Homepage
Snyk Security Dog Illustration

Snyk Security Database

The leading database for open source vulnerabilities and cloud misconfigurations

Explore packages and vulnerabilities by …

Application

npmMavenpipNuGetcocoapodsComposerGo logoGoRubyGemsUnmanagedCargo logoCargoSwifthexpubConan logoConan

Operating system

DebianAlpine LinuxUbuntuRed Hat Enterprise LinuxCentOSAmazon Linux logoAmazon LinuxOracle Linux logoOracle LinuxRocky LinuxSuse Linux Enterprise ServerWolfiAlmaLinuxChainguard

Infrastructure as Code

AWSAzureGCPKubernetes

Vulnerabilities from the last week

Malicious Package

0.0
0
10
Affects

@rsgweb/tina *

@rsgweb/tina is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship.

Deserialization of Untrusted Data

0.0
0
10
Affects

boltz [2.0.0,]

boltz is a Boltz

Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the mol.py file. An attacker with the ability to place a malicious pickle file in a directory can execute arbitrary code without validation.

Server-side Request Forgery (SSRF)

0.0
0
10
Affects

org.webjars.npm:webpack [5.75.0,]

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the HttpUriPlugin component. An attacker can cause unauthorized outbound requests to internal or otherwise restricted endpoints and include untrusted content in build outputs by crafting URLs with userinfo components that bypass allow-list validation.

Note:

This is only exploitable if experiments.buildHttp is enabled.

Recent vulnerabilities disclosed by Snyk

    • C
    Arbitrary Code Injection in jsonpath (npm)
    Discovered by Nick Copi
    5 Feb 2026
    • H
    CRLF Injection in github.com/lxc/incus/v6/internal/instance (golang)
    Discovered by rmcnamara-snyk
    26 Jan 2026
    • H
    CRLF Injection in github.com/lxc/incus/internal/instance (golang)
    Discovered by rmcnamara-snyk
    26 Jan 2026
    • H
    Directory Traversal in github.com/lxc/incus/v6/internal/server/instance/drivers (golang)
    Discovered by rmcnamara-snyk
    26 Jan 2026
    • H
    Directory Traversal in github.com/lxc/incus/internal/server/instance/drivers (golang)
    Discovered by rmcnamara-snyk
    26 Jan 2026

Snyk security
researchers
have disclosed

3463

vulnerabilities

Snyk mascot with laptop
See all Snyk disclosed vulnerabilities
Report a new vulnerability

About Snyk dependencies vulnerability database

Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.

Snyk graduation illustration