
Explore packages and vulnerabilities by …
Operating system
Infrastructure as Code
Vulnerabilities from the last week
Malicious Package
rhynpm is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship.
Arbitrary Code Injection
PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent collaboration.
Affected versions of this package are vulnerable to Arbitrary Code Injection via the deploy.api.host and agents_file configuration parameters when generating Python source code for API servers. An attacker can execute arbitrary Python code by supplying crafted values to these parameters, which are incorporated into the generated server and executed when the server starts or processes requests.
Arbitrary Code Injection
Affected versions of this package are vulnerable to Arbitrary Code Injection via the process that inserts the android:versionName value from an AndroidManifest into the generated app/build.gradle Groovy template without proper sanitization. An attacker can execute arbitrary code by crafting a malicious APK that injects Groovy code, which is then run when the exported Gradle project is opened or built.
Recent vulnerabilities disclosed by Snyk
- M
Regular Expression Denial of Service (ReDoS) in angular-resource (npm)- C
Code Execution in expr-eval (npm)- M
Uncaught Exception in ts-deepmerge (npm)- H
Command Injection in degit (npm)- C
Malicious Package in moustick (npm)
Snyk security
researchers
have disclosed
3500
vulnerabilities
About Snyk dependencies vulnerability database
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.




