We’ve disclosed 3362 vulnerabilities
by Snyk Security
Researchers
Snyk Vulnerability Database
The leading database for open source vulnerabilities and cloud misconfigurations.
Binding to an Unrestricted IP Address
Affecting OpenPrinting/cups-browsed package, versions
[0,]
How to fix?
There is no fixed version for OpenPrinting/cups-browsed.
Vulnerabilities from the last week
Malicious Package
Affects
dexter-angular-app is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship.
Allocation of Resources Without Limits or Throttling
Affects
Quart is an A Python ASGI web microframework with the same API as Flask
Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in formparser.MultiPartParser(). An attacker can cause the parser to consume more memory than the upload size, in excess of max_form_memory_size, by sending malicious data in a non-file field of a multipart/form-data request.
Denial of Service (DoS)
Affects
org.webjars.npm:dataloader is an A data loading utility to reduce requests to a backend via batching and caching.
Affected versions of this package are vulnerable to Denial of Service (DoS) via the batching process, when multiple queries can be sent within a single request. An attacker can submit a request containing thousands of aliases in one query.
Recent vulnerabilities disclosed by Snyk
- H
Code Injection in snyk-gradle-plugin (npm)
- H
Code Injection in snyk-php-plugin (npm)
- H
Denial of Service (DoS) in http-proxy-middleware (npm)
- M
Cross-site Scripting (XSS) in markdown-to-jsx (npm)
- C
Remote Code Execution (RCE) in jsonpath-plus (npm)
About Snyk
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.
