Explore packages and vulnerabilities by …
Operating system
Infrastructure as Code
Vulnerabilities from the last week
Malicious Package
SECURITY ISSUES FOUNDSMALLSUSTAINABLELIMITED
Affects
ansi-universal-ui is a malicious package. This package contains malicious code, and it has NOT been removed from the official package manager yet.
The package sets up a standalone Python runtime and downloads an obfuscated payload from an Appwrite storage bucket that, upon execution, performs an extensive search for sensitive user data, including browser and cloud credentials, cryptocurrency wallets, and messaging platform tokens.
Server-side Request Forgery (SSRF)
Affects
agentos-taskweaver is an A code-first agent framework for seamlessly planning and executing data analytics tasks
Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the network configuration process. An attacker can access local services running on the host system by sending crafted requests from within a container environment. This is only exploitable if the application is running in a Docker, Podman, or Containerd container on MacOS or Windows hosts, where special internal hostnames are available to the container.
Improperly Controlled Sequential Memory Allocation
Affects
com.foxinmy:weixin4j-base is a 微信开发基础工程
Affected versions of this package are vulnerable to Improperly Controlled Sequential Memory Allocation due to improper control of memory allocation in the CharArrayBuffer and ClassUtil components. An attacker can cause excessive memory consumption by providing specially crafted input that triggers uncontrolled allocation.
Recent vulnerabilities disclosed by Snyk
- H
CRLF Injection in github.com/lxc/incus/v6/internal/instance (golang)- H
CRLF Injection in github.com/lxc/incus/internal/instance (golang)- H
Directory Traversal in github.com/lxc/incus/v6/internal/server/instance/drivers (golang)- H
Directory Traversal in github.com/lxc/incus/internal/server/instance/drivers (golang)- M
Regular Expression Denial of Service (ReDoS) in diff (npm)
Snyk security
researchers
have disclosed
3462
vulnerabilities
About Snyk dependencies vulnerability database
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.
