[go: up one dir, main page]
Homepage
Snyk Security Dog Illustration

Snyk Security Database

The leading database for open source vulnerabilities and cloud misconfigurations

Explore packages and vulnerabilities by …

Application

npmMavenpipNuGetcocoapodsComposerGo logoGoRubyGemsUnmanagedCargo logoCargoSwifthexpubConan logoConan

Operating system

DebianAlpine LinuxUbuntuRed Hat Enterprise LinuxCentOSAmazon Linux logoAmazon LinuxOracle Linux logoOracle LinuxRocky LinuxSuse Linux Enterprise ServerWolfiAlmaLinuxChainguard

Infrastructure as Code

AWSAzureGCPKubernetes

Vulnerabilities from the last week

Malicious Package

0.0
0
10
SECURITY REVIEW NEEDEDLIMITEDSUSTAINABLELIMITED
Affects

rank4222wun *

rank4222wun is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship.

Command Injection

0.0
0
10
Affects

open-webui [0,]

open-webui is an Open WebUI

Affected versions of this package are vulnerable to Command Injection via the install_frontmatter_requirements function. An attacker can execute arbitrary code in the context of the service account by supplying crafted input that is not properly validated before being used in a system call.

*Note: This is only exploitable if the attacker is authenticated.

Deserialization of Untrusted Data

0.0
0
10
Affects

org.apache.karaf.decanter.collector:org.apache.karaf.decanter.collector.log.socket [,2.12.0)

Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the log-socket collector process. An attacker can execute arbitrary code or cause a denial of service by sending specially crafted serialized objects to the exposed port 4560 when the allowed classes property is configured in a way that can be bypassed.

Note: This is only exploitable if the Decanter log socket collector is installed and configured to expose the allowed classes property.

Recent vulnerabilities disclosed by Snyk

    • H
    CRLF Injection in github.com/lxc/incus/v6/internal/instance (golang)
    Discovered by rmcnamara-snyk
    26 Jan 2026
    • H
    CRLF Injection in github.com/lxc/incus/internal/instance (golang)
    Discovered by rmcnamara-snyk
    26 Jan 2026
    • H
    Directory Traversal in github.com/lxc/incus/v6/internal/server/instance/drivers (golang)
    Discovered by rmcnamara-snyk
    26 Jan 2026
    • H
    Directory Traversal in github.com/lxc/incus/internal/server/instance/drivers (golang)
    Discovered by rmcnamara-snyk
    26 Jan 2026
    • M
    Discovered by Guiyi He
    22 Jan 2026

Snyk security
researchers
have disclosed

3462

vulnerabilities

Snyk mascot with laptop
See all Snyk disclosed vulnerabilities
Report a new vulnerability

About Snyk dependencies vulnerability database

Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.

Snyk graduation illustration