Homepage
Snyk Security Dog Illustration

Snyk Security Database

The leading database for open source vulnerabilities and cloud misconfigurations

Explore packages and vulnerabilities by …

Application

npmMavenpipNuGetcocoapodsComposerGo logoGoRubyGemsUnmanagedCargo logoCargoSwifthexpubConan logoConan

Operating system

DebianAlpine LinuxUbuntuRed Hat Enterprise LinuxCentOSAmazon Linux logoAmazon LinuxOracle Linux logoOracle LinuxRocky LinuxSuse Linux Enterprise ServerWolfiAlmaLinuxChainguard

Infrastructure as Code

AWSAzureGCPKubernetes

Vulnerabilities from the last week

Embedded Malicious Code

0.0
0
10
NO KNOWN SECURITY ISSUESLIMITEDSUSTAINABLELIMITED
Affects

@emilgroup/customer-sdk =1.54.1 , =1.54.2 , =1.54.3 , =1.54.4 , =1.54.5

Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released on NPM. They contain malicious code, and its content was NOT yet removed from the official package manager.

A postinstall hook with Python payload was added that actively harvests npm authentication tokens from the victim's machine.

Directory Traversal

0.0
0
10
Affects

mesop [,1.2.3)

mesop is a Build UIs in Python

Affected versions of this package are vulnerable to Directory Traversal via the UI stream payload when FileStateSessionBackend is configured. An attacker can cause application crashes or manipulate files by supplying a crafted state_token payload through the UI stream, which targets arbitrary files on disk. This can lead to denial of service or unauthorized file overwrite and deletion.

Server-side Request Forgery (SSRF)

0.0
0
10
Affects

io.spinnaker.orca:orca-core [,2025.2.4) , [2025.3.0,2025.3.1) , [2025.4.0,2025.4.1) , [2026.0.0,]

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) in the URL validation logic due to improper handling of underscores in hostnames. An attacker can access internal resources or sensitive endpoints by submitting specially crafted URLs containing underscores, bypassing intended validation checks.

Recent vulnerabilities disclosed by Snyk

Snyk security
researchers
have disclosed

3482

vulnerabilities

Snyk mascot with laptop
See all Snyk disclosed vulnerabilities
Report a new vulnerability

About Snyk dependencies vulnerability database

Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.

Snyk graduation illustration