Explore packages and vulnerabilities by …
Operating system
Infrastructure as Code
Vulnerabilities from the last week
Malicious Package
Affects
@mmm-otrade/transaction is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship.
Origin Validation Error
apache-airflow-providers-amazon is a Provider for Apache Airflow. Implements apache-airflow-providers-amazon package
Affected versions of this package are vulnerable to Origin Validation Error in the SAML authentication process due to improper verification of the origin provided by the client. An attacker can gain unauthorized access to different instances by reusing a SAML response from another instance.
Insertion of Sensitive Information into Log File
org.apache.zookeeper:zookeeper is a centralized service for maintaining configuration information, naming, providing distributed synchronization, and providing group services.
Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via logging ZK configuration properties in the ZKConfig class. An attacker can obtain sensitive information and secrets by accessing client log files where configuration values are written at the INFO logging level.
Recent vulnerabilities disclosed by Snyk
- M
Cross-site Scripting (XSS) in spin.js (npm)- C
Arbitrary Code Injection in es-toolkit (npm)- M
Cross-site Scripting (XSS) in mailparser (npm)- M
Incorrect Control Flow Scoping in @tootallnate/once (npm)- C
Arbitrary Code Injection in unisharp/laravel-filemanager (composer)
Snyk security
researchers
have disclosed
3471
vulnerabilities
About Snyk dependencies vulnerability database
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.
