Homepage
Snyk Security Dog Illustration

Snyk Security Database

The leading database for open source vulnerabilities and cloud misconfigurations

Explore packages and vulnerabilities by …

Application

npmMavenpipNuGetcocoapodsComposerGo logoGoRubyGemsUnmanagedCargo logoCargoSwifthexpubConan logoConan

Operating system

DebianAlpine LinuxUbuntuRed Hat Enterprise LinuxCentOSAmazon Linux logoAmazon LinuxOracle Linux logoOracle LinuxRocky LinuxSuse Linux Enterprise ServerWolfiAlmaLinuxChainguard

Infrastructure as Code

AWSAzureGCPKubernetes

Vulnerabilities from the last week

Use of Incorrectly-Resolved Name or Reference

0.0
0
10
SECURITY ISSUES FOUNDLIMITEDSUSTAINABLELIMITED
Affects

@openclaw/synology-chat >=0.0.0

@openclaw/synology-chat is a Synology Chat channel plugin for OpenClaw

Affected versions of this package are vulnerable to Use of Incorrectly-Resolved Name or Reference via the webhook-handler process. An attacker can redirect message replies to an unintended user by exploiting mutable username resolution instead of relying on a stable user identifier.

Server-side Request Forgery (SSRF)

0.0
0
10
Affects

streamlit [,1.54.0)

streamlit is a The fastest way to build data apps in Python

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) due to improper validation of filesystem paths in the ComponentRequestHandler process. An attacker can trigger outbound SMB authentication attempts from the server, potentially exposing NTLMv2 credential hashes of the Windows user running the process, by supplying a malicious UNC path in a request.

Note:

This is only exploitable if the application is running on a Windows host and component endpoints are exposed to untrusted networks.

Directory Traversal

0.0
0
10
Affects

org.pf4j:pf4j [,3.14.1)

Affected versions of this package are vulnerable to Directory Traversal via the extract function in Unzip.java. An attacker can write arbitrary files outside the intended extraction directory by crafting zip archives with specially crafted entry names containing directory traversal sequences.

Recent vulnerabilities disclosed by Snyk

Snyk security
researchers
have disclosed

3482

vulnerabilities

Snyk mascot with laptop
See all Snyk disclosed vulnerabilities
Report a new vulnerability

About Snyk dependencies vulnerability database

Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.

Snyk graduation illustration