Lucene search
+L

36127 matches found

Snyk
Snyk
added 2026/06/26 12:16 p.m.10 views

Malicious Package

Overview react-icon-svgs is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/26 11:28 a.m.4 views

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

Overview Affected versions of this package are vulnerable to Improper Restriction of Recursive Entity References in DTDs 'XML Entity Expansion' through the processing of a deeply nested ASN.1 structure. An attacker can cause a stack overflow and disrupt service availability by sending specially...

7.1CVSS6AI score0.00294EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/26 11:16 a.m.11 views

Malicious Package

Overview ai-node-agent is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/26 11:16 a.m.10 views

Malicious Package

Overview ai-node-relay is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/26 10:28 a.m.9 views

Malicious Package

Overview prism-silq is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/26 10:19 a.m.12 views

Malicious Package

Overview hexo-shoka-swiper is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/26 10:12 a.m.10 views

Malicious Package

Overview hexo-deployer-wrangler is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/26 9:40 a.m.6 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper sanitization of text/vnd.mermaid output during the HTML export process. An attacker can execute arbitrary JavaScript in the context of a user's browser by convincing a user to view a maliciously...

5.4CVSS6.1AI score0.00134EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/26 9:14 a.m.7 views

Cleartext Transmission of Sensitive Information

Overview apache-airflow is a platform to programmatically author, schedule, and monitor workflows. Affected versions of this package are vulnerable to Cleartext Transmission of Sensitive Information due to the FTPSHook.getconn process not invoking protp, resulting in the data channel being...

8.7CVSS5.8AI score0.00264EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/26 9:14 a.m.5 views

Cleartext Transmission of Sensitive Information

Overview apache-airflow-providers-ftp is a Provider package apache-airflow-providers-ftp for Apache Airflow Affected versions of this package are vulnerable to Cleartext Transmission of Sensitive Information. due to the FTPSHook.getconn process not invoking protp, resulting in the data channel...

8.7CVSS5.8AI score0.00264EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/26 5:55 a.m.9 views

Malicious Package

Overview wao is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/26 5:22 a.m.8 views

Malicious Package

Overview vxui-react is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/26 5:17 a.m.9 views

Malicious Package

Overview tw-style-utils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/26 5:11 a.m.9 views

Malicious Package

Overview pump-laserstream-parser is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/26 5:11 a.m.9 views

Malicious Package

Overview pino-zod is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/26 5:11 a.m.10 views

Malicious Package

Overview pump-stream-logger is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/26 5:11 a.m.11 views

Malicious Package

Overview zod-pino is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/26 5:10 a.m.9 views

Malicious Package

Overview ttal2ttml is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/26 5:9 a.m.6 views

Malicious Package

Overview kdrive-utils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/26 5:5 a.m.21 views

Malicious Package

Overview analysis-chart is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/26 5:5 a.m.14 views

Malicious Package

Overview theme-color-picker is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/26 5:5 a.m.11 views

Malicious Package

Overview package-uploader is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/26 3:10 a.m.10 views

Malicious Package

Overview ref-slot is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/26 3:10 a.m.11 views

Malicious Package

Overview ts-opus is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/26 2:8 a.m.7 views

DNS Rebinding

Overview Affected versions of this package are vulnerable to DNS Rebinding in dns.lookup lib/dns.js and lookupAndConnect lib/net.js, which forward a hostname containing an embedded NUL byte to the native resolver bindings where the C string is truncated at the first NUL. An attacker can cause an...

9.8CVSS6.8AI score0.00405EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/26 2:8 a.m.5 views

Exposure of Private Personal Information to an Unauthorized Actor

Overview Affected versions of this package are vulnerable to Exposure of Private Personal Information to an Unauthorized Actor in the ProxyConfig constructor in lib/internal/http.js, which stores the full proxy URL including any embedded username and password and surfaces it in ERRPROXYTUNNEL err...

7.5CVSS6.8AI score0.00437EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/26 2:8 a.m.6 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the node:http2 client's ORIGIN frame handling, which places no limit on the number of ORIGIN frames a server may send. An attacker operating a malicious or compromised HTTP/2 serve...

7.5CVSS6.7AI score0.00656EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/26 2:8 a.m.6 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation in TLSSocket.prototype.setSession lib/internal/tls/wrap.js, which reuses a cached TLS session for a connection with a different servername without re-verifying the server's certificate against the new hos...

6.5CVSS6.4AI score0.00258EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/26 2:8 a.m.9 views

Improper Handling of Unicode Encoding

Overview Affected versions of this package are vulnerable to Improper Handling of Unicode Encoding in the checkServerIdentity function in lib/tls.js, which does not normalize an internationalized hostname to ASCII before matching it against certificate names. An attacker presenting a certificate...

7.7CVSS7.4AI score0.02486EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/26 2:8 a.m.20 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the WebCrypto cipher output length calculation in src/crypto/cryptoaes.cc, where datalen + blockSize + taglen is computed as a signed int before being passed to OpenSSL. An attacker can abort the proces...

8.7CVSS7.3AI score0.02806EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/26 2:8 a.m.6 views

Improper Handling of Case Sensitivity

Overview Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity in the Server.prototype.addContext method of lib/internal/tls/wrap.js, which builds the server name matching regular expression without the case-insensitive flag. An attacker can evade the TLS conte...

