
Explore packages and vulnerabilities by …
Operating system
Infrastructure as Code
Vulnerabilities from the last week
Malicious Package
getd-content-management is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship.
Missing Authorization
nexent is a Nexent Agent Framework
Affected versions of this package are vulnerable to Missing Authorization through the DELETE /storage/{object_name:path} endpoint, which does not enforce authentication, authorization, or input validation. An attacker can remove arbitrary files from the underlying storage by sending crafted requests with a user-controlled object_name path parameter, resulting in data loss and potential service disruption.
Arbitrary Code Injection
Affected versions of this package are vulnerable to Arbitrary Code Injection via the testConnection API when a malicious H2 JDBC URL is supplied, which leverages the H2 INIT parameter. An attacker can execute arbitrary Java code on the server by sending a crafted request to the API endpoint. This is only exploitable if the application is configured to use H2 as the database backend.
Recent vulnerabilities disclosed by Snyk
- C
Code Execution in expr-eval (npm)- M
Uncaught Exception in ts-deepmerge (npm)- H
Command Injection in degit (npm)- C
Malicious Package in moustick (npm)- C
Malicious Package in cookie-parser-legacy (npm)
Snyk security
researchers
have disclosed
3499
vulnerabilities
About Snyk dependencies vulnerability database
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.




