We’ve disclosed 1506 vulnerabilities
by Snyk Security
Researchers
Open Source Vulnerability Database
The most comprehensive, accurate, and timely database for open source vulnerabilities.
Remote Code Execution
Affecting org.springframework:spring-beans package, versions
[ ,5.2.20) , [5.3.0, 5.3.18)
How to fix?
Upgrade org.springframework:spring-beans to version 5.2.20, 5.3.18 or higher.
Vulnerabilities from the last week
Regular Expression Denial of Service (ReDoS)
regexfn is an It has buildin regex functions
Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) when validating crafted invalid emails.
Replay Attack
rngatherd is a Random number gathering daemon which creates a /dev/hwrandom
Affected versions of this package are vulnerable to Replay Attack due to an insecure implementation of session verification.
Cross-site Scripting (XSS)
org.webjars.npm:parse-url is an An advanced url parser supporting git urls too.
Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper sanitization of special characters for ASCII that start with \x and also for all Unicodes start with \u.
Recent vulnerabilities disclosed by Snyk
- M
Server-side Request Forgery (SSRF) in link-preview-js (npm)
- M
Session Fixation in passport (npm)
- M
Regular Expression Denial of Service (ReDoS) in scss-tokenizer (npm)
- C
Malicious Package in am-annotation-drawing (npm)
- C
Malicious Package in netlify-bb (npm)
About Snyk
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.
