Snyk Vulnerability Database

The leading database for open source vulnerabilities and cloud misconfigurations.

Embedded Malicious Code

Affecting ngx-bootstrap package, versions =18.1.4 , =19.0.3 , =19.0.4 , =20.0.3 , =20.0.4 , =20.0.5 , =20.0.6

How to fix?

Avoid using all malicious instances of the ngx-bootstrap package.

Vulnerabilities from the last week

rails-dom-testing is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship.

Directory Traversal

Affects

clearml [,2.0.2)

clearml is a ClearML - Auto-Magical Experiment Manager, Version Control, and MLOps for AI

Affected versions of this package are vulnerable to Directory Traversal via the safe_extract function. An attacker can write arbitrary files outside the intended directory by exploiting improper handling of symbolic and hard links.

SQL Injection

Affects

org.xwiki.platform:xwiki-platform-oldcore [,16.10.9) , [17.0.0-rc-1,17.4.2)

org.xwiki.platform:xwiki-platform-oldcore is a generic wiki platform offering runtime services for applications built on top of it.

Affected versions of this package are vulnerable to SQL Injection via the orderField parameter in the REST API. An attacker can execute arbitrary HQL statements by injecting crafted input, potentially leading to unauthorized data access or manipulation.

Recent vulnerabilities disclosed by Snyk

- H
Directory Traversal in cross-zip (npm)
Discovered by Miguel Coimbra
9 Oct 2025
- C
Malicious Package in relative-ci-agent (npm)
Discovered by Viorel Cojocaru
6 Oct 2025
- H
Allocation of Resources Without Limits or Throttling in pdfmake (npm)
Discovered by Ryusei Ishikawa
6 Oct 2025
- H
Prototype Pollution in algoliasearch-helper (npm)
Discovered by Yuhan Gao, Peng Zhou
26 Sept 2025
- M
Improper Validation of Syntactic Correctness of Input in github.com/nyaruka/phonenumbers (golang)
Discovered by Shai Shnaider
26 Sept 2025

We’ve disclosed
3440
vulnerabilities

by Snyk Security
Researchers

See all Snyk disclosed vulnerabilities

Report a new vulnerability

About Snyk

Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.