Explore packages and vulnerabilities by …
Operating system
Infrastructure as Code
Vulnerabilities from the last week
Malicious Package
Affects
@sap-px/pxapi is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship.
Missing Authentication for Critical Function
Affects
openviking is an An Agent-native context database
Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the bot proxy router. An attacker can gain unauthorized access to protected bot proxy functionality by sending requests to the POST /bot/v1/chat and POST /bot/v1/chat/stream endpoints without providing valid credentials.
HTTP Request Smuggling
Affects
io.undertow:undertow-core is a Java web server based on non-blocking IO.
Affected versions of this package are vulnerable to HTTP Request Smuggling via discrepancies in the parsing of HTTP header names. An attacker can bypass security controls and access unauthorized resources by sending specially crafted HTTP requests that are interpreted differently by upstream proxies and the server.
Recent vulnerabilities disclosed by Snyk
- M
Cross-site Scripting (XSS) in github.com/yuin/goldmark/renderer/html (golang)- M
Division by zero in jsrsasign (npm)- H
Incorrect Conversion between Numeric Types in jsrsasign (npm)- C
Missing Cryptographic Step in jsrsasign (npm)- C
Improper Verification of Cryptographic Signature in jsrsasign (npm)
Snyk security
researchers
have disclosed
3483
vulnerabilities
About Snyk dependencies vulnerability database
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.
