We’ve disclosed 1506 vulnerabilities
by Snyk Security
Researchers
Open Source Vulnerability Database
The most comprehensive, accurate, and timely database for open source vulnerabilities.
Remote Code Execution
Affecting org.springframework:spring-beans package, versions
[ ,5.2.20) , [5.3.0, 5.3.18)
How to fix?
Upgrade org.springframework:spring-beans to version 5.2.20, 5.3.18 or higher.
Vulnerabilities from the last week
Regular Expression Denial of Service (ReDoS)
scniro-validator is an a simple email validator with corrective action capabilities
Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) when validating crafted invalid emails
Malicious Package
hkg-sol-utils is a malicious package. It uploaded secrets such as AWS keys and environment variables to a web endpoint.
Cross-site Scripting (XSS)
org.webjars.npm:parse-url is an An advanced url parser supporting git urls too.
Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper sanitization of special characters for ASCII that start with \x and also for all Unicodes start with \u.
Recent vulnerabilities disclosed by Snyk
- M
Server-side Request Forgery (SSRF) in link-preview-js (npm)
- M
Session Fixation in passport (npm)
- M
Regular Expression Denial of Service (ReDoS) in scss-tokenizer (npm)
- C
Malicious Package in am-annotation-drawing (npm)
- C
Malicious Package in netlify-bb (npm)
About Snyk
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.
