Lucene search
+L

36451 matches found

Snyk
Snyk
added 2026/06/23 12:5 p.m.10 views

Malicious Package

Overview ts-numbering is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/23 12:5 p.m.10 views

Malicious Package

Overview local-ip-helper is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/23 11:57 a.m.7 views

Malicious Package

Overview libsignal-node-travatiger is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/23 11:41 a.m.9 views

Malicious Package

Overview datacamp-light is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/23 11:39 a.m.8 views

Malicious Package

Overview chai-as-uphelded is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/23 11:26 a.m.6 views

Malicious Package

Overview chai-as-attested is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/23 9:0 a.m.4 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the process that creates and forwards ServiceAccount tokens to output destinations without verifying the authorization of the creator. An attacker can gain unauthorized access to sensitive credentials by...

6.9CVSS6AI score0.00226EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/23 6:22 a.m.13 views

Malicious Package

Overview node-slot is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/23 6:22 a.m.10 views

Malicious Package

Overview ts-wross is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/23 6:19 a.m.9 views

Malicious Package

Overview node-core-libs is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/23 6:19 a.m.9 views

Malicious Package

Overview node-fetch-utils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/23 6:10 a.m.9 views

Malicious Package

Overview crud-respect is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/23 6:10 a.m.6 views

Malicious Package

Overview carousel-controller-mixin is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/23 6:10 a.m.12 views

Malicious Package

Overview respects-switch is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/23 6:10 a.m.12 views

Malicious Package

Overview setka-editor is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/23 6:10 a.m.9 views

Malicious Package

Overview onboarding-respects-modal is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/23 6:10 a.m.8 views

Malicious Package

Overview search-from-search is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/22 11:48 p.m.7 views

CSV Injection

Overview @actual-app/api is an An API for Actual Affected versions of this package are vulnerable to CSV Injection in the exportToCSV and exportQueryToCSV processes, where user-controlled input from fields such as Payee and Notes is passed to CSV export without neutralizing formula-triggering...

4.2CVSS5.9AI score0.00286EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/22 11:48 p.m.5 views

CSV Injection

Overview @actual-app/web is an Actual on the web Affected versions of this package are vulnerable to CSV Injection in the exportToCSV and exportQueryToCSV processes, where user-controlled input from fields such as Payee and Notes is passed to CSV export without neutralizing formula-triggering...

4.2CVSS5.9AI score0.00286EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/22 11:48 p.m.4 views

CSV Injection

Overview @actual-app/cli is a CLI for Actual Budget Affected versions of this package are vulnerable to CSV Injection in the exportToCSV and exportQueryToCSV processes, where user-controlled input from fields such as Payee and Notes is passed to CSV export without neutralizing formula-triggering...

4.2CVSS5.9AI score0.00286EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/22 11:48 p.m.4 views

CSV Injection

Overview Affected versions of this package are vulnerable to CSV Injection in the exportToCSV and exportQueryToCSV processes, where user-controlled input from fields such as Payee and Notes is passed to CSV export without neutralizing formula-triggering characters. An attacker can cause...

4.2CVSS5.9AI score0.00286EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/22 11:39 p.m.8 views

Server-side Request Forgery (SSRF)

Overview @budibase/backend-core is a Budibase backend core libraries used in server and worker Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the outboundFetch process. An attacker can access internal network resources and retrieve sensitive information b...

8.5CVSS5.8AI score0.00202EPSS
Exploits1References3
Snyk
Snyk
added 2026/06/22 11:33 p.m.8 views

Symlink Attack

Overview @budibase/server is a Budibase Web Server Affected versions of this package are vulnerable to Symlink Attack via the processPWAZip process. An attacker can access sensitive files on the server by uploading a crafted zip archive containing symbolic links that point to arbitrary files, whi...

9.6CVSS5.9AI score0.00494EPSS
Exploits1References3
Snyk
Snyk
added 2026/06/22 11:20 p.m.9 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview @budibase/server is a Budibase Web Server Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the externalTrigger process. An attacker can gain unauthorized access to another workspace's database and execu...

