Lucene search
+L

36119 matches found

Snyk
Snyk
added 2026/06/29 4:38 p.m.5 views

Malicious Package

Overview @flipbit2-bb/scope-test is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/29 4:36 p.m.9 views

Malicious Package

Overview http-uploader-dev is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/29 4:33 p.m.4 views

Malicious Package

Overview clx-cookie-signature is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/29 4:33 p.m.7 views

Malicious Package

Overview tailwind-form is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/29 4:33 p.m.6 views

Malicious Package

Overview clx-cookieparser is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/29 4:32 p.m.8 views

Malicious Package

Overview node-denv is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/29 4:32 p.m.9 views

Malicious Package

Overview chain-chai-test is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/29 4:32 p.m.10 views

Malicious Package

Overview react-pinojs is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/29 4:32 p.m.7 views

Malicious Package

Overview react-json-chalk is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/29 4:32 p.m.10 views

Malicious Package

Overview stackus is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/29 4:32 p.m.8 views

Malicious Package

Overview bundrix is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/29 2:23 p.m.10 views

Interpretation Conflict

Overview fast-uri is a Dependency-free RFC 3986 URI toolbox Affected versions of this package are vulnerable to Interpretation Conflict in its parse, normalize, and equal functions, which call the nonexistent URL.domainToASCII static method and silently swallow the resulting TypeError into...

8.7CVSS5.8AI score0.00312EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/29 2:23 p.m.9 views

Interpretation Conflict

Overview org.webjars.npm:fast-uri is a Dependency-free RFC 3986 URI toolbox Affected versions of this package are vulnerable to Interpretation Conflict in its parse, normalize, and equal functions, which call the nonexistent URL.domainToASCII static method and silently swallow the resulting...

8.7CVSS5.8AI score0.00312EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/29 2:21 p.m.9 views

Symlink Attack

Overview libattr is a None Affected versions of this package are vulnerable to Symlink Attack. via the getfattr or setfattr process. An attacker can gain elevated privileges by substituting a symbolic link for a pathname component during directory traversal, causing operations to be redirected to...

8.4CVSS5.9AI score0.00136EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/29 2:18 p.m.14 views

Malicious Package

Overview quirky-token is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/29 2:11 p.m.8 views

Malicious Package

Overview swift-parse-stream is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/29 2:6 p.m.15 views

Malicious Package

Overview path-internal-util is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/29 2:4 p.m.5 views

Symlink Attack

Overview @anthropic-ai/claude-code is an Use Claude, Anthropic's AI assistant, right from your terminal. Claude can understand your codebase, edit files, run terminal commands, and handle entire workflows for you. Affected versions of this package are vulnerable to Symlink Attack in the handling ...

8.8CVSS6.3AI score0.00765EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/29 2:0 p.m.9 views

Malicious Package

Overview auth-state-service is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/29 2:0 p.m.5 views

Malicious Package

Overview authmatrix is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/29 2:0 p.m.6 views

Malicious Package

Overview ssr-auth-sync is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/29 2:0 p.m.7 views

Malicious Package

Overview authsessionbridge is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/29 1:21 p.m.4 views

Buffer Overflow

Overview Affected versions of this package are vulnerable to Buffer Overflow in the xmlcatalog process when operating in shell mode. An attacker can cause memory corruption, application crash, or execute arbitrary code by supplying an excessively long input line. Remediation A fix was pushed into...

7.8CVSS6.1AI score0.00148EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/29 1:0 p.m.7 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview acl is a None Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition. in the getfacl or setfacl process. An attacker can gain unauthorized access to files or escalate privileges by exploiting a race condition where a symbolic link replaces a...

7.2CVSS5.8AI score0.00091EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/29 1:0 p.m.10 views

Symlink Attack

Overview acl is a None Affected versions of this package are vulnerable to Symlink Attack. via the libacl functions. An attacker can gain unauthorized access to or modify access control lists by replacing a pathname component with a symbolic link, redirecting ACL read or write operations to...

8.4CVSS5.9AI score0.00142EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/29 11:50 a.m.7 views

Cross-site Scripting (XSS)

Overview lollms is a python library for AI personality definition Affected versions of this package are vulnerable to Cross-site Scripting XSS via the createpost function within backend/routers/social/init.py, where user-provided content is directly assigned to the DBPost model without...

