Homepage
Snyk Security Dog Illustration

Snyk Security Database

The leading database for open source vulnerabilities and cloud misconfigurations

Explore packages and vulnerabilities by …

Application

npmMavenpipNuGetcocoapodsComposerGo logoGoRubyGemsUnmanagedCargo logoCargoSwifthexpubConan logoConan

Operating system

DebianAlpine LinuxUbuntuRed Hat Enterprise LinuxCentOSAmazon Linux logoAmazon LinuxOracle Linux logoOracle LinuxRocky LinuxSuse Linux Enterprise ServerWolfiAlmaLinuxChainguard

Infrastructure as Code

AWSAzureGCPKubernetes

Vulnerabilities from the last week

Eval Injection

0.0
0
10
SECURITY ISSUES FOUNDINFLUENTIAL PROJECTHEALTHYACTIVE
Affects

n8n-nodes-base <1.121.15 , >=2.0.0 <2.9.1 , >=2.10.0 <2.10.1

n8n-nodes-base is a Base nodes of n8n

Affected versions of this package are vulnerable to Eval Injection. An attacker can execute arbitrary code on the host system by submitting specially crafted form data that is interpreted as an expression.

Note:

This is only exploitable if a workflow contains a form node with a field that interpolates unauthenticated user input and the field value begins with an '=' character, causing double evaluation of the content.

Malicious Package

0.0
0
10
Affects

polyutil [0,]

polyutil is a malicious package. that utilizes typosquatting to infiltrate developer environments via PyPI. Once installed, it executes obfuscated payloads designed to harvest sensitive data, including environment variables, cloud credentials, and SSH keys. This stolen information is exfiltrated to a command-and-control server. The campaign is particularly dangerous due to its use of delayed execution and professional-looking documentation to evade detection and deceive developers.

Deserialization of Untrusted Data

0.0
0
10
Affects

org.apache.camel:camel-leveldb [3.0.0,4.10.9) , [4.11.0,4.14.5) , [4.15.0,4.18.0)

Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the DefaultLevelDBSerializer class. An attacker can execute arbitrary code by injecting a crafted serialized Java object into the LevelDB database files, which is then deserialized during normal aggregation repository operations.

Recent vulnerabilities disclosed by Snyk

Snyk security
researchers
have disclosed

3467

vulnerabilities

Snyk mascot with laptop
See all Snyk disclosed vulnerabilities
Report a new vulnerability

About Snyk dependencies vulnerability database

Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.

Snyk graduation illustration