9.6CVSS6AI score0.00461EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/22 11:19 p.m.10 views

Insufficient Session Expiration

Overview @actual-app/sync-server is an actual syncing server Affected versions of this package are vulnerable to Insufficient Session Expiration due to the lack of user status verification in the validateSession process. An attacker can maintain unauthorized access to server endpoints and sensiti...

8.7CVSS5.8AI score0.00441EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/22 11:19 p.m.8 views

Missing Authorization

Overview @budibase/server is a Budibase Web Server Affected versions of this package are vulnerable to Missing Authorization via the getSignedUploadURL process. An attacker can gain unauthorized access to generate AWS S3 pre-signed PUT URLs using stored IAM credentials by sending unauthenticated...

9.4CVSS5.9AI score0.00415EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/22 11:19 p.m.10 views

Deserialization of Untrusted Data

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the ensurepip.runpip function. An attacker can execute arbitrary code by crafting malicious pickle files...

9CVSS6.2AI score0.00367EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/22 11:19 p.m.4 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the recordSelectOptionsQuery method. An attacker can bypass intended access restrictions by tampering with the Livewire component's state and submitting out-of-scope values in the Sele...

7.1CVSS5.9AI score0.00178EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/22 11:19 p.m.5 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the recordSelectOptionsQuery method. An attacker can bypass intended access restrictions by tampering with the Livewire component's state and submitting out-of-scope values in the Sele...

7.1CVSS5.9AI score0.00178EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/22 11:19 p.m.3 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the recordSelectOptionsQuery method. An attacker can bypass intended access restrictions by tampering with the Livewire component's state and submitting out-of-scope values in the Sele...

7.1CVSS5.9AI score0.00178EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/22 11:19 p.m.34 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the recordSelectOptionsQuery method. An attacker can bypass intended access restrictions by tampering with the Livewire component's state and submitting out-of-scope values in the Sele...

7.1CVSS5.9AI score0.00178EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/22 11:19 p.m.7 views

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect in the normalization of the HTTP Location header during redirects. An attacker can redirect users to an arbitrary external site by supplying specially crafted input containing ASCII tab, carriage return, or newline...

6.1CVSS5.9AI score0.00161EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/22 11:19 p.m.6 views

Deserialization of Untrusted Data

Overview picklescan is a Security scanner detecting Python Pickle files performing suspicious actions Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the idlelib.autocomplete.AutoComplete.getentity function. An attacker can execute arbitrary commands by...

9CVSS6.2AI score0.00248EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/22 11:19 p.m.6 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the ImageColumn or ImageEntry components rendering raw database values without escaping HTML. An attacker can execute arbitrary HTML or JavaScript in the context of affected users by injecting malicious...

6.4CVSS5.9AI score0.00148EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/22 11:19 p.m.5 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the ImageColumn or ImageEntry components rendering raw database values without escaping HTML. An attacker can execute arbitrary HTML or JavaScript in the context of affected users by injecting malicious...

6.4CVSS5.9AI score0.00148EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/22 11:19 p.m.5 views

Missing Authorization

Overview filament/filament is an A collection of full-stack components for accelerated Laravel app development. Affected versions of this package are vulnerable to Missing Authorization through the WithFileUploads trait. An attacker can upload arbitrary files to temporary storage by submitting...

6.9CVSS6AI score0.00207EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/22 11:19 p.m.4 views

Timing Attack

Overview filament/filament is an A collection of full-stack components for accelerated Laravel app development. Affected versions of this package are vulnerable to Timing Attack via the login page. An attacker can determine whether specific email addresses are registered by measuring response tim...

6.9CVSS5.9AI score0.0021EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/22 11:18 p.m.7 views

Improper Enforcement of Behavioral Workflow

Overview filament/filament is an A collection of full-stack components for accelerated Laravel app development. Affected versions of this package are vulnerable to Improper Enforcement of Behavioral Workflow through the improper handling of recovery codes in app-based multi-factor authentication...

