Lucene search
+L

36127 matches found

Snyk
Snyk
added 2026/06/25 4:53 p.m.5 views

Insecure Temporary File

Overview @anthropic-ai/claude-code is an Use Claude, Anthropic's AI assistant, right from your terminal. Claude can understand your codebase, edit files, run terminal commands, and handle entire workflows for you. Affected versions of this package are vulnerable to Insecure Temporary File via the...

6.1CVSS6AI score0.00149EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/25 4:42 p.m.3 views

Unsafe Dependency Resolution

Overview Affected versions of this package are vulnerable to Unsafe Dependency Resolution in the handling of configDependencies from pnpm-workspace.yaml, where installDeps.ts resolves and spawns a repository-selected native install engine without verifying that the repository is authorized to...

8.8CVSS6AI score0.00127EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/25 4:30 p.m.3 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the SNS callback process. An attacker can trigger class loading and object construction with attacker-controlled data by sending specially crafted SNS callbacks after the in-memory dispatcher entry f...

7.7CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/25 3:59 p.m.3 views

Insufficient Session Expiration

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Insufficient Session Expiration via the Registration Access Token process. An attacker can gain unauthorized...

6.9CVSS6AI score0.00267EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/25 3:58 p.m.3 views

Authorization Bypass Through User-Controlled Key

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the addChild endpoint in the Admin REST API when...

7.7CVSS6AI score0.00288EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/25 3:58 p.m.4 views

Cross-site Scripting (XSS)

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the client URI validation process. An attacker can execute arbitrary scripts in...

8.5CVSS5.9AI score0.00419EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/25 3:58 p.m.3 views

Directory Traversal

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Directory Traversal via the keystore parameter when creating a key provider component. An attacker can...

6.9CVSS6.5AI score0.00519EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/25 3:58 p.m.3 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the keystore parameter when creating a key provider component. An attacker can determine the existence and readability of files on the server by submitting crafted filesystem paths. This is only exploitable if th...

6.9CVSS6.6AI score0.00519EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/25 3:18 p.m.6 views

Cross-site Scripting (XSS)

Overview pretix is a Reinventing presales, one ticket at a time Affected versions of this package are vulnerable to Cross-site Scripting XSS via the email address field on the ticket confirmation page. An attacker can execute arbitrary scripts in the context of a user's browser by injecting...

7.1CVSS5.9AI score0.00345EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/25 3:17 p.m.7 views

Cross-site Scripting (XSS)

Overview pretix is a Reinventing presales, one ticket at a time Affected versions of this package are vulnerable to Cross-site Scripting XSS via the layout specification process of PDF ticket or badge layouts. An attacker can execute arbitrary JavaScript in the browser context of another backend...

8.8CVSS5.9AI score0.0033EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/25 3:17 p.m.5 views

Cross-site Scripting (XSS)

Overview pretix is a Reinventing presales, one ticket at a time Affected versions of this package are vulnerable to Cross-site Scripting XSS via the redirection process. An attacker can inject malicious HTML content into the page displayed during redirection to an untrusted destination, potential...

5.5CVSS5.6AI score0.00248EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/25 3:17 p.m.5 views

Cross-site Scripting (XSS)

Overview pretix is a Reinventing presales, one ticket at a time Affected versions of this package are vulnerable to Cross-site Scripting XSS via the PDF rendering process. An attacker can cause the server to make arbitrary HTTP requests and potentially leak internal network information by injecti...

5.5CVSS5.8AI score0.00308EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/25 10:16 a.m.5 views

Authentication Bypass by Alternate Name

Overview org.apache.shiro:shiro-web is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management. Affected versions of this package are vulnerable to Authentication Bypass by Alternate Name in the shiro-guice module when...

8.2CVSS6AI score0.00422EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/25 10:16 a.m.7 views

Authentication Bypass by Alternate Name

Overview Affected versions of this package are vulnerable to Authentication Bypass by Alternate Name in the shiro-guice module when deployed in a web servlet context. An attacker can gain unauthorized access by sending specially crafted HTTP requests. Remediation Upgrade...

8.2CVSS6AI score0.00422EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/25 10:16 a.m.5 views

Replay Attack

Overview Affected versions of this package are vulnerable to Replay Attack due to the server not verifying the expiration of the RememberMe cookie. An attacker can maintain unauthorized access by intercepting and reusing a valid cookie beyond its intended expiration. This is only exploitable if t...

3CVSS6AI score0.00224EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/25 10:16 a.m.4 views

Replay Attack

Overview org.apache.shiro:shiro-core is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management. Affected versions of this package are vulnerable to Replay Attack due to the server not verifying the expiration of the...

3CVSS6AI score0.00224EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/25 10:16 a.m.3 views

Replay Attack

Overview org.apache.shiro:shiro-web is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management. Affected versions of this package are vulnerable to Replay Attack due to the server not verifying the expiration of the...

