Explore packages and vulnerabilities by …
Operating system
Infrastructure as Code
Vulnerabilities from the last week
Malicious Package
SECURITY ISSUES FOUNDRECOGNIZEDSUSTAINABLELIMITED
Affects
modern-events is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship.
Insufficient Granularity of Access Control
Affects
mcp-neo4j-cypher is an A simple Neo4j MCP server
Affected versions of this package are vulnerable to Insufficient Granularity of Access Control in the read_only mode in CALL procedures. An attacker can perform unauthorized actions and potentially access internal resources by bypassing intended access restrictions through the use of specific APOC procedures.
Cross-site Scripting (XSS)
Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the AdvancedSearch module. An attacker can execute arbitrary JavaScript code in the context of a user's browser by submitting specially crafted input.
Recent vulnerabilities disclosed by Snyk
- M
Improper Input Validation in django-mdeditor (pip)- C
Remote Code Execution (RCE) in simple-git (npm)- C
- M
Cross-site Scripting (XSS) in github.com/yuin/goldmark/renderer/html (golang)- M
Division by zero in jsrsasign (npm)
Snyk security
researchers
have disclosed
3486
vulnerabilities
About Snyk dependencies vulnerability database
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.
