We’ve disclosed 3357 vulnerabilities
by Snyk Security
Researchers
How to fix?
There is no fixed version for OpenPrinting/cups-browsed
.
@saltcorn/plugins-loader is a Saltcorn plugin loader
Affected versions of this package are vulnerable to OS Command Injection through the child_process.execSync
function. An attacker can execute arbitrary commands on the server by injecting malicious input into the plugin name field during the plugin creation process.
python-semantic-release is an Automatic Semantic Versioning for Python projects
Affected versions of this package are vulnerable to Path Traversal in the RuntimeContext
class of semantic_release/cli/config.py
file, stems from using Path.resolve()
without Path.absolute()
, which may return relative paths on Windows for non-existent directories. This could allow attackers to access or modify files outside the intended repository directory.
Note: This only affects Windows users.
Affected versions of this package are vulnerable to Uncontrolled Resource Consumption due to the mishandling of unbalanced comment strings in JSONTokener.java
. An attacker can execute arbitrary code or cause a denial of service by injecting malformed input that exploits this flaw.
Arbitrary Argument Injection in ggit (npm)
Command Injection in ggit (npm)
Malicious Package in braintree_express_example (npm)
Malicious Package in braintree.github.io (npm)
Malicious Package in annotation-app (npm)
by Snyk Security
Researchers
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.