We’ve disclosed3417vulnerabilities
by Snyk Security
Researchers
Snyk Vulnerability Database
The leading database for open source vulnerabilities and cloud misconfigurations.
Improper Neutralization of Quoting Syntax
Affecting postgresql package, versions [,13.19) , [14.0,14.16) , [15.0,15.11) , [16.0,16.7) , [17.0,17.3)
How to fix?
Upgrade postgresql to version 13.19, 14.16, 15.11, 16.7, 17.3 or higher.
Vulnerabilities from the last week
Directory Traversal
@modelcontextprotocol/server-filesystem is a MCP server for filesystem access
Affected versions of this package are vulnerable to Directory Traversal in the path validation process. An attacker can access unintended files by supplying a path with a colliding prefix that matches an allowed directory.
HTTP Request Smuggling
Affects
Affected versions of this package are vulnerable to HTTP Request Smuggling via incorrect parsing of the trailer section in HTTP requests. An attacker can bypass firewall or proxy protections by crafting specially formed HTTP requests.
Note:
This is exploitable if the pure Python version of aiohttp is installed or the AIOHTTP_NO_EXTENSIONS environment variable is enabled.
Insufficiently Protected Credentials
Affects
Affected versions of this package are vulnerable to Insufficiently Protected Credentials in the storage of authentication tokens in plaintext within config.xml files on the controller. An attacker can gain unauthorized access to sensitive credentials by obtaining Item/Extended Read permissions or direct access to the file system. Additionally, the configuration form does not mask these tokens, allowing them to be observed and captured.
Recent vulnerabilities disclosed by Snyk
- L
Insertion of Sensitive Information into Log File in snyk (npm)- H
Files or Directories Accessible to External Parties in mcp-markdownify-server (npm)- H
Server-Side Request Forgery (SSRF) in mcp-markdownify-server (npm)- M
Incorrect Behavior Order: Early Validation in lockfile-lint-api (npm)- M
Cross-site Scripting (XSS) in raylib (conan)
About Snyk
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.
