Lucene search
+L

36119 matches found

Snyk
Snyk
•added 2026/06/28 7:36 p.m.•6 views

Use of Uninitialized Resource

Overview Affected versions of this package are vulnerable to Use of Uninitialized Resource in the cleanup process of the publickey list when a parse failure occurs. An attacker can cause memory corruption or a denial of service by sending a malformed response from a malicious SSH server that...

8.3CVSS5.8AI score0.0028EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/28 7:36 p.m.•6 views

HTTP Request Smuggling

Overview Affected versions of this package are vulnerable to HTTP Request Smuggling in the handling of HTTP/1.1 Upgrade requests containing a Content-Length header and body on reusable keep-alive backend connections. An attacker can manipulate backend responses by crafting ambiguous HTTP messages...

6.3CVSS5.8AI score0.00202EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/28 7:36 p.m.•15 views

Protection Mechanism Failure

Overview Affected versions of this package are vulnerable to Protection Mechanism Failure in the extraction process. An attacker can bypass security warnings and spoof file content by crafting a RAR5 archive with specially named alternate data streams that overwrite the intended Internet-zone...

4.8CVSS5.8AI score0.00119EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/28 7:36 p.m.•6 views

Use of Weak Hash

Overview skypilot is a SkyPilot: Run AI on Any Infra — Unified, Faster, Cheaper. Affected versions of this package are vulnerable to Use of Weak Hash in the username.encode function of the User ID Handler process. An attacker can compromise the integrity of user identification by exploiting the u...

6.3CVSS5.8AI score0.00189EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/28 7:36 p.m.•6 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the Grammar Action Block Handler process in OutputFile.java. An attacker can execute arbitrary code by providing crafted input to the affected component. Remediation There is no fixed version for...

7.5CVSS7.4AI score0.00311EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/28 7:34 p.m.•8 views

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the GoTarget function in the gofmt component. An attacker can execute arbitrary system commands by manipulating input passed to this function from a local environment. Remediation There is no fixed versio...

5.3CVSS6.3AI score0.00678EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/28 7:34 p.m.•4 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the getImportedVocabFile function in the tokenVocab Grammar Option Handler. An attacker can access arbitrary files on the system by supplying crafted input paths. Details A Directory Traversal attack also known a...

6.9CVSS6.7AI score0.0055EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/28 7:34 p.m.•9 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition in the readObject function of the Maven Plugin component. An attacker can manipulate the state between the time a check is performed and the time it is used by exploiting a race condition,...

4.5CVSS5.9AI score0.00091EPSS
Exploits0References2
Snyk
Snyk
•added 2026/06/28 6:51 p.m.•9 views

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion in the Parser class. An attacker can cause a stack overflow or excessive memory consumption by supplying deeply nested CSS blocks or functions. Remediation Upgrade crass to version 1.0.7 or higher. References -...

6.3CVSS5.9AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/28 6:51 p.m.•10 views

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion in scanner.rb. An attacker can cause a stack overflow and crash the application by supplying CSS input containing numerous adjacent comments. Remediation Upgrade crass to version 1.0.7 or higher. References -...

6.3CVSS5.9AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/28 6:51 p.m.•9 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in tokenizer.rb process. An attacker can cause excessive CPU and memory consumption by submitting CSS strings with large numeric exponents. Remediation Upgrade crass to version 1.0.7 ...

8.9CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/28 6:51 p.m.•7 views

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion when failing to apply :preservecomments for a stylesheet containing a very large number of adjacent CSS comments. An attacker can cause a stack overflow and crash the application. Remediation Upgrade crass to...

6.3CVSS5.9AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/28 8:30 a.m.•6 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the Experiment-scoped Label Schema CRUD API due to missing authorization checks. An attacker can gain unauthorized access or manipulate data by sending crafted requests to the affected...

8.8CVSS6AI score0.00263EPSS
Exploits1References2
Snyk
Snyk
•added 2026/06/28 8:30 a.m.•5 views

Authorization Bypass Through User-Controlled Key

Overview mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the...

