Snyk Security Database

mgc is a Module Generate Cli

Affected versions of this package are vulnerable to Embedded Malicious Code. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and the author of this package.

vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs

Affected versions of this package are vulnerable to Improper Input Validation due to inconsistent downmixing behavior in the to_mono process. An attacker can manipulate audio inputs to cause the AI model to interpret audio differently from how it is perceived by humans, potentially leading to incorrect or malicious outputs by exploiting the discrepancy between standard audio playback and model processing.

org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Unquoted Search Path or Element in the app.setLoginItemSettings function on Windows when the executable path is written to the Run registry key without proper quoting. An attacker can execute arbitrary code at login by placing a malicious executable in an ancestor directory if the application is installed to a path containing spaces and the attacker has write access to that directory.

Note:

This is only exploitable if the application is installed in a non-standard location where ancestor directories are not protected against unauthorized writes.