Lucene search
+L

36127 matches found

Snyk
Snyk
added 2026/06/25 12:0 a.m.3 views

UNIX Symbolic Link (Symlink) Following

Overview Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following through the WriteToCachedFile function when handling network cache files in certain configurations. An attacker can overwrite specific host files and change their ownership by planting a symbolic lin...

4.2CVSS6.1AI score0.00107EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/25 12:0 a.m.3 views

UNIX Symbolic Link (Symlink) Following

Overview Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following through the WriteToCachedFile function when handling network cache files in certain configurations. An attacker can overwrite specific host files and change their ownership by planting a symbolic lin...

4.2CVSS6.1AI score0.00107EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 11:17 p.m.5 views

Deserialization of Untrusted Data

Overview composer is a Composer is a PyTorch library that enables you to train neural networks faster, at lower cost, and to higher accuracy. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the parsing process of checkpoints. An attacker can execute...

8.5CVSS7.4AI score0.00294EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 11:17 p.m.6 views

Directory Traversal

Overview chrome-devtools-mcp is a MCP server for Chrome DevTools Affected versions of this package are vulnerable to Directory Traversal through the validatePath function. An attacker can access or modify files outside the intended workspace boundaries by leveraging symlinks that point to locatio...

6.9CVSS6.5AI score0.00087EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/24 11:17 p.m.4 views

Improper Handling of Unexpected Data Type

Overview Affected versions of this package are vulnerable to Improper Handling of Unexpected Data Type via the Link::isAllowedUri function when processing Tiptap JSON containing an attrs.href field set to an array instead of a string. An attacker can cause persistent server-side crashes by...

7.1CVSS5.8AI score0.00305EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 10:17 p.m.10 views

Incomplete Filtering of Special Elements

Overview angular is a package that lets you write client-side web applications as if you had a smarter browser. It also lets you use HTML as your template language and lets you extend HTML’s syntax to express your application’s components clearly and succinctly. Affected versions of this package...

7.6CVSS5.8AI score0.00338EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/24 10:17 p.m.8 views

Incomplete Filtering of Special Elements

Overview org.webjars.npm:angular is a WebJar for angular. Affected versions of this package are vulnerable to Incomplete Filtering of Special Elements in the $sceDelegate service's trustedResourceUrlList validation, where a regular expression intended to match the entire resource URL is only...

7.6CVSS5.8AI score0.00338EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/24 10:17 p.m.4 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the git diff process. An attacker can overwrite critical files and disrupt service availability by supplying crafted input that bypasses directory restrictions. Details A Directory Traversal attack also known as...

8.5CVSS6.5AI score0.0035EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 10:17 p.m.4 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the git diff process. An attacker can overwrite critical files and disrupt service availability by supplying crafted input that bypasses directory restrictions. Details A Directory Traversal attack also known as...

8.5CVSS6.6AI score0.0035EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 10:16 p.m.3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the API endpoints responsible for managing repository settings. An attacker can modify admin-only repository configurations, such as disabling the native issue tracker or wiki, injecting external tracker or...

7.1CVSS6AI score0.00478EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 10:16 p.m.4 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the API endpoints responsible for managing repository settings. An attacker can modify admin-only repository configurations, such as disabling the native issue tracker or wiki, injecting external tracker or...

7.1CVSS6AI score0.00478EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 10:16 p.m.4 views

Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal via the handling of organization names containing path traversal sequences. An attacker can execute arbitrary code on the server by creating nested Git repositories that overwrite another repository's hooks...

10CVSS6.3AI score0.01107EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 10:16 p.m.4 views

Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal via the handling of organization names containing path traversal sequences. An attacker can execute arbitrary code on the server by creating nested Git repositories that overwrite another repository's hooks...

10CVSS7.6AI score0.01107EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 10:16 p.m.5 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the authorization process for Git smart HTTP requests. An attacker can gain unauthorized write access to repositories configured as read-only by manipulating the service query string to bypass intended access...

7.1CVSS5.8AI score0.00427EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 10:16 p.m.4 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the authorization process for Git smart HTTP requests. An attacker can gain unauthorized write access to repositories configured as read-only by manipulating the service query string to bypass intended access...

7.1CVSS6AI score0.00427EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 10:14 p.m.3 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the UploadRepoFiles process. An attacker can write arbitrary files outside the intended repository working tree by uploading a multipart file with a filename containing a literal backslash, which, when combined...

9CVSS6.6AI score0.00474EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 10:14 p.m.4 views

Use of a Key Past its Expiration Date

Overview Affected versions of this package are vulnerable to Use of a Key Past its Expiration Date due to the password-reset token generation process. An attacker can gain unauthorized access to user accounts by exploiting the extended validity period of reset tokens, even when a shorter expirati...

