We’ve disclosed 2310 vulnerabilities
by Snyk Security
Researchers
Open Source Vulnerability Database
The most comprehensive, accurate, and timely database for open source vulnerabilities.
Buffer Overflow
Affecting openssl package, versions
[3.0.0,3.0.7)
How to fix?
Upgrade openssl to version 3.0.7 or higher.
Vulnerabilities from the last week
Code Injection
Affects
pdfmake is a Client/server side PDF printing in pure JavaScript
Affected versions of this package are vulnerable to Code Injection because it contains an unsafe evaluation of user-controlled input in the /pdf endpoint.
Note: Users are affected by this vulnerability only if using the dev-playground component of the library.
Insufficient Verification of Data Authenticity
Affects
Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity resulting in Certifi root certificate removal from TrustCor. The root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware.
Cross-site Request Forgery (CSRF)
org.jenkins-ci.plugins:sonar-gerrit is a Jenkins plugin for posting SonarQube issues as Gerrit review comments.
Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) due to not requiring POST requests for an HTTP endpoint. This allows attackers to have Jenkins connect to Gerrit servers (previously configured by Jenkins administrators) using attacker-specified credentials IDs obtained through another method, potentially capturing credentials stored in Jenkins.
Recent vulnerabilities disclosed by Snyk
- H
Remote Code Execution (RCE) in gitpython (pip)
- H
Remote Code Execution (RCE) in simple-git (npm)
- M
Session Fixation in tribalsystems/zenario (composer)
- M
Command Injection in @snyk/snyk-cocoapods-plugin (npm)
- M
Command Injection in snyk-python-plugin (npm)
About Snyk
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.
