We’ve disclosed3402vulnerabilities
by Snyk Security
Researchers
Upgrade postgresql
to version 13.19, 14.16, 15.11, 16.7, 17.3 or higher.
app-tcm-collab is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship.
open-webui is an Open WebUI
Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) through the verify_connection
function, by manipulating the backend requests to arbitrary systems.
org.springframework.security:spring-security-crypto is a spring-security-crypto library for Spring Security.
Affected versions of this package are vulnerable to Timing Attack due to an unintentional bypass for DaoAuthenticationProvider
constant time controls, which was caused by the fix for the password length vulnerability described in (CVE-2025-22228)[https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORKSECURITY-9486467].
Note: Patches have also been issued for older versions of Enterprise Support packages.
by Snyk Security
Researchers
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.