Homepage
Snyk Security Dog Illustration

Snyk Security Database

The leading database for open source vulnerabilities and cloud misconfigurations

Explore packages and vulnerabilities by …

Application

npmMavenpipNuGetcocoapodsComposerGo logoGoRubyGemsUnmanagedCargo logoCargoSwifthexpubConan logoConan

Operating system

DebianAlpine LinuxUbuntuRed Hat Enterprise LinuxCentOSAmazon Linux logoAmazon LinuxOracle Linux logoOracle LinuxRocky LinuxSuse Linux Enterprise ServerWolfiAlmaLinuxChainguard

Infrastructure as Code

AWSAzureGCPKubernetes

Vulnerabilities from the last week

Arbitrary Command Injection

0.0
0
10
SECURITY REVIEW NEEDEDLIMITEDINACTIVELIMITED
Affects

mcp-server-rijksmuseum *

mcp-server-rijksmuseum is a rijksmuseum logo

Affected versions of this package are vulnerable to Arbitrary Command Injection via the open_image_in_browser() function. An attacker can execute arbitrary operating system commands by manipulating the imageUrl argument remotely.

Directory Traversal

0.0
0
10
Affects

pipecat-ai [0.0.90,1.2.0)

pipecat-ai is an An open source framework for voice (and multimodal) assistants

Affected versions of this package are vulnerable to Directory Traversal via the download_file() function in the GET /files/{filename:path} endpoint when the process is started with the --folder flag. An attacker can access arbitrary files readable by the process by sending specially crafted HTTP requests containing percent-encoded path separators in the filename parameter.

Cross-site Scripting (XSS)

0.0
0
10
Affects

org.traccar:traccar [6.11.1,6.13.0)

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the email notification template system. An attacker can inject arbitrary HTML content by supplying crafted values in device, geofence, or driver name fields, which are then rendered in notification emails sent to other users, potentially leading to phishing or spoofed email content.

Recent vulnerabilities disclosed by Snyk

Snyk security
researchers
have disclosed

3488

vulnerabilities

Snyk mascot with laptop
See all Snyk disclosed vulnerabilities
Report a new vulnerability

About Snyk dependencies vulnerability database

Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.

Snyk graduation illustration