5.9CVSS6.5AI score0.00256EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/26 2:8 a.m.6 views

Incorrect Default Permissions

Overview Affected versions of this package are vulnerable to Incorrect Default Permissions in the futimes function of lib/internal/fs/promises.js, which backs FileHandle.utimes and performs no file system permission check. An attacker who can execute code in a process running under the Permission...

4.8CVSS6.6AI score0.00154EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/26 1:51 a.m.9 views

Malicious Package

Overview wellnpm is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/25 11:14 p.m.7 views

Cross-site Scripting (XSS)

Overview getgrav/grav is a Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the page editor process. An attacker can execute arbitrary scripts and potentially gain system access by injecting...

5.4CVSS5.9AI score0.00167EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/25 11:13 p.m.8 views

Deserialization of Untrusted Data

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the idlelib.pyshell.ModifiedInterpreter.runcode process. An attacker can execute arbitrary commands by...

8.1CVSS6.1AI score0.003EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/25 10:34 p.m.5 views

Race Condition

Overview Affected versions of this package are vulnerable to Race Condition through the proxyCSSRewriter process. An attacker can cause the application to crash by triggering concurrent access to shared resources, resulting in a denial of service. Remediation Upgrade...

8.2CVSS5.8AI score0.00091EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/25 10:34 p.m.5 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the LinkCheck process due to incomplete validation of IPv6 transition mechanisms. An attacker can access internal network resources by submitting specially crafted requests that exploit the insufficie...

6.9CVSS5.8AI score0.00282EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/25 10:34 p.m.5 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the Webhook URL handling process. An attacker can access internal network resources or sensitive endpoints by supplying a crafted URL. Remediation There is no fixed version for...

7.2CVSS5.8AI score0.00301EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/25 10:34 p.m.8 views

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack via the file processing mechanism. An attacker can write arbitrary files to the filesystem by exploiting a case-insensitive bypass and missing checks for HardLink/SymLink tags. Remediation There is no fixed version for...

7.1CVSS5.9AI score
Exploits0References3
Snyk
Snyk
added 2026/06/25 10:34 p.m.8 views

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack via the file processing mechanism. An attacker can write arbitrary files to the filesystem by exploiting a case-insensitive bypass and missing checks for HardLink/SymLink tags. Remediation Upgrade...

7.1CVSS5.9AI score
Exploits0References3
Snyk
Snyk
added 2026/06/25 10:34 p.m.7 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the PATCH process for public shares. An attacker can access or modify files outside the intended shared directory by crafting malicious requests that exploit improper path validation. Details A Directory Traversa...

9.3CVSS6.4AI score0.00446EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/25 10:34 p.m.6 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal through the dump process when handling attacker-controlled message IDs via the --http interface. An attacker can write arbitrary files to the filesystem by supplying crafted message IDs that exploit path traversal...

6CVSS6.5AI score0.00032EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/25 10:34 p.m.5 views

Improper Handling of Case Sensitivity

Overview Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity in the authentication process when using Basic Auth with LDAP. An attacker can bypass intended authentication controls by supplying usernames with different letter casing, potentially gaining...

6.3CVSS5.8AI score0.00308EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/25 10:34 p.m.16 views

Improper Handling of Case Sensitivity

Overview Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity in the authentication process when using Basic Auth with LDAP. An attacker can bypass intended authentication controls by supplying usernames with different letter casing, potentially gaining...

6.3CVSS5.8AI score0.00308EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/25 10:34 p.m.3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the HTML processing component due to a missing IP-filter dialer. An attacker can access internal network resources by crafting malicious HTML content that triggers requests to private, loopback, or IM...

6.9CVSS5.8AI score0.00037EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/25 10:34 p.m.6 views

Improper Handling of Case Sensitivity

Overview Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity in the authentication process when using Basic Auth with LDAP. An attacker can bypass intended authentication controls by supplying usernames with different letter casing, potentially gaining...

6.3CVSS5.8AI score0.00308EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/25 10:34 p.m.5 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the HTML processing component due to a missing IP-filter dialer. An attacker can access internal network resources by crafting malicious HTML content that triggers requests to private, loopback, or IM...

6.9CVSS5.8AI score0.00037EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/25 10:34 p.m.7 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure in the process handling Gateway resources when the konghq.com/gatewayclass-unmanaged: 'true' annotation is missing. An attacker can access TLS secrets from other namespaces by creating or modifying Gateway resources...

6.9CVSS5.8AI score
Exploits0References3
Snyk
Snyk
added 2026/06/25 10:34 p.m.6 views

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect via the redirect parameter. An attacker can redirect users to arbitrary external sites by crafting a malicious URL. Remediation There is no fixed version for github.com/casdoor/casdoor/object. References - Go Advisory...

6.1CVSS5.9AI score0.00324EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/25 10:34 p.m.7 views

Improper Handling of Case Sensitivity

Overview Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity in the authentication process when using Basic Auth with LDAP. An attacker can bypass intended authentication controls by supplying usernames with different letter casing, potentially gaining...

6.3CVSS5.8AI score0.00308EPSS
Exploits0References3
Total number of security vulnerabilities36127