7.6CVSS6AI score0.00202EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 10:14 p.m.5 views

Insufficient Verification of Data Authenticity

Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity through the serveUpload process. An attacker can access and download content from private repositories belonging to other tenants by binding their own repository to an existing object...

7.7CVSS5.9AI score0.00236EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 10:14 p.m.2 views

Use of a Key Past its Expiration Date

Overview Affected versions of this package are vulnerable to Use of a Key Past its Expiration Date due to the password-reset token generation process. An attacker can gain unauthorized access to user accounts by exploiting the extended validity period of reset tokens, even when a shorter expirati...

7.6CVSS6AI score0.00202EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 10:14 p.m.2 views

Use of a Key Past its Expiration Date

Overview Affected versions of this package are vulnerable to Use of a Key Past its Expiration Date due to the password-reset token generation process. An attacker can gain unauthorized access to user accounts by exploiting the extended validity period of reset tokens, even when a shorter expirati...

7.6CVSS6AI score0.00202EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 10:14 p.m.5 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the UploadRepoFiles process. An attacker can write arbitrary files outside the intended repository working tree by uploading a multipart file with a filename containing a literal backslash, which, when combined...

9CVSS6.6AI score0.00474EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 10:14 p.m.4 views

Use of a Key Past its Expiration Date

Overview Affected versions of this package are vulnerable to Use of a Key Past its Expiration Date due to the password-reset token generation process. An attacker can gain unauthorized access to user accounts by exploiting the extended validity period of reset tokens, even when a shorter expirati...

7.6CVSS6AI score0.00202EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 10:14 p.m.6 views

Insufficient Verification of Data Authenticity

Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity through the serveUpload process. An attacker can access and download content from private repositories belonging to other tenants by binding their own repository to an existing object...

7.7CVSS5.9AI score0.00236EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 10:14 p.m.6 views

Use of a Key Past its Expiration Date

Overview Affected versions of this package are vulnerable to Use of a Key Past its Expiration Date due to the password-reset token generation process. An attacker can gain unauthorized access to user accounts by exploiting the extended validity period of reset tokens, even when a shorter expirati...

7.6CVSS6AI score0.00202EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 10:14 p.m.5 views

Use of a Key Past its Expiration Date

Overview Affected versions of this package are vulnerable to Use of a Key Past its Expiration Date due to the password-reset token generation process. An attacker can gain unauthorized access to user accounts by exploiting the extended validity period of reset tokens, even when a shorter expirati...

7.6CVSS6AI score0.00202EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 9:32 p.m.6 views

Malicious Package

Overview @kl-dolphin/jump is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/24 9:17 p.m.3 views

Improper Handling of Exceptional Conditions

Overview Affected versions of this package are vulnerable to Improper Handling of Exceptional Conditions via the internal/route/repo/wiki.go and internal/route/repo/view.go processes. An attacker can cause the web interface to become unusable and trigger HTTP 500 errors by creating a new file and...

6.9CVSS6AI score0.0044EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 9:17 p.m.3 views

Improper Handling of Exceptional Conditions

Overview Affected versions of this package are vulnerable to Improper Handling of Exceptional Conditions via the internal/route/repo/wiki.go and internal/route/repo/view.go processes. An attacker can cause the web interface to become unusable and trigger HTTP 500 errors by creating a new file and...

6.9CVSS6AI score0.0044EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 9:17 p.m.3 views

Improper Handling of Exceptional Conditions

Overview Affected versions of this package are vulnerable to Improper Handling of Exceptional Conditions via the internal/route/repo/wiki.go and internal/route/repo/view.go processes. An attacker can cause the web interface to become unusable and trigger HTTP 500 errors by creating a new file and...

6.9CVSS6AI score0.0044EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 9:17 p.m.7 views

Improper Handling of Exceptional Conditions

Overview Affected versions of this package are vulnerable to Improper Handling of Exceptional Conditions via the internal/route/repo/wiki.go and internal/route/repo/view.go processes. An attacker can cause the web interface to become unusable and trigger HTTP 500 errors by creating a new file and...

6.9CVSS6AI score0.0044EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 9:17 p.m.3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the Watch API handler. An attacker can gain unauthorized access to private repository activity by exploiting an inverted access check, allowing them to monitor commit messages, branch names, issue titles, and...

5.3CVSS6AI score0.00168EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 9:17 p.m.5 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the Watch API handler. An attacker can gain unauthorized access to private repository activity by exploiting an inverted access check, allowing them to monitor commit messages, branch names, issue titles, and...

