Homepage
Snyk Security Dog Illustration

Snyk Security Database

The leading database for open source vulnerabilities and cloud misconfigurations

Explore packages and vulnerabilities by …

Application

npmMavenpipNuGetcocoapodsComposerGo logoGoRubyGemsUnmanagedCargo logoCargoSwifthexpubConan logoConan

Operating system

DebianAlpine LinuxUbuntuRed Hat Enterprise LinuxCentOSAmazon Linux logoAmazon LinuxOracle Linux logoOracle LinuxRocky LinuxSuse Linux Enterprise ServerWolfiAlmaLinuxChainguard

Infrastructure as Code

AWSAzureGCPKubernetes

Vulnerabilities from the last week

Malicious Package

0.0
0
10
SECURITY ISSUES FOUNDLIMITEDSUSTAINABLELIMITED
Affects

banquet-runtime-modules *

banquet-runtime-modules is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship.

Missing Authentication for Critical Function

0.0
0
10
Affects

plone.app.discussion [,5.2.0)

Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to the improper versification of user identify in comment posting feature. An attacker can exploit this vulnerability by impersonating a registered user, potentially leading to unauthorized actions being attributed to the legitimate user.

Prototype Pollution

0.0
0
10
Affects

org.webjars.npm:jsonpath [0,]

org.webjars.npm:jsonpath is a Query JavaScript objects with JSONPath expressions. Robust / safe JSONPath engine for Node.js.

Affected versions of this package are vulnerable to Prototype Pollution via the value function. An attacker can modify the prototype of built-in objects by supplying crafted input.

Recent vulnerabilities disclosed by Snyk

    • C
    Arbitrary Code Injection in jsonpath (npm)
    Discovered by Nick Copi
    5 Feb 2026
    • H
    CRLF Injection in github.com/lxc/incus/v6/internal/instance (golang)
    Discovered by rmcnamara-snyk
    26 Jan 2026
    • H
    CRLF Injection in github.com/lxc/incus/internal/instance (golang)
    Discovered by rmcnamara-snyk
    26 Jan 2026
    • H
    Directory Traversal in github.com/lxc/incus/v6/internal/server/instance/drivers (golang)
    Discovered by rmcnamara-snyk
    26 Jan 2026
    • H
    Directory Traversal in github.com/lxc/incus/internal/server/instance/drivers (golang)
    Discovered by rmcnamara-snyk
    26 Jan 2026

Snyk security
researchers
have disclosed

3463

vulnerabilities

Snyk mascot with laptop
See all Snyk disclosed vulnerabilities
Report a new vulnerability

About Snyk dependencies vulnerability database

Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.

Snyk graduation illustration