Homepage
Snyk Security Dog Illustration

Snyk Security Database

The leading database for open source vulnerabilities and cloud misconfigurations

Explore packages and vulnerabilities by …

Application

npmMavenpipNuGetcocoapodsComposerGo logoGoRubyGemsUnmanagedCargo logoCargoSwifthexpubConan logoConan

Operating system

DebianAlpine LinuxUbuntuRed Hat Enterprise LinuxCentOSAmazon Linux logoAmazon LinuxOracle Linux logoOracle LinuxRocky LinuxSuse Linux Enterprise ServerWolfiAlmaLinuxChainguard

Infrastructure as Code

AWSAzureGCPKubernetes

Vulnerabilities from the last week

Malicious Package

0.0
0
10
SECURITY ISSUES FOUNDLIMITEDSUSTAINABLELIMITED
Affects

0xhash-utils *

0xhash-utils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship.

Deserialization of Untrusted Data

0.0
0
10
Affects

boltz [2.0.0,]

boltz is a Boltz

Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the mol.py file. An attacker with the ability to place a malicious pickle file in a directory can execute arbitrary code without validation.

Insertion of Sensitive Information into Log File

0.0
0
10
Affects

org.neo4j:neo4j-configuration [,5.26.21) , [2025.01.0,2026.01.3)

Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the obfuscate_literals option in query logging. An attacker can access sensitive information by reading unredacted error data in the query logs when queries fail.

Notes:

This is only exploitable if the attacker has legitimate access to the local log files and can execute queries that trigger errors.

If your configuration had db.logs.query.obfuscate_literals enabled, and you wish the obfuscation to cover the error messages as well, you need to enable the new configuration setting db.logs.query.obfuscate_errors once you have upgraded Neo4j.

Recent vulnerabilities disclosed by Snyk

    • C
    Arbitrary Code Injection in jsonpath (npm)
    Discovered by Nick Copi
    5 Feb 2026
    • H
    CRLF Injection in github.com/lxc/incus/v6/internal/instance (golang)
    Discovered by rmcnamara-snyk
    26 Jan 2026
    • H
    CRLF Injection in github.com/lxc/incus/internal/instance (golang)
    Discovered by rmcnamara-snyk
    26 Jan 2026
    • H
    Directory Traversal in github.com/lxc/incus/v6/internal/server/instance/drivers (golang)
    Discovered by rmcnamara-snyk
    26 Jan 2026
    • H
    Directory Traversal in github.com/lxc/incus/internal/server/instance/drivers (golang)
    Discovered by rmcnamara-snyk
    26 Jan 2026

Snyk security
researchers
have disclosed

3463

vulnerabilities

Snyk mascot with laptop
See all Snyk disclosed vulnerabilities
Report a new vulnerability

About Snyk dependencies vulnerability database

Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.

Snyk graduation illustration