 p.m.7 views

Race Condition

Overview Affected versions of this package are vulnerable to Race Condition through the ShareHandler process. An attacker can bypass intended download limits by making concurrent requests with the same share token, allowing multiple unauthorized downloads beyond the configured cap. Remediation...

8.2CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/01 9:59 p.m.4 views

Race Condition

Overview Affected versions of this package are vulnerable to Race Condition through the ShareHandler process. An attacker can bypass intended download limits by making concurrent requests with the same share token, allowing multiple unauthorized downloads beyond the configured cap. Remediation...

8.2CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/01 9:58 p.m.4 views

Use of Cache Containing Sensitive Information

Overview ghost is a publishing platform Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information in the handling of the x-ghost-preview header when the application is deployed behind a shared caching layer. An attacker can inject malicious content into...

9.6CVSS6AI score0.00244EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/01 9:56 p.m.5 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass due to improper enforcement of mode-restriction flags in the WebDAV handler. An attacker can gain unauthorized access to modify, delete, or retrieve files by sending crafted WebDAV requests to the affected service...

8.6CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/01 9:56 p.m.4 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass due to improper enforcement of mode-restriction flags in the WebDAV handler. An attacker can gain unauthorized access to modify, delete, or retrieve files by sending crafted WebDAV requests to the affected service...

8.6CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/01 9:56 p.m.3 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass due to improper enforcement of mode-restriction flags in the WebDAV handler. An attacker can gain unauthorized access to modify, delete, or retrieve files by sending crafted WebDAV requests to the affected service...

8.6CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/01 9:54 p.m.6 views

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials via the Authorization header being forwarded during HTTP redirects or blob upload Location responses across registry origins. An attacker can obtain registry credentials intended for one origin by...

6.9CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/01 9:54 p.m.8 views

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials via the Authorization header being forwarded during HTTP redirects or blob upload Location responses across registry origins. An attacker can obtain registry credentials intended for one origin by...

6.9CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/01 9:51 p.m.4 views

Not Failing Securely ('Failing Open')

Overview Affected versions of this package are vulnerable to Not Failing Securely 'Failing Open' in the TlsServerEndpoint process when a server presents an X.509 certificate using a modern signature algorithm lacking traditional naming structures. An attacker can bypass strict client-side...

8.2CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/01 9:51 p.m.6 views

Not Failing Securely ('Failing Open')

Overview Affected versions of this package are vulnerable to Not Failing Securely 'Failing Open' in the TlsServerEndpoint process when a server presents an X.509 certificate using a modern signature algorithm lacking traditional naming structures. An attacker can bypass strict client-side...

8.2CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/01 9:48 p.m.4 views

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack through improper validation of hardlink targets during tar extraction. An attacker can access or modify files outside the intended extraction directory by crafting a malicious tarball with a hardlink entry whose target is...

7.1CVSS6AI score
Exploits0References3
Snyk
Snyk
added 2026/07/01 9:48 p.m.6 views

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack through improper validation of hardlink targets during tar extraction. An attacker can access or modify files outside the intended extraction directory by crafting a malicious tarball with a hardlink entry whose target is...

7.1CVSS6.1AI score
Exploits0References3
Snyk
Snyk
added 2026/07/01 9:48 p.m.5 views

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack through improper validation of hardlink targets during tar extraction. An attacker can access or modify files outside the intended extraction directory by crafting a malicious tarball with a hardlink entry whose target is...

7.1CVSS6.1AI score
Exploits0References3
Snyk
Snyk
added 2026/07/01 9:43 p.m.4 views

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path through the pushFile process when symlink traversal is possible within the working directory. An attacker can write files outside the intended directory boundary by supplying a crafted blob title th...

6.9CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/07/01 9:43 p.m.5 views

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path through the pushFile process when symlink traversal is possible within the working directory. An attacker can write files outside the intended directory boundary by supplying a crafted blob title th...

6.9CVSS6AI score
Exploits0References2
Total number of security vulnerabilities36053