We’ve disclosed 1506 vulnerabilities
by Snyk Security
Researchers
How to fix?
Upgrade org.springframework:spring-beans
to version 5.2.20, 5.3.18 or higher.
scniro-validator is an a simple email validator with corrective action capabilities
Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) when validating crafted invalid emails
hkg-sol-utils is a malicious package. It uploaded secrets such as AWS keys and environment variables to a web endpoint.
org.webjars.npm:parse-url is an An advanced url parser supporting git urls too.
Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper sanitization of special characters for ASCII that start with \x
and also for all Unicodes start with \u
.
Server-side Request Forgery (SSRF) in link-preview-js (npm)
Session Fixation in passport (npm)
Regular Expression Denial of Service (ReDoS) in scss-tokenizer (npm)
Malicious Package in am-annotation-drawing (npm)
Malicious Package in netlify-bb (npm)
by Snyk Security
Researchers
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.