Homepage
Snyk Security Dog Illustration

Snyk Security Database

The leading database for open source vulnerabilities and cloud misconfigurations

Explore packages and vulnerabilities by …

Application

npmMavenpipNuGetcocoapodsComposerGo logoGoRubyGemsUnmanagedCargo logoCargoSwifthexpubConan logoConan

Operating system

DebianAlpine LinuxUbuntuRed Hat Enterprise LinuxCentOSAmazon Linux logoAmazon LinuxOracle Linux logoOracle LinuxRocky LinuxSuse Linux Enterprise ServerWolfiAlmaLinuxChainguard

Infrastructure as Code

AWSAzureGCPKubernetes

Vulnerabilities from the last week

Missing Authentication for Critical Function

0.0
0
10
NO KNOWN SECURITY ISSUESLIMITEDHEALTHYSUSTAINABLE
Affects

@mcpjam/inspector <1.4.3

@mcpjam/inspector is a MCPJam Inspector

Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the connect route in the HTTP API. An attacker can execute arbitrary commands on the host system by sending a crafted HTTP request containing malicious command and args fields, which are processed without authentication or authorization checks.

Allocation of Resources Without Limits or Throttling

0.0
0
10
Affects

pyasn1 [,0.6.2)

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the valueDecoder function in decoder.py. An attacker can cause memory exhaustion by submitting a malformed RELATIVE-OID containing excessive continuation octets.

External Control of File Name or Path

0.0
0
10
Affects

com.wepay.kcbq:kcbq-connector [0,]

Affected versions of this package are vulnerable to External Control of File Name or Path via the processing of externally-supplied credential configuration files. An attacker can access arbitrary files or perform server-side request forgery by providing a crafted configuration with malicious credential_source.file paths or credential_source.url endpoints.

Recent vulnerabilities disclosed by Snyk

Snyk security
researchers
have disclosed

3457

vulnerabilities

Snyk mascot with laptop
See all Snyk disclosed vulnerabilities
Report a new vulnerability

About Snyk dependencies vulnerability database

Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.

Snyk graduation illustration