Lucene search
+L

36149 matches found

Snyk
Snyk
added 2026/06/23 5:59 p.m.6 views

Directory Traversal

Overview Glances is an A cross-platform curses-based monitoring tool Affected versions of this package are vulnerable to Directory Traversal through the securepopen process. An attacker can write arbitrary files, execute arbitrary commands, or exfiltrate data by modifying configuration values to...

8.5CVSS6.5AI score0.00184EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/23 5:52 p.m.5 views

HTTP Request Smuggling

Overview Affected versions of this package are vulnerable to HTTP Request Smuggling via the copyheaders process. An attacker can inject or override identity and group headers by sending specially crafted HTTP headers with underscores that bypass the header deletion step during normalization,...

8.6CVSS5.8AI score0.00246EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/23 5:52 p.m.3 views

HTTP Request Smuggling

Overview Affected versions of this package are vulnerable to HTTP Request Smuggling via the copyheaders process. An attacker can inject or override identity and group headers by sending specially crafted HTTP headers with underscores that bypass the header deletion step during normalization,...

8.6CVSS5.8AI score0.00246EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/23 5:52 p.m.5 views

HTTP Request Smuggling

Overview Affected versions of this package are vulnerable to HTTP Request Smuggling via the copyheaders process. An attacker can inject or override identity and group headers by sending specially crafted HTTP headers with underscores that bypass the header deletion step during normalization,...

8.6CVSS5.8AI score0.00246EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/23 5:52 p.m.5 views

HTTP Request Smuggling

Overview Affected versions of this package are vulnerable to HTTP Request Smuggling via the copyheaders process. An attacker can inject or override identity and group headers by sending specially crafted HTTP headers with underscores that bypass the header deletion step during normalization,...

8.6CVSS5.8AI score0.00246EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/23 5:43 p.m.9 views

Improper Neutralization of Special Elements in Data Query Logic

Overview @budibase/server is a Budibase Web Server Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the enrichContext process. An attacker can access and modify all documents in connected NoSQL databases by injecting crafted...

10CVSS5.8AI score0.00538EPSS
Exploits2References3
Snyk
Snyk
added 2026/06/23 5:42 p.m.3 views

Command Injection

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Command Injection via the sanitizeFFmpegCommand process. An attacker can execute arbitrary operating system commands by injecting a single & character into the...

9.2CVSS6AI score0.03434EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/23 5:33 p.m.4 views

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the CDCServlet process. An attacker can gain access to a user's session by inducing a logged-in user to visit a crafted URL, which results in the user's session token being sent to a...

8.3CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/23 5:33 p.m.4 views

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization via the session management endpoint. An attacker can access session credentials of other users, including those with higher privileges, by making authenticated requests with knowledge of a target user's identity...

8.5CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/23 5:24 p.m.8 views

Cross-site Scripting (XSS)

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Cross-site Scripting XSS via the webhook verification endpoints in the Meta, WhatsApp and Microsoft Teams trigger nodes, where a query parameter is reflected into the HTTP response without proper...

6.8CVSS5.9AI score0.00177EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/23 5:24 p.m.4 views

Missing Authentication for Critical Function

Overview @n8n/mcp-browser is a Browser automation MCP tools built on Playwright, WebDriver BiDi, and safaridriver Affected versions of this package are vulnerable to Missing Authentication for Critical Function through the MCP server’s HTTP request handling. An attacker can take over a user’s...

10CVSS6AI score0.00403EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/23 5:24 p.m.4 views

Exposure of Data Element to Wrong Session

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Exposure of Data Element to Wrong Session via the combineBySql Merge-node SQL Query path in combineBySql.ts. An authenticated attacker can poison the shared SQL sandbox by supplying a workflow that...

7.7CVSS6.3AI score0.00316EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/23 5:24 p.m.7 views

Improper Handling of Highly Compressed Data (Data Amplification)

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification via the Decompress operation in the Compression node. An attacker can cause the process to terminate and disrupt all workflows by sendi...

8.7CVSS5.9AI score0.00375EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/23 5:24 p.m.8 views

Improper Handling of Highly Compressed Data (Data Amplification)

Overview Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification via the Decompress operation in the Compression node. An attacker can cause the process to terminate and disrupt all workflows by sending a specially crafted compressed...

