Explore packages and vulnerabilities by …
Operating system
Infrastructure as Code
Vulnerabilities from the last week
Arbitrary Command Injection
NO KNOWN SECURITY ISSUESINFLUENTIAL PROJECTINACTIVELIMITED
Affects
ngrok is a node wrapper for ngrok
Affected versions of this package are vulnerable to Arbitrary Command Injection via unsanitized input passed to the getVersion() function. An attacker can execute arbitrary system commands by supplying crafted input.
Server-side Request Forgery (SSRF)
pydantic-ai-slim is an Agent Framework / shim to use Pydantic with LLMs, slim package
Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) due to the blocklist bypass via additional IPv6 transition forms when force_download='allow-local' is enabled. An attacker can access sensitive cloud IAM short-term credentials by bypassing the cloud-metadata blocklist using IPv6 transition forms such as IPv4-compatible, SIIT/IVI, and local NAT64 IPv6 addresses. This is only exploitable if the application is running on a network that routes the affected IPv6 transition forms, such as NAT64-configured networks or networks with an ISATAP tunnel.
Note:
This issue is due to incomplete fix for CVE-2026-46678.
Incorrect Authorization
Affected versions of this package are vulnerable to Incorrect Authorization in the alert instances. An attacker can gain unauthorized access to sensitive alert information by exploiting insufficient authorization checks.
Recent vulnerabilities disclosed by Snyk
- M
Uncaught Exception in ts-deepmerge (npm)- H
Command Injection in degit (npm)- C
Malicious Package in moustick (npm)- C
Malicious Package in cookie-parser-legacy (npm)- M
Arbitrary File Write via Archive Extraction (Zip Slip) in decompress (npm)
Snyk security
researchers
have disclosed
3498
vulnerabilities
About Snyk dependencies vulnerability database
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.
