We’ve disclosed3432vulnerabilities
by Snyk Security
Researchers
Snyk Vulnerability Database
The leading database for open source vulnerabilities and cloud misconfigurations.
Improper Neutralization of Quoting Syntax
Affecting postgresql package, versions [,13.19) , [14.0,14.16) , [15.0,15.11) , [16.0,16.7) , [17.0,17.3)
How to fix?
Upgrade postgresql to version 13.19, 14.16, 15.11, 16.7, 17.3 or higher.
Vulnerabilities from the last week
Improper Neutralization of Input Used for LLM Prompting
@modelcontextprotocol/server-slack is a MCP server for interacting with Slack
Affected versions of this package are vulnerable to Improper Neutralization of Input Used for LLM Prompting via the automatic link unfurling process. An attacker can access sensitive information by manipulating an AI agent to generate messages containing attacker-crafted hyperlinks embedding sensitive data, which are then processed by link preview bots and sent to attacker-controlled URLs, enabling zero-click data exfiltration.
Heap-based Buffer Overflow
Affects
OpenEXR is a Python bindings for the OpenEXR image file format
Affected versions of this package are vulnerable to Heap-based Buffer Overflow via undo_zip_impl function during a write operation when decompressing ZIPS-packed deep scan-line EXR files. An attacker can write arbitrary data to the heap and potentially execute code by supplying a specially crafted EXR file with a forged chunk header.
Cross-site Scripting (XSS)
org.apache.jspwiki:jspwiki-main is a main release jar for Apache JSPWiki engine.
Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the Image plugin. An attacker can execute arbitrary JavaScript in a victim's browser and access sensitive information by crafting a malicious request.
Recent vulnerabilities disclosed by Snyk
- H
Prototype Pollution in @nyariv/sandboxjs (npm)- C
SQL Injection in z-push/z-push-dev (composer)- H
Server-Side Request Forgery (SSRF) in ssrfcheck (npm)- H
- H
Directory Traversal in files-bucket-server (npm)
About Snyk
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.
