Lucene search
K

32434 matches found

Snyk
Snyk
•added 2 days ago•0 views

Malicious Package

Overview vkzmn is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS
Exploits0References2
Snyk
Snyk
•added 2 days ago•2 views

Malicious Package

Overview hunsterx-package is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2 days ago•2 views

Malicious Package

Overview velocityfix is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2 days ago•1 views

Malicious Package

Overview unsafe-malicious-package is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2 days ago•2 views

Malicious Package

Overview polymarket-clob-math is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2 days ago•1 views

Malicious Package

Overview ts-einkle-slot is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2 days ago•2 views

Malicious Package

Overview ts-ankle is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2 days ago•2 views

Malicious Package

Overview ts-einkle is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2 days ago•1 views

Malicious Package

Overview gx-npm-feature-flags is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2 days ago•1 views

Malicious Package

Overview gx-npm-ui is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2 days ago•2 views

Malicious Package

Overview gx-npm-lib is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2 days ago•2 views

Malicious Package

Overview @vpms/design-system is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2 days ago•2 views

Malicious Package

Overview @epsteinlovekids483/crossmint-wallets-sdk-pentest is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 2 days ago•2 views

Malicious Package

Overview crossmint-wallets-sdk is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 3 days ago•0 views

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write in the decodedlta function. An attacker can cause memory corruption, potentially leading to information disclosure, data modification, or application crash by supplying a crafted media stream containing a malicious...

8.8CVSS5.8AI score0.00217EPSS
Exploits0References2
Snyk
Snyk
•added 3 days ago•0 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound through the processing of a 32-bit attribute count received from a remote server in the publickey subsystem. An attacker can cause a heap buffer overflow by sending a specially crafted response that trigge...

8.3CVSS6.4AI score0.00311EPSS
Exploits0References2
Snyk
Snyk
•added 3 days ago•0 views

Use of Uninitialized Resource

Overview Affected versions of this package are vulnerable to Use of Uninitialized Resource in the cleanup process of the publickey list when a parse failure occurs. An attacker can cause memory corruption or a denial of service by sending a malformed response from a malicious SSH server that...

8.3CVSS5.8AI score0.0028EPSS
Exploits0References2
Snyk
Snyk
•added 3 days ago•0 views

HTTP Request Smuggling

Overview Affected versions of this package are vulnerable to HTTP Request Smuggling in the handling of HTTP/1.1 Upgrade requests containing a Content-Length header and body on reusable keep-alive backend connections. An attacker can manipulate backend responses by crafting ambiguous HTTP messages...

6.3CVSS5.8AI score0.00202EPSS
Exploits0References2
Snyk
Snyk
•added 3 days ago•0 views

Protection Mechanism Failure

Overview Affected versions of this package are vulnerable to Protection Mechanism Failure in the extraction process. An attacker can bypass security warnings and spoof file content by crafting a RAR5 archive with specially named alternate data streams that overwrite the intended Internet-zone...

4.8CVSS5.8AI score0.00119EPSS
Exploits0References2
Snyk
Snyk
•added 4 days ago•2 views

Malicious Package

Overview @immobiliarelabs/backstage-plugin-gitlab is a malicious package. linked to a variant of the "Miasma" supply chain attack targeting the LeoPlatform npm ecosystem. A malicious actor compromised a legitimate maintainer account and used it to publish infected versions of this package in a...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 4 days ago•2 views

Malicious Package

Overview @immobiliarelabs/backstage-plugin-ldap-auth-backend is a malicious package. linked to a variant of the "Miasma" supply chain attack targeting the LeoPlatform npm ecosystem. A malicious actor compromised a legitimate maintainer account and used it to publish infected versions of this...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 4 days ago•2 views

Malicious Package

Overview @immobiliarelabs/backstage-plugin-ldap-auth is a malicious package. linked to a variant of the "Miasma" supply chain attack targeting the LeoPlatform npm ecosystem. A malicious actor compromised a legitimate maintainer account and used it to publish infected versions of this package in a...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 4 days ago•2 views

Malicious Package

Overview @immobiliarelabs/backstage-plugin-gitlab-backend is a malicious package. linked to a variant of the "Miasma" supply chain attack targeting the LeoPlatform npm ecosystem. A malicious actor compromised a legitimate maintainer account and used it to publish infected versions of this package...

9.8CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 4 days ago•6 views

Directory Traversal

Overview pnpm is a Fast, disk space efficient package manager Affected versions of this package are vulnerable to Directory Traversal via the configDependencies process. An attacker can create symlinks outside the intended directory by supplying crafted package names with traversal components in...