8.8CVSS6.1AI score0.00263EPSS
Exploits1References2
Snyk
Snyk
•added 2026/06/27 9:0 p.m.•9 views

Malicious Package

Overview @immobiliarelabs/backstage-plugin-gitlab-backend is a malicious package. linked to a variant of the "Miasma" supply chain attack targeting the LeoPlatform npm ecosystem. A malicious actor compromised a legitimate maintainer account and used it to publish infected versions of this package...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/27 9:0 p.m.•8 views

Malicious Package

Overview @immobiliarelabs/backstage-plugin-gitlab is a malicious package. linked to a variant of the "Miasma" supply chain attack targeting the LeoPlatform npm ecosystem. A malicious actor compromised a legitimate maintainer account and used it to publish infected versions of this package in a...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/27 9:0 p.m.•6 views

Malicious Package

Overview @immobiliarelabs/backstage-plugin-ldap-auth-backend is a malicious package. linked to a variant of the "Miasma" supply chain attack targeting the LeoPlatform npm ecosystem. A malicious actor compromised a legitimate maintainer account and used it to publish infected versions of this...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/27 9:0 p.m.•12 views

Malicious Package

Overview @immobiliarelabs/backstage-plugin-ldap-auth is a malicious package. linked to a variant of the "Miasma" supply chain attack targeting the LeoPlatform npm ecosystem. A malicious actor compromised a legitimate maintainer account and used it to publish infected versions of this package in a...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/27 12:13 a.m.•15 views

Directory Traversal

Overview @pnpm/installing.env-installer is an Installer for configurational dependencies Affected versions of this package are vulnerable to Directory Traversal via the configDependencies process. An attacker can create symlinks outside the intended directory by supplying crafted package names wi...

8.2CVSS6.5AI score0.00257EPSS
Exploits1References2
Snyk
Snyk
•added 2026/06/27 12:13 a.m.•19 views

Directory Traversal

Overview pnpm is a Fast, disk space efficient package manager Affected versions of this package are vulnerable to Directory Traversal via the configDependencies process. An attacker can create symlinks outside the intended directory by supplying crafted package names with traversal components in...

8.2CVSS6.5AI score0.00257EPSS
Exploits1References2
Snyk
Snyk
•added 2026/06/27 12:12 a.m.•9 views

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path through the patch-remove process. An attacker can cause deletion of arbitrary files outside the intended directory by crafting a patch entry that resolves outside the configured patches directory...

7.1CVSS5.9AI score0.00257EPSS
Exploits1References3
Snyk
Snyk
•added 2026/06/27 12:12 a.m.•10 views

External Control of File Name or Path

Overview pnpm is a Fast, disk space efficient package manager Affected versions of this package are vulnerable to External Control of File Name or Path through the patch-remove process. An attacker can cause deletion of arbitrary files outside the intended directory by crafting a patch entry that...

7.1CVSS5.9AI score0.00257EPSS
Exploits1References3
Snyk
Snyk
•added 2026/06/27 12:2 a.m.•11 views

External Control of File Name or Path

Overview pnpm is a Fast, disk space efficient package manager Affected versions of this package are vulnerable to External Control of File Name or Path via the lockfile alias handling process. An attacker can overwrite files or directories outside the intended nodemodules directory by crafting a...

7.1CVSS5.8AI score0.00262EPSS
Exploits1References3
Snyk
Snyk
•added 2026/06/27 12:2 a.m.•9 views

External Control of File Name or Path

Overview @pnpm/installing.deps-installer is a Fast, disk space efficient installation engine Affected versions of this package are vulnerable to External Control of File Name or Path via the lockfile alias handling process. An attacker can overwrite files or directories outside the intended...

7.1CVSS5.8AI score0.00262EPSS
Exploits1References3
Snyk
Snyk
•added 2026/06/27 12:2 a.m.•9 views

External Control of File Name or Path

Overview @pnpm/installing.deps-restorer is a Fast installation using only pnpm-lock.yaml Affected versions of this package are vulnerable to External Control of File Name or Path via the lockfile alias handling process. An attacker can overwrite files or directories outside the intended nodemodul...

7.1CVSS5.8AI score0.00262EPSS
Exploits1References3
Snyk
Snyk
•added 2026/06/27 12:2 a.m.•5 views

External Control of File Name or Path

Overview @pnpm/fs.symlink-dependency is a Symlink a dependency to nodemodules Affected versions of this package are vulnerable to External Control of File Name or Path via the lockfile alias handling process. An attacker can overwrite files or directories outside the intended nodemodules director...

