We’ve disclosed3440vulnerabilities
by Snyk Security
Researchers
Avoid using all malicious instances of the ngx-bootstrap
package.
rails-dom-testing is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship.
clearml is a ClearML - Auto-Magical Experiment Manager, Version Control, and MLOps for AI
Affected versions of this package are vulnerable to Directory Traversal via the safe_extract
function. An attacker can write arbitrary files outside the intended directory by exploiting improper handling of symbolic and hard links.
org.xwiki.platform:xwiki-platform-oldcore is a generic wiki platform offering runtime services for applications built on top of it.
Affected versions of this package are vulnerable to SQL Injection via the orderField
parameter in the REST API. An attacker can execute arbitrary HQL statements by injecting crafted input, potentially leading to unauthorized data access or manipulation.
by Snyk Security
Researchers
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.