Explore packages and vulnerabilities by …
Operating system
Infrastructure as Code
Vulnerabilities from the last week
Inclusion of Sensitive Information in Source Code
NO KNOWN SECURITY ISSUESPOPULARHEALTHYSUSTAINABLE
Affects
shakapacker is an Use webpack to manage app-like JavaScript modules in Rails
Affected versions of this package are vulnerable to Inclusion of Sensitive Information in Source Code via the EnvironmentPlugin , which exposed all build environment variables. An attacker can access sensitive environment variables, including credentials and API keys, by inspecting client-side JavaScript bundles that have embedded these values.
Missing Release of Resource after Effective Lifetime
Affects
nicegui is a Create web-based user interfaces with Python. The nice way.
Affected versions of this package are vulnerable to Missing Release of Resource after Effective Lifetime in the handle_disconnect() function, when using the Redis backend for tab storage. An attacker can cause service degradation and loss of persistent storage functionality by repeatedly opening and closing browser tabs, which exhausts available Redis connections.
Improper Neutralization of Special Elements Used in a Template Engine
Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine via the getTemplate function. An attacker can execute arbitrary code on the server by injecting malicious FreeMarker templates through the email template editing API when authenticated with administrative privileges.
Note: This is only exploitable if the attacker has access to an account with admin-level permissions.
Recent vulnerabilities disclosed by Snyk
- H
Prototype Pollution in pace-js (npm)- C
Remote Code Execution (RCE) in n8n-workflow (npm)- C
Remote Code Execution (RCE) in n8n-nodes-base (npm)- C
Remote Code Execution (RCE) in @n8n/config (npm)- M
Cross-site Request Forgery (CSRF) in fastapi-sso (pip)
Snyk security
researchers
have disclosed
3455
vulnerabilities
About Snyk dependencies vulnerability database
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.