8.2CVSS6.5AI score
Exploits0References2
Snyk
Snyk
•added 4 days ago•6 views

Directory Traversal

Overview @pnpm/installing.env-installer is an Installer for configurational dependencies Affected versions of this package are vulnerable to Directory Traversal via the configDependencies process. An attacker can create symlinks outside the intended directory by supplying crafted package names wi...

8.2CVSS6.5AI score
Exploits0References2
Snyk
Snyk
•added 4 days ago•2 views

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path through the patch-remove process. An attacker can cause deletion of arbitrary files outside the intended directory by crafting a patch entry that resolves outside the configured patches directory...

7.1CVSS5.9AI score
Exploits0References3
Snyk
Snyk
•added 4 days ago•2 views

External Control of File Name or Path

Overview pnpm is a Fast, disk space efficient package manager Affected versions of this package are vulnerable to External Control of File Name or Path through the patch-remove process. An attacker can cause deletion of arbitrary files outside the intended directory by crafting a patch entry that...

7.1CVSS5.9AI score
Exploits0References3
Snyk
Snyk
•added 4 days ago•3 views

External Control of File Name or Path

Overview pnpm is a Fast, disk space efficient package manager Affected versions of this package are vulnerable to External Control of File Name or Path via the lockfile alias handling process. An attacker can overwrite files or directories outside the intended nodemodules directory by crafting a...

7.1CVSS5.8AI score
Exploits0References3
Snyk
Snyk
•added 4 days ago•3 views

External Control of File Name or Path

Overview @pnpm/installing.deps-restorer is a Fast installation using only pnpm-lock.yaml Affected versions of this package are vulnerable to External Control of File Name or Path via the lockfile alias handling process. An attacker can overwrite files or directories outside the intended nodemodul...

7.1CVSS5.8AI score
Exploits0References3
Snyk
Snyk
•added 4 days ago•2 views

External Control of File Name or Path

Overview @pnpm/fs.symlink-dependency is a Symlink a dependency to nodemodules Affected versions of this package are vulnerable to External Control of File Name or Path via the lockfile alias handling process. An attacker can overwrite files or directories outside the intended nodemodules director...

7.1CVSS5.8AI score
Exploits0References3
Snyk
Snyk
•added 4 days ago•5 views

External Control of File Name or Path

Overview @pnpm/installing.deps-installer is a Fast, disk space efficient installation engine Affected versions of this package are vulnerable to External Control of File Name or Path via the lockfile alias handling process. An attacker can overwrite files or directories outside the intended...

7.1CVSS5.8AI score
Exploits0References3
Snyk
Snyk
•added 4 days ago•5 views

External Control of File Name or Path

Overview @pnpm/installing.deps-resolver is a Resolves dependency graph of a package Affected versions of this package are vulnerable to External Control of File Name or Path via the lockfile alias handling process. An attacker can overwrite files or directories outside the intended nodemodules...

7.1CVSS5.8AI score
Exploits0References3
Snyk
Snyk
•added 5 days ago•2 views

External Control of File Name or Path

Overview @pnpm/releasing.commands is a Commands for deploy, pack, and publish Affected versions of this package are vulnerable to External Control of File Name or Path via the stage download process. An attacker can overwrite arbitrary files outside the intended directory by crafting a manifest...

7.1CVSS5.9AI score0.00267EPSS
Exploits1References3
Snyk
Snyk
•added 5 days ago•3 views

External Control of File Name or Path

Overview pnpm is a Fast, disk space efficient package manager Affected versions of this package are vulnerable to External Control of File Name or Path via the stage download process. An attacker can overwrite arbitrary files outside the intended directory by crafting a manifest with malicious...

7.1CVSS5.9AI score0.00267EPSS
Exploits1References3
Snyk
Snyk
•added 5 days ago•3 views

External Control of File Name or Path

Overview @pnpm/bins.resolver is a Returns bins of a package Affected versions of this package are vulnerable to External Control of File Name or Path through the handling of reserved or malformed bin names during global package operations. An attacker can cause deletion of critical directories...

7.1CVSS5.8AI score0.00286EPSS
Exploits1References3
Snyk
Snyk
•added 5 days ago•3 views

External Control of File Name or Path

Overview pnpm is a Fast, disk space efficient package manager Affected versions of this package are vulnerable to External Control of File Name or Path through the handling of reserved or malformed bin names during global package operations. An attacker can cause deletion of critical directories...

7.1CVSS5.8AI score0.00286EPSS
Exploits1References3
Snyk
Snyk
•added 5 days ago•2 views

Unsafe Dependency Resolution

Overview @pnpm/building.policy is a Create a function for filtering out dependencies that are not allowed to be built Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the approval process for dependency sources. An attacker can execute unauthorized code during...

