Explore packages and vulnerabilities by …
Operating system
Infrastructure as Code
Vulnerabilities from the last week
Malicious Package
SECURITY ISSUES FOUNDLIMITEDSUSTAINABLELIMITED
Affects
ambar-src is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship.
Dynamic Variable Evaluation
pretix is a Reinventing presales, one ticket at a time
Affected versions of this package are vulnerable to Dynamic Variable Evaluation via the evaluation of placeholders in email templates. An attacker can access sensitive system information, such as configuration files, database passwords, or API keys, by crafting malicious placeholder names and injecting them into email subjects or bodies.
Note: Exploitation requires the attacker to have control over email templates or to influence buyer-controlled placeholders.
Arbitrary Code Injection
Affected versions of this package are vulnerable to Arbitrary Code Injection in the SpecificCompiler class, when handling untrusted Avro schemas. An attacker can execute code by supplying a malicious schema with commands injected in doc comment values, which can be executed during compilation.
Recent vulnerabilities disclosed by Snyk
- H
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') in directorytree/imapengine (composer)- M
Regular Expression Denial of Service (ReDoS) in markdown-it (npm)- C
Arbitrary Code Injection in jsonpath (npm)- H
CRLF Injection in github.com/lxc/incus/v6/internal/instance (golang)- H
CRLF Injection in github.com/lxc/incus/internal/instance (golang)
Snyk security
researchers
have disclosed
3465
vulnerabilities
About Snyk dependencies vulnerability database
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.
