
Explore packages and vulnerabilities by …
Operating system
Infrastructure as Code
Vulnerabilities from the last week
Malicious Package
crypto-promiser is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship.
Incomplete List of Disallowed Inputs
RestrictedPython is a RestrictedPython is a defined subset of the Python language which allows to provide a program input into a trusted environment.
Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs via the check_function_argument_names process. An attacker can bypass access controls by shadowing protected guard hook names such as __getattr__, _getitem_, _write_, or _print_ through positional-only arguments, potentially circumventing the embedding application's security policy.
Improper Authorization
Affected versions of this package are vulnerable to Improper Authorization in the GraphQL API's getDocumentContent and besluiten operations. An attacker can access sensitive personal data belonging to other users by querying these endpoints without proper authorization checks. This is achieved by enumerating decision records and retrieving associated document contents through the exposed GraphQL queries.
Recent vulnerabilities disclosed by Snyk
- C
Code Execution in expr-eval (npm)- M
Uncaught Exception in ts-deepmerge (npm)- H
Command Injection in degit (npm)- C
Malicious Package in moustick (npm)- C
Malicious Package in cookie-parser-legacy (npm)
Snyk security
researchers
have disclosed
3499
vulnerabilities
About Snyk dependencies vulnerability database
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.