9.1CVSS5.9AI score0.00193EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/22 11:18 p.m.7 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the RichEditor field when it is disabled, as its state is rendered without sanitizing HTML content. An attacker can execute arbitrary HTML or JavaScript in the context of users viewing the form by injecting...

7.6CVSS5.9AI score0.00168EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/22 11:16 p.m.9 views

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect via the reloadNuxtApp function. An attacker can redirect users to attacker-controlled hosts by injecting protocol-relative paths such as //evil.com, potentially enabling phishing attacks or theft of OAuth authorization...

9.6CVSS5.9AI score0.00191EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/22 11:16 p.m.3 views

Open Redirect

Overview org.webjars.npm:nuxt is a Affected versions of this package are vulnerable to Open Redirect via the reloadNuxtApp function. An attacker can redirect users to attacker-controlled hosts by injecting protocol-relative paths such as //evil.com, potentially enabling phishing attacks or theft ...

9.6CVSS6AI score0.00191EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/22 11:16 p.m.11 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the navigateTo open option. An attacker can execute arbitrary scripts in the application's origin by supplying a crafted open parameter containing a script-capable URL. Details Cross-site scripting or XSS is...

9.6CVSS5.9AI score0.00234EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/22 11:16 p.m.3 views

Cross-site Scripting (XSS)

Overview org.webjars.npm:nuxt is a Affected versions of this package are vulnerable to Cross-site Scripting XSS via the navigateTo open option. An attacker can execute arbitrary scripts in the application's origin by supplying a crafted open parameter containing a script-capable URL. Details...

9.6CVSS5.9AI score0.00234EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/22 11:15 p.m.5 views

Missing Authorization

Overview @budibase/server is a Budibase Web Server Affected versions of this package are vulnerable to Missing Authorization via the getSignedUploadURL process. An attacker can perform unauthorized arbitrary object uploads to S3 buckets by sending crafted requests to the unauthenticated endpoint,...

7.4CVSS5.9AI score0.0029EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/22 11:8 p.m.8 views

Cross-site Request Forgery (CSRF)

Overview @budibase/server is a Budibase Web Server Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF through the handoffChatLinkSession process. An attacker can gain unauthorized access to another user's account by crafting a malicious link containing their own...

8.5CVSS5.8AI score0.00192EPSS
Exploits1References3
Snyk
Snyk
added 2026/06/22 11:7 p.m.6 views

Improper Handling of Length Parameter Inconsistency

Overview zeroconf is a Pure Python Multicast DNS Service Discovery Library Bonjour/Avahi compatible Affected versions of this package are vulnerable to Improper Handling of Length Parameter Inconsistency via the readcharacterstring and readstring functions. An attacker can inject malicious...

7.1CVSS5.9AI score0.00318EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/22 11:0 p.m.7 views

Cross-site Scripting (XSS)

Overview org.webjars.npm:devbridge-autocomplete is an Autocomplete provides suggestions while you type into the text field. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the formatGroup and formatResult functions. An attacker can inject and execute arbitrary HTM...

5.4CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/22 11:0 p.m.9 views

Cross-site Scripting (XSS)

Overview devbridge-autocomplete is an Autocomplete provides suggestions while you type into the text field. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the formatGroup and formatResult functions. An attacker can inject and execute arbitrary HTML or JavaScript...

5.4CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/22 10:57 p.m.5 views

Prototype Pollution

Overview scim-patch is a SCIM Patch operation rfc7644. Affected versions of this package are vulnerable to Prototype Pollution via the scimPatch function. An attacker can modify the Object.prototype by supplying specially crafted keys in a patch operation, which can lead to privilege escalation,...

9.1CVSS6.5AI score
Exploits0References2
Snyk
Snyk
added 2026/06/22 10:57 p.m.5 views

Cleartext Storage of Sensitive Information

Overview Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information due to storing sensitive enrollment tokens in plaintext within the enrollmenttokens.token column of the database. An attacker can gain unauthorized access to host identities by reading the...

8.1CVSS5.8AI score
Exploits0References2
Total number of security vulnerabilities36451