8.8CVSS5.8AI score0.00118EPSS
Exploits1References4
Snyk
Snyk
•added 5 days ago•2 views

Unsafe Dependency Resolution

Overview pnpm is a Fast, disk space efficient package manager Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the approval process for dependency sources. An attacker can execute unauthorized code during the build lifecycle by crafting a dependency source...

8.8CVSS5.9AI score0.00118EPSS
Exploits1References4
Snyk
Snyk
•added 5 days ago•3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the Live Preview process. An attacker can submit unauthorized content and generate shareable preview URLs by leveraging insufficient permission checks. Remediation Upgrade statamic/cms to version 5.74.0, 6.20....

5.1CVSS5.8AI score
Exploits0References2
Snyk
Snyk
•added 5 days ago•3 views

CSV Injection

Overview Affected versions of this package are vulnerable to CSV Injection in the export process. An attacker can execute arbitrary spreadsheet formulas by submitting specially crafted form values that begin with formula trigger characters, which are then interpreted as live formulas when the...

6.1CVSS6AI score
Exploits0References2
Snyk
Snyk
•added 5 days ago•3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the Glide process. An attacker can cause the server to make unauthorized HTTP requests to internal network addresses by supplying a crafted URL that exploits DNS rebinding. Remediation Upgrade...

4.9CVSS5.8AI score
Exploits0References3
Snyk
Snyk
•added 5 days ago•3 views

Directory Traversal

Overview pnpm is a Fast, disk space efficient package manager Affected versions of this package are vulnerable to Directory Traversal via the patch application process. An attacker can overwrite or delete arbitrary files on the filesystem by submitting a malicious .patch file containing crafted...

7.3CVSS6.4AI score0.0027EPSS
Exploits1References2
Snyk
Snyk
•added 5 days ago•2 views

Insufficiently Protected Credentials

Overview pnpm is a Fast, disk space efficient package manager Affected versions of this package are vulnerable to Insufficiently Protected Credentials in the config and auth-header flow, which binds unscoped user-level npm authToken credentials to whatever default registry a repository-local .npm...

6.9CVSS5.8AI score0.0031EPSS
Exploits1References3
Snyk
Snyk
•added 5 days ago•2 views

Relative Path Traversal

Overview pnpm is a Fast, disk space efficient package manager Affected versions of this package are vulnerable to Relative Path Traversal in dependency alias handling, which passes alias names from package metadata into dependency linking as path components and normalizes them with path.join...

8.8CVSS5.9AI score0.00326EPSS
Exploits1References2
Snyk
Snyk
•added 5 days ago•2 views

Arbitrary Argument Injection

Overview pnpm is a Fast, disk space efficient package manager Affected versions of this package are vulnerable to Arbitrary Argument Injection in the git fetcher at fetching/git-fetcher/src/index.ts, which passes the lockfile's resolution.commit value into git fetch and git checkout without a --...

7.4CVSS6AI score0.0018EPSS
Exploits1References2
Snyk
Snyk
•added 5 days ago•2 views

Insufficient Verification of Data Authenticity

Overview pnpm is a Fast, disk space efficient package manager Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the default behavior of pnpm install, which accepts tarball content that does not match the integrity value recorded in the lockfile...

8.1CVSS5.8AI score0.00113EPSS
Exploits1References2
Snyk
Snyk
•added 5 days ago•2 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the tiff decoder. An attacker can cause a panic and potentially disrupt service by providing a specially crafted image file with an out-of-bounds strip offset. Remediation Upgrade github.com/golang/image/tiff to...

8.8CVSS5.8AI score0.00346EPSS
Exploits0References2
Snyk
Snyk
•added 5 days ago•3 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the tiff decoder. An attacker can cause a panic and potentially disrupt service by providing a specially crafted image file with an out-of-bounds strip offset. Remediation Upgrade golang.org/x/image/tiff to versio...

8.8CVSS5.8AI score0.00346EPSS
Exploits0References2
Snyk
Snyk
•added 5 days ago•3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the Control Panel fieldtype endpoints. An attacker can access metadata and content for resources without proper permissions by sending crafted requests as an authenticated user. Remediation Upgrade statamic/c...

5.3CVSS5.8AI score0.00162EPSS
Exploits0References3
Snyk
Snyk
•added 5 days ago•1 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the proxy process. An attacker can access internal network resources and cloud metadata endpoints by exploiting a race condition between DNS validation and the actual HTTP request, using DNS rebinding...

3CVSS5.8AI score
Exploits0References3
Total number of security vulnerabilities32434