Explore packages and vulnerabilities by …
Operating system
Infrastructure as Code
Vulnerabilities from the last week
Malicious Package
Affects
web3-chain-sinon is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship.
Embedded Malicious Code
Affects
dydx-v4-client is a malicious package. Versions of this package were compromised with malicious scripts in core registry files.
Server-side Request Forgery (SSRF)
Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the HttpUriPlugin component when HTTP redirects are followed without re-validating the allowed URIs. An attacker can cause unauthorized network requests to internal services and inclusion of untrusted content in build outputs by manipulating import URLs to trigger redirects outside the intended allow-list.
Note:
This is only exploitable if experiments.buildHttp is enabled.
Recent vulnerabilities disclosed by Snyk
- C
Arbitrary Code Injection in jsonpath (npm)- H
CRLF Injection in github.com/lxc/incus/v6/internal/instance (golang)- H
CRLF Injection in github.com/lxc/incus/internal/instance (golang)- H
Directory Traversal in github.com/lxc/incus/v6/internal/server/instance/drivers (golang)- H
Directory Traversal in github.com/lxc/incus/internal/server/instance/drivers (golang)
Snyk security
researchers
have disclosed
3463
vulnerabilities
About Snyk dependencies vulnerability database
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.