7.1CVSS5.8AI score0.00262EPSS
Exploits1References3
Snyk
Snyk
•added 2026/06/27 12:2 a.m.•9 views

External Control of File Name or Path

Overview @pnpm/installing.deps-resolver is a Resolves dependency graph of a package Affected versions of this package are vulnerable to External Control of File Name or Path via the lockfile alias handling process. An attacker can overwrite files or directories outside the intended nodemodules...

7.1CVSS5.8AI score0.00262EPSS
Exploits1References3
Snyk
Snyk
•added 2026/06/26 11:55 p.m.•4 views

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the listDDNS and listNotification handlers, which return full resource objects including plaintext third-party API credentials such as API tokens, secret keys, and webhook URLs witho...

6.9CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/26 11:55 p.m.•14 views

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the listDDNS and listNotification handlers, which return full resource objects including plaintext third-party API credentials such as API tokens, secret keys, and webhook URLs witho...

6.9CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2026/06/26 11:54 p.m.•7 views

External Control of File Name or Path

Overview pnpm is a Fast, disk space efficient package manager Affected versions of this package are vulnerable to External Control of File Name or Path via the stage download process. An attacker can overwrite arbitrary files outside the intended directory by crafting a manifest with malicious...

7.1CVSS5.9AI score0.00267EPSS
Exploits1References3
Snyk
Snyk
•added 2026/06/26 11:54 p.m.•6 views

External Control of File Name or Path

Overview @pnpm/releasing.commands is a Commands for deploy, pack, and publish Affected versions of this package are vulnerable to External Control of File Name or Path via the stage download process. An attacker can overwrite arbitrary files outside the intended directory by crafting a manifest...

7.1CVSS5.9AI score0.00267EPSS
Exploits1References3
Snyk
Snyk
•added 2026/06/26 11:46 p.m.•8 views

External Control of File Name or Path

Overview pnpm is a Fast, disk space efficient package manager Affected versions of this package are vulnerable to External Control of File Name or Path through the handling of reserved or malformed bin names during global package operations. An attacker can cause deletion of critical directories...

7.1CVSS5.8AI score0.00286EPSS
Exploits1References3
Snyk
Snyk
•added 2026/06/26 11:46 p.m.•5 views

External Control of File Name or Path

Overview @pnpm/bins.resolver is a Returns bins of a package Affected versions of this package are vulnerable to External Control of File Name or Path through the handling of reserved or malformed bin names during global package operations. An attacker can cause deletion of critical directories...

7.1CVSS5.8AI score0.00286EPSS
Exploits1References3
Snyk
Snyk
•added 2026/06/26 11:33 p.m.•3 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the ServeDeletePlaylist and ServeGetPlaylist handlers, which fail to enforce per-resource authorization. An attacker can access or delete any user's playlist, including private or...

7.1CVSS6AI score0.00168EPSS
Exploits0References3
Snyk
Snyk
•added 2026/06/26 11:33 p.m.•5 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the ServeDeletePlaylist and ServeGetPlaylist handlers, which fail to enforce per-resource authorization. An attacker can access or delete any user's playlist, including private or...

7.1CVSS6AI score0.00168EPSS
Exploits0References3
Snyk
Snyk
•added 2026/06/26 11:32 p.m.•3 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the id parameter in playlist operations. An attacker can access or delete other users' playlists, and probe for the existence of arbitrary files by supplying a crafted base64-encoded...

7.1CVSS6.1AI score0.00262EPSS
Exploits0References3
Snyk
Snyk
•added 2026/06/26 11:32 p.m.•3 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the id parameter in playlist operations. An attacker can access or delete other users' playlists, and probe for the existence of arbitrary files by supplying a crafted base64-encoded...

7.1CVSS6.1AI score0.00262EPSS
Exploits0References3
Snyk
Snyk
•added 2026/06/26 11:32 p.m.•4 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the id parameter in playlist operations. An attacker can access or delete other users' playlists, and probe for the existence of arbitrary files by supplying a crafted base64-encoded...

