We’ve disclosed 3362 vulnerabilities
by Snyk Security
Researchers
How to fix?
There is no fixed version for OpenPrinting/cups-browsed
.
dexter-angular-app is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship.
Quart is an A Python ASGI web microframework with the same API as Flask
Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in formparser.MultiPartParser()
. An attacker can cause the parser to consume more memory than the upload size, in excess of max_form_memory_size
, by sending malicious data in a non-file field of a multipart/form-data
request.
org.webjars.npm:dataloader is an A data loading utility to reduce requests to a backend via batching and caching.
Affected versions of this package are vulnerable to Denial of Service (DoS) via the batching process, when multiple queries can be sent within a single request. An attacker can submit a request containing thousands of aliases in one query.
Code Injection in snyk-gradle-plugin (npm)
Code Injection in snyk-php-plugin (npm)
Denial of Service (DoS) in http-proxy-middleware (npm)
Cross-site Scripting (XSS) in markdown-to-jsx (npm)
Remote Code Execution (RCE) in jsonpath-plus (npm)
by Snyk Security
Researchers
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.