3CVSS6AI score0.00224EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/25 6:22 a.m.4 views

Inefficient Algorithmic Complexity

Overview shell-quote is a package used to quote and parse shell commands. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in the parseInternal function of parse.js, where parse finalizes the token list with Array.prototype.concat inside a reduce, copying the...

8.7CVSS5.9AI score0.0036EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/25 6:22 a.m.4 views

Inefficient Algorithmic Complexity

Overview org.webjars.npm:shell-quote is a package used to quote and parse shell commands. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in the parseInternal function of parse.js, where parse finalizes the token list with Array.prototype.concat inside a...

8.7CVSS5.9AI score0.0036EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/25 6:7 a.m.6 views

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview org.jenkins-ci.plugins:github-branch-source is a multibranch projects and organization folders from GitHub. Maintained by CloudBees, Inc. Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere via a missing permissio...

5.3CVSS5.8AI score0.00216EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/25 6:7 a.m.4 views

Credential Exposure

Overview org.jenkins-ci.plugins:fitnesse is a Jenkins fitnesse plugin. Affected versions of this package are vulnerable to Credential Exposure due to a job in that store passwords unencrypted. These passwords can be viewed by users with Item/Extended Read permission or access to the Jenkins...

5.3CVSS5.9AI score0.00178EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/25 6:7 a.m.8 views

LDAP Injection

Overview Affected versions of this package are vulnerable to LDAP Injection via the Windows native ADSI authentication path, does not escape the user name before building the LDAP search filter. This allows unauthenticated attackers to inject LDAP wildcard characters into the user name, enabling...

6.3CVSS6AI score0.00224EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/25 6:7 a.m.6 views

Command Injection

Overview org.jenkins-ci.plugins:git-client is a Jenkins git client plugin. Affected versions of this package are vulnerable to Command Injection via improper neutralization of workspace directory names in the SSH wrapper script generated by the "Manually provided keys" Git Host Key Verification...

5CVSS6AI score0.00207EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/25 6:7 a.m.5 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization due to not performing permission checks in several HTTP endpoints that used to validate cloud configurations. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using...

5.4CVSS5.9AI score0.00161EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/25 6:7 a.m.7 views

Unsafe Dependency Resolution

Overview org.jenkins-ci.plugins:script-security is a package that allows Jenkins administrators to control what in-process scripts can be run by less-privileged users. Affected versions of this package are vulnerable to Unsafe Dependency Resolution via Groovy AST transformation annotations during...

8.5CVSS6.2AI score0.00594EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/25 6:7 a.m.7 views

Improper Control of Dynamically-Managed Code Resources

Overview org.jenkins-ci.plugins:script-security is a package that allows Jenkins administrators to control what in-process scripts can be run by less-privileged users. Affected versions of this package are vulnerable to Improper Control of Dynamically-Managed Code Resources via incomplete sandbox...

8.8CVSS5.8AI score0.00372EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/25 6:2 a.m.9 views

Malicious Package

Overview pathfix is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/25 5:49 a.m.10 views

Malicious Package

Overview easy-time-format is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/25 5:49 a.m.6 views

Malicious Package

Overview easy-time666 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/25 5:46 a.m.16 views

Malicious Package

Overview ccl-component-resources is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/25 5:38 a.m.8 views

Malicious Package

Overview build-tracker-n5p1 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/25 5:38 a.m.7 views

Malicious Package

Overview event-metrics-q3x7 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/25 5:16 a.m.6 views

Malicious Package

Overview boardflow is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/25 4:29 a.m.5 views

Malicious Package

Overview block-slot is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/25 4:29 a.m.7 views

Malicious Package

Overview ts-grok is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/25 3:41 a.m.8 views

Malicious Package

Overview axl-ui is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/25 3:41 a.m.7 views

Malicious Package

Overview loadninja-shared is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/25 3:15 a.m.9 views

Malicious Package

Overview nolimit-x is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/25 2:16 a.m.6 views

Malicious Package

Overview atlassian-forge-skills is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/25 2:16 a.m.9 views

Malicious Package

Overview signup-embedder is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/25 2:16 a.m.7 views

Malicious Package

Overview poc-publish-test-su-doughnym is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/25 2:16 a.m.6 views

Malicious Package

Overview @su-doughnym/react-dlb is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/25 2:16 a.m.8 views

Malicious Package

Overview @su-doughnym/metrics-js is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/25 2:16 a.m.6 views

Malicious Package

Overview @su-doughnym/loginui is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/25 2:16 a.m.8 views

Malicious Package

Overview nabisco is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/25 2:16 a.m.5 views

Malicious Package

Overview @su-doughnym/hubspot-loginui-poc is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/25 2:16 a.m.8 views

Malicious Package

Overview two-factor-prompt-lib is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/25 2:16 a.m.6 views

Malicious Package

Overview hs-locale-management is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/25 2:16 a.m.9 views

Malicious Package

Overview data-fetching-client is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/25 2:12 a.m.8 views

Malicious Package

Overview @helpcentre/tesco-help is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

9.8CVSS5.8AI score
Exploits0References2
Total number of security vulnerabilities36127