7.1CVSS6.1AI score0.00262EPSS
Exploits0References3
Snyk
Snyk
•added 2026/06/26 11:32 p.m.•5 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the id parameter in playlist operations. An attacker can access or delete other users' playlists, and probe for the existence of arbitrary files by supplying a crafted base64-encoded...

7.1CVSS6.1AI score0.00262EPSS
Exploits0References3
Snyk
Snyk
•added 2026/06/26 11:32 p.m.•5 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the id parameter in playlist operations. An attacker can access or delete other users' playlists, and probe for the existence of arbitrary files by supplying a crafted base64-encoded...

7.1CVSS6.1AI score0.00262EPSS
Exploits0References3
Snyk
Snyk
•added 2026/06/26 11:32 p.m.•7 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the id parameter in playlist operations. An attacker can access or delete other users' playlists, and probe for the existence of arbitrary files by supplying a crafted base64-encoded...

7.1CVSS6.1AI score0.00262EPSS
Exploits0References3
Snyk
Snyk
•added 2026/06/26 11:21 p.m.•3 views

Incorrect Permission Assignment for Critical Resource

Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource via the ServeCreateOrUpdatePlaylist process. An attacker can overwrite or create arbitrary files on the host system by supplying a crafted playlist ID that resolves to an...

8.1CVSS6.1AI score0.00269EPSS
Exploits0References4
Snyk
Snyk
•added 2026/06/26 11:21 p.m.•4 views

Incorrect Permission Assignment for Critical Resource

Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource via the ServeCreateOrUpdatePlaylist process. An attacker can overwrite or create arbitrary files on the host system by supplying a crafted playlist ID that resolves to an...

8.1CVSS6.1AI score0.00269EPSS
Exploits0References4
Snyk
Snyk
•added 2026/06/26 11:21 p.m.•4 views

Incorrect Permission Assignment for Critical Resource

Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource via the ServeCreateOrUpdatePlaylist process. An attacker can overwrite or create arbitrary files on the host system by supplying a crafted playlist ID that resolves to an...

8.1CVSS6.1AI score0.00269EPSS
Exploits0References4
Snyk
Snyk
•added 2026/06/26 11:21 p.m.•6 views

Incorrect Permission Assignment for Critical Resource

Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource via the ServeCreateOrUpdatePlaylist process. An attacker can overwrite or create arbitrary files on the host system by supplying a crafted playlist ID that resolves to an...

8.1CVSS6.1AI score0.00269EPSS
Exploits0References4
Snyk
Snyk
•added 2026/06/26 11:21 p.m.•4 views

Incorrect Permission Assignment for Critical Resource

Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource via the ServeCreateOrUpdatePlaylist process. An attacker can overwrite or create arbitrary files on the host system by supplying a crafted playlist ID that resolves to an...

8.1CVSS6.1AI score0.00269EPSS
Exploits0References4
Snyk
Snyk
•added 2026/06/26 11:21 p.m.•6 views

Incorrect Permission Assignment for Critical Resource

Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource via the ServeCreateOrUpdatePlaylist process. An attacker can overwrite or create arbitrary files on the host system by supplying a crafted playlist ID that resolves to an...

8.1CVSS6.1AI score0.00269EPSS
Exploits0References4
Snyk
Snyk
•added 2026/06/26 11:18 p.m.•6 views

Unsafe Dependency Resolution

Overview @pnpm/building.policy is a Create a function for filtering out dependencies that are not allowed to be built Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the approval process for dependency sources. An attacker can execute unauthorized code during...

8.8CVSS5.8AI score0.00118EPSS
Exploits1References4
Snyk
Snyk
•added 2026/06/26 11:18 p.m.•8 views

Unsafe Dependency Resolution

Overview pnpm is a Fast, disk space efficient package manager Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the approval process for dependency sources. An attacker can execute unauthorized code during the build lifecycle by crafting a dependency source...

8.8CVSS5.9AI score0.00118EPSS
Exploits1References4
Snyk
Snyk
•added 2026/06/26 11:10 p.m.•4 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the Live Preview process. An attacker can submit unauthorized content and generate shareable preview URLs by leveraging insufficient permission checks. Remediation Upgrade statamic/cms to version 5.74.0, 6.20....

5.1CVSS5.8AI score
Exploits0References2
Total number of security vulnerabilities36119