Explore packages and vulnerabilities by …
Operating system
Infrastructure as Code
Vulnerabilities from the last week
Command Injection
NO KNOWN SECURITY ISSUESKEY ECOSYSTEM PROJECTSUSTAINABLEACTIVE
Affects
systeminformation is a simple system and OS information library.
Affected versions of this package are vulnerable to Command Injection via the wifiNetworks() function. Although the iface parameter is sanitized, it is passed unsanitized to execSync() when a timeout triggers a retry. An attacker can execute arbitrary operating system commands by supplying crafted input to the iface parameter.
Arbitrary Code Injection
Affects
nltk is a Natural Language Toolkit (NLTK) is a Python package for natural language processing.
Affected versions of this package are vulnerable to Arbitrary Code Injection via the _unzip_iter() function due to the lack of validation before unpacking untrusted downloaded packages. An attacker can execute arbitrary code by supplying a specially crafted zip file.
Improper Authorization
org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services.
Affected versions of this package are vulnerable to Improper Authorization in the /protocol/docker-v2/auth endpoint, which does not ensure that the client is in “Enabled” status before granting an access token. This allows a user in possession of valid credentials and the client ID of a disabled client to bypass administrative restrictions.
Recent vulnerabilities disclosed by Snyk
- M
Infinite loop in bn.js (npm)- H
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') in directorytree/imapengine (composer)- M
Regular Expression Denial of Service (ReDoS) in markdown-it (npm)- C
Arbitrary Code Injection in jsonpath (npm)- H
CRLF Injection in github.com/lxc/incus/v6/internal/instance (golang)
Snyk security
researchers
have disclosed
3466
vulnerabilities
About Snyk dependencies vulnerability database
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.