Snyk Security Database

@workflow/core is a Core runtime and engine for Workflow DevKit

Affected versions of this package are vulnerable to Weak Password Recovery Mechanism for Forgotten Password via the createWebhook function. An attacker can gain unauthorized access to workflow execution by guessing predictable tokens and injecting arbitrary payloads through the public webhook endpoint. This can lead to unintended actions such as triggering API calls, database modifications, or deployments.

mcp-memory-service is an Open-source persistent memory for AI agent pipelines and Claude. REST API + semantic search + knowledge graph + autonomous consolidation. Self-host, zero cloud cost.

Affected versions of this package are vulnerable to Information Exposure in the /api/health/detailed endpoint when MCP_ALLOW_ANONYMOUS_ACCESS=true is set, allowing unauthenticated users to access detailed system and environment information, including OS version, Python version, CPU count, memory and disk statistics, and the full database filesystem path. An attacker can obtain sensitive reconnaissance data by sending unauthenticated requests to this endpoint.

org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services.

Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input via improper validation of encrypted SAML assertions. An attacker can gain unauthorized access by submitting specially crafted SAML assertions.