9.6CVSS7AI score0.00405EPSS
Exploits1References3
Snyk
Snyk
added 2026/06/29 11:50 a.m.4 views

Arbitrary Code Injection

Overview mesop is a Build UIs in Python Affected versions of this package are vulnerable to Arbitrary Code Injection due to an explicit web endpoint inside the ai/ testing module infrastructure directly ingests untrusted Python code strings unconditionally without authentication measures, yieldin...

9.8CVSS6.1AI score0.05289EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/29 11:50 a.m.6 views

Allocation of Resources Without Limits or Throttling

Overview frigate is an A tool for autogenerating helm documentation. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when uploading a file or retrieving the filename, a user may intentionally use a large Unicode filename which would lead to...

6.9CVSS6AI score0.00767EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/29 10:49 a.m.9 views

Malicious Package

Overview vkzmn is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/29 3:33 a.m.7 views

Malicious Package

Overview hunsterx-package is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/29 3:33 a.m.11 views

Malicious Package

Overview velocityfix is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/29 3:31 a.m.10 views

Malicious Package

Overview unsafe-malicious-package is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/29 3:18 a.m.9 views

Malicious Package

Overview polymarket-clob-math is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/29 3:18 a.m.3 views

Malicious Package

Overview ts-einkle-slot is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/29 3:18 a.m.9 views

Malicious Package

Overview ts-einkle is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/29 3:18 a.m.7 views

Malicious Package

Overview ts-ankle is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/29 3:16 a.m.5 views

Malicious Package

Overview gx-npm-ui is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/29 3:16 a.m.7 views

Malicious Package

Overview gx-npm-lib is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/29 3:16 a.m.5 views

Malicious Package

Overview gx-npm-feature-flags is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/29 2:52 a.m.7 views

Malicious Package

Overview @vpms/design-system is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/29 2:21 a.m.9 views

Malicious Package

Overview @epsteinlovekids483/crossmint-wallets-sdk-pentest is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/29 2:21 a.m.7 views

Malicious Package

Overview crossmint-wallets-sdk is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/28 11:18 p.m.8 views

Insufficient Verification of Data Authenticity

Overview openviking is an An Agent-native context database Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the strtouint64 function. An attacker can compromise data integrity and confidentiality by submitting crafted ID arguments that bypass...

5CVSS6.1AI score0.00138EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/28 11:16 p.m.7 views

Incorrect Authorization

Overview khoj is a Your Second Brain Affected versions of this package are vulnerable to Incorrect Authorization in the Conversation Sharing Handler when processing the conversation.agent argument. An attacker can gain unauthorized access to conversation data or perform actions with insufficient...

6.5CVSS6.2AI score0.00165EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/28 11:16 p.m.4 views

Improper Authorization

Overview @voltagent/serverless-hono is a Serverless fetch-based runtime provider for VoltAgent using Hono Affected versions of this package are vulnerable to Improper Authorization via the handleGetMemoryConversation function. An attacker can gain unauthorized access to memory conversation data b...

3.1CVSS5.9AI score0.0022EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/28 11:16 p.m.3 views

Improper Authorization

Overview @voltagent/server-hono is a Hono server implementation for VoltAgent Affected versions of this package are vulnerable to Improper Authorization via the handleGetMemoryConversation function. An attacker can gain unauthorized access to memory conversation data by manipulating the...

3.1CVSS5.9AI score0.0022EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/28 11:16 p.m.2 views

Improper Authorization

Overview @voltagent/server-elysia is an Elysia server implementation for VoltAgent Affected versions of this package are vulnerable to Improper Authorization via the handleGetMemoryConversation function. An attacker can gain unauthorized access to memory conversation data by manipulating the...

3.1CVSS5.9AI score0.0022EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/28 11:16 p.m.4 views

Improper Authorization

Overview @voltagent/server-core is a Framework-agnostic server core for VoltAgent Affected versions of this package are vulnerable to Improper Authorization via the handleGetMemoryConversation function. An attacker can gain unauthorized access to memory conversation data by manipulating the...

3.1CVSS5.9AI score0.0022EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/28 7:36 p.m.8 views

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write in the decodedlta function. An attacker can cause memory corruption, potentially leading to information disclosure, data modification, or application crash by supplying a crafted media stream containing a malicious...

8.8CVSS5.8AI score0.00217EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/28 7:36 p.m.6 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound through the processing of a 32-bit attribute count received from a remote server in the publickey subsystem. An attacker can cause a heap buffer overflow by sending a specially crafted response that trigge...

8.3CVSS6.4AI score0.00333EPSS
Exploits0References2
Total number of security vulnerabilities36119