Homepage
Snyk Security Dog Illustration

Snyk Security Database

The leading database for open source vulnerabilities and cloud misconfigurations

Explore packages and vulnerabilities by …

Application

npmMavenpipNuGetcocoapodsComposerGo logoGoRubyGemsUnmanagedCargo logoCargoSwifthexpubConan logoConan

Operating system

DebianAlpine LinuxUbuntuRed Hat Enterprise LinuxCentOSAmazon Linux logoAmazon LinuxOracle Linux logoOracle LinuxRocky LinuxSuse Linux Enterprise ServerWolfiAlmaLinuxChainguard

Infrastructure as Code

AWSAzureGCPKubernetes

Vulnerabilities from the last week

UNIX Symbolic Link (Symlink) Following

0.0
0
10
NO KNOWN SECURITY ISSUESINFLUENTIAL PROJECTHEALTHYLIMITED
Affects

@anthropic-ai/claude-code <2.1.7

@anthropic-ai/claude-code is an Use Claude, Anthropic's AI assistant, right from your terminal. Claude can understand your codebase, edit files, run terminal commands, and handle entire workflows for you.

Affected versions of this package are vulnerable to UNIX Symbolic Link (Symlink) Following via the file access process. An attacker can access restricted files by leveraging symbolic links to bypass deny rules configured in settings.json.

Arbitrary Code Injection

0.0
0
10
Affects

fermat-mcp [0,]

fermat-mcp is a MCP Server for mathematical computation and plotting.

Affected versions of this package are vulnerable to Arbitrary Code Injection via the eqn_chart function. An attacker can execute arbitrary code by supplying crafted input to the equations argument.

Improper Output Neutralization for Logs

0.0
0
10
Affects

org.neo4j:neo4j [,2026.01.3)

org.neo4j:neo4j is a Neo4j is a graph database management system developed by Neo4j, Inc.

Affected versions of this package are vulnerable to Improper Output Neutralization for Logs due to insufficient escaping of unicode characters in query.log output. A user can inject a malicious log line after a newline character, which includes misleading information.

Recent vulnerabilities disclosed by Snyk

    • C
    Arbitrary Code Injection in jsonpath (npm)
    Discovered by Nick Copi
    5 Feb 2026
    • H
    CRLF Injection in github.com/lxc/incus/v6/internal/instance (golang)
    Discovered by rmcnamara-snyk
    26 Jan 2026
    • H
    CRLF Injection in github.com/lxc/incus/internal/instance (golang)
    Discovered by rmcnamara-snyk
    26 Jan 2026
    • H
    Directory Traversal in github.com/lxc/incus/v6/internal/server/instance/drivers (golang)
    Discovered by rmcnamara-snyk
    26 Jan 2026
    • H
    Directory Traversal in github.com/lxc/incus/internal/server/instance/drivers (golang)
    Discovered by rmcnamara-snyk
    26 Jan 2026

Snyk security
researchers
have disclosed

3463

vulnerabilities

Snyk mascot with laptop
See all Snyk disclosed vulnerabilities
Report a new vulnerability

About Snyk dependencies vulnerability database

Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.

Snyk graduation illustration