5.3CVSS6AI score0.00168EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 9:17 p.m.3 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation via the ENABLEREVERSEPROXYAUTHENTICATION process. An attacker can impersonate any user or trigger automatic account creation by forging the configured authentication header in client requests. This is only exploitable...

8.7CVSS6AI score0.00864EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 9:17 p.m.4 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation via the ENABLEREVERSEPROXYAUTHENTICATION process. An attacker can impersonate any user or trigger automatic account creation by forging the configured authentication header in client requests. This is only exploitable...

8.7CVSS6AI score0.00864EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 9:17 p.m.4 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation via the ENABLEREVERSEPROXYAUTHENTICATION process. An attacker can impersonate any user or trigger automatic account creation by forging the configured authentication header in client requests. This is only exploitable...

8.7CVSS6AI score0.00864EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 9:17 p.m.6 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation via the ENABLEREVERSEPROXYAUTHENTICATION process. An attacker can impersonate any user or trigger automatic account creation by forging the configured authentication header in client requests. This is only exploitable...

8.7CVSS6AI score0.00864EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 9:17 p.m.4 views

Improper Neutralization of Special Elements Used in a Template Engine

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine in the RenderIssueIndexPattern process. An attacker can cause a panic and disrupt service availability by configuring a specially crafted issue index pattern containi...

5.1CVSS6AI score0.00284EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 9:17 p.m.6 views

Improper Neutralization of Special Elements Used in a Template Engine

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine in the RenderIssueIndexPattern process. An attacker can cause a panic and disrupt service availability by configuring a specially crafted issue index pattern containi...

5.1CVSS6AI score0.00284EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 9:17 p.m.5 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the webhook delivery process. An attacker can access internal network resources by supplying a webhook URL that follows redirects to hostnames within restricted local address ranges. Remediation Upgra...

8.8CVSS6AI score0.00402EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 9:17 p.m.5 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the webhook delivery process. An attacker can access internal network resources by supplying a webhook URL that follows redirects to hostnames within restricted local address ranges. Remediation Upgra...

8.8CVSS6AI score0.00402EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 9:17 p.m.6 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the webhook delivery process. An attacker can access internal network resources by supplying a webhook URL that follows redirects to hostnames within restricted local address ranges. Remediation Upgra...

8.8CVSS7.2AI score0.00402EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 9:17 p.m.5 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the webhook delivery process. An attacker can access internal network resources by supplying a webhook URL that follows redirects to hostnames within restricted local address ranges. Remediation Upgra...

8.8CVSS7.2AI score0.00402EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 9:17 p.m.5 views

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF in the organization team member management process due to the lack of CSRF protection on GET requests. An attacker can gain organization owner–equivalent privileges by tricking a logged-in organization...

8.8CVSS5.8AI score0.00248EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 9:17 p.m.3 views

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF in the organization team member management process due to the lack of CSRF protection on GET requests. An attacker can gain organization owner–equivalent privileges by tricking a logged-in organization...

8.8CVSS6AI score0.00248EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 9:17 p.m.3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the SaveAddress function. An attacker can access unauthorized local repositories by providing a crafted repository address in the Mirror Settings. Remediation Upgrade gogs.io/gogs/internal/route/repo to versi...

8.1CVSS6AI score0.00569EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 9:17 p.m.2 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the SaveAddress function. An attacker can access unauthorized local repositories by providing a crafted repository address in the Mirror Settings. Remediation Upgrade gogs.io/gogs/internal/route/api/v1/repo t...

8.1CVSS6AI score0.00569EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 9:17 p.m.3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the SaveAddress function. An attacker can access unauthorized local repositories by providing a crafted repository address in the Mirror Settings. Remediation Upgrade gogs.io/gogs/internal/form to version...

8.1CVSS6AI score0.00569EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 9:17 p.m.5 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the SaveAddress function. An attacker can access unauthorized local repositories by providing a crafted repository address in the Mirror Settings. Remediation Upgrade github.com/gogs/gogs/internal/form to...

8.1CVSS6AI score0.00569EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 9:17 p.m.3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the SaveAddress function. An attacker can access unauthorized local repositories by providing a crafted repository address in the Mirror Settings. Remediation Upgrade github.com/gogs/gogs/internal/route/repo ...

8.1CVSS6AI score0.00569EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 9:17 p.m.5 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the SaveAddress function. An attacker can access unauthorized local repositories by providing a crafted repository address in the Mirror Settings. Remediation Upgrade...

8.1CVSS6AI score0.00569EPSS
Exploits0References2
Total number of security vulnerabilities36127