We’ve disclosed 3198 vulnerabilities
by Snyk Security
Researchers
Snyk Vulnerability Database
The leading database for open source vulnerabilities and cloud misconfigurations.
Heap-based Buffer Overflow
Affecting curl package, versions
[7.69.0,8.4.0)
How to fix?
Upgrade curl to version 8.4.0 or higher.
Vulnerabilities from the last week
Out-of-Bounds
electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.
Affected versions of this package are vulnerable to Out-of-Bounds. An attacker can potentially exploit heap corruption by using a crafted avif file.
Cleartext Storage of Sensitive Information
Affects
py7zr is a Pure python 7-zip library
Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information by handling passwords unencrypted.
XML External Entity (XXE) Injection
Affected versions of this package are vulnerable to XML External Entity (XXE) Injection when parsing XML files such as ".project" that contain DOCTYPE contents.
Recent vulnerabilities disclosed by Snyk
- M
Cross-site Scripting (XSS) in angularjs.core (nuget)
- M
Regular Expression Denial of Service (ReDoS) in angularjs.core (nuget)
- M
Regular Expression Denial of Service (ReDoS) in angularjs.core (nuget)
- M
Regular Expression Denial of Service (ReDoS) in angularjs.core (nuget)
- M
Command Injection in chromedriver (npm)
About Snyk
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.