8.7CVSS5.9AI score0.00375EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/23 5:24 p.m.5 views

SQL Injection

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to SQL Injection through the prepareItems logic used by the findOneAndReplace, findOneAndUpdate, and update operations in GenericFunctions.ts and MongoDb.node.ts. An authenticated workflow editor can...

9.9CVSS6.1AI score0.0026EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/23 5:24 p.m.7 views

Prototype Pollution

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Prototype Pollution via the Microsoft SQL node’s createTableStruct and related table-grouping logic in MicrosoftSql.node.ts and GenericFunctions.ts. An authenticated user who can create or modify...

8.5CVSS6.6AI score0.00294EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/23 5:24 p.m.5 views

SQL Injection

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to SQL Injection in the postgres and timescaleDb nodes, which incorporate node parameters into database queries without adequate parameterization. A user with permission to create or modify workflows c...

9.9CVSS6.3AI score0.00394EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/23 5:15 p.m.5 views

Cross-site Scripting (XSS)

Overview OctoPrint is a snappy web interface for your 3D printer Affected versions of this package are vulnerable to Cross-site Scripting XSS in the Suppressed Command notifications process. An attacker can execute arbitrary HTML or JavaScript code by convincing a user to print a specially crafte...

6.1CVSS5.9AI score
Exploits0References2
Snyk
Snyk
added 2026/06/23 4:11 p.m.8 views

Malicious Package

Overview backoffice-charges-module is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/23 4:11 p.m.6 views

Malicious Package

Overview @muaththir/api is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/23 4:6 p.m.7 views

Malicious Package

Overview aillmgen is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/23 4:3 p.m.7 views

Malicious Package

Overview cursorai-agent is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/23 4:0 p.m.10 views

Malicious Package

Overview @ravespaceio/rave-engine is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/23 4:0 p.m.8 views

Malicious Package

Overview @ravespaceio/browser-input is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/23 3:54 p.m.7 views

Malicious Package

Overview calculate-helper is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/23 3:54 p.m.9 views

Malicious Package

Overview web3-token-helper is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/23 3:48 p.m.4 views

Malicious Package

Overview vitest-cli is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/23 3:48 p.m.4 views

Malicious Package

Overview chalk-ultra is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/23 3:38 p.m.7 views

Malicious Package

Overview sync-external is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/23 3:32 p.m.9 views

Malicious Package

Overview server-parket is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/23 3:32 p.m.21 views

Malicious Package

Overview mjs-eslint-service is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/23 3:32 p.m.16 views

Malicious Package

Overview ts-sudo is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/23 3:32 p.m.9 views

Malicious Package

Overview mjs-eslint-helper is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/23 3:27 p.m.9 views

Malicious Package

Overview ts-arithmetic-helper is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/23 3:27 p.m.10 views

Malicious Package

Overview parket-flow is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/23 3:27 p.m.10 views

Malicious Package

Overview ts-predict-helper is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/23 2:25 p.m.6 views

Deserialization of Untrusted Data

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the fetchcompletions function in reduce methods. An attacker can execute arbitrary commands by embedding...

8.1CVSS6.1AI score0.003EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/23 2:25 p.m.6 views

Deserialization of Untrusted Data

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the profile.Profile.runctx function. An attacker can execute arbitrary code by crafting a malicious pickl...

8.1CVSS6.1AI score0.00466EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/23 12:15 p.m.11 views

Malicious Package

Overview new-mjs-eslint is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/23 12:15 p.m.9 views

Malicious Package

Overview new-solt-1 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/23 12:15 p.m.11 views

Malicious Package

Overview new-ts-helper is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/23 12:15 p.m.7 views

Malicious Package

Overview poly-utils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/23 12:15 p.m.7 views

Malicious Package

Overview new-eslint-1 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/23 12:15 p.m.8 views

Malicious Package

Overview eslint-helper-1 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/23 12:15 p.m.7 views

Malicious Package

Overview new-ecro-1 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/23 12:15 p.m.7 views

Malicious Package

Overview new-solt is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/23 12:15 p.m.4 views

Malicious Package

Overview new-helper is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/23 12:15 p.m.18 views

Malicious Package

Overview new-ecro-helper is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/23 12:5 p.m.9 views

Malicious Package

Overview ts-numbering is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/23 12:5 p.m.9 views

Malicious Package

Overview local-ip-helper is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Total number of security vulnerabilities36149