Homepage
Snyk Security Dog Illustration

Snyk Security Database

The leading database for open source vulnerabilities and cloud misconfigurations

Explore packages and vulnerabilities by …

Application

npmMavenpipNuGetcocoapodsComposerGo logoGoRubyGemsUnmanagedCargo logoCargoSwifthexpubConan logoConan

Operating system

DebianAlpine LinuxUbuntuRed Hat Enterprise LinuxCentOSAmazon Linux logoAmazon LinuxOracle Linux logoOracle LinuxRocky LinuxSuse Linux Enterprise ServerWolfiAlmaLinuxChainguard

Infrastructure as Code

AWSAzureGCPKubernetes

Vulnerabilities from the last week

Open Redirect

0.0
0
10
SECURITY ISSUES FOUNDKEY ECOSYSTEM PROJECTSUSTAINABLESUSTAINABLE
Affects

openclaw <2026.4.8

openclaw is a 🦞 OpenClaw — Personal AI Assistant

Affected versions of this package are vulnerable to Open Redirect via the fetchWithSsrFGuard function. An attacker can access sensitive request data or headers by triggering cross-origin redirects.

Malicious Package

0.0
0
10
Affects

license-utils-kit [0,]

license-utils-kit is a malicious package. This package is the part of North Korea’s Contagious Interview Campaign and contains malicious payload, weaponised to steal credentials, wallets, and enable remote access to affected systems. The package attempts to mimic a legitimate package and the malicious payload is delivered upon calling functions that look normal for the package’s claimed purpose.

Directory Traversal

0.0
0
10
Affects

org.apache.activemq:activemq-mqtt [,5.19.3) , [6.0.0,6.2.2)

Affected versions of this package are vulnerable to Directory Traversal via improper validation of classpath path names in the key parameter during the creation of a Stomp consumer and while browsing messages in the Web console. An attacker can access unauthorized classpath resources by supplying crafted input that causes path traversal.

Note:

Due to a path separator resolution bug, Windows users are recommended to upgrade to versions 5.19.4 and 6.2.3.

Recent vulnerabilities disclosed by Snyk

Snyk security
researchers
have disclosed

3482

vulnerabilities

Snyk mascot with laptop
See all Snyk disclosed vulnerabilities
Report a new vulnerability

About Snyk dependencies vulnerability database

Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.

Snyk graduation illustration