We’ve disclosed3450vulnerabilities
by Snyk Security
Researchers
Snyk Vulnerability Database
The leading database for open source vulnerabilities and cloud misconfigurations.
Arbitrary Code Injection
Affecting react-server-dom-webpack package, versions >=19.0.0-rc.0 <19.0.1 , >=19.1.0 <19.1.2 , >=19.2.0 <19.2.1
How to fix?
Upgrade react-server-dom-webpack to version 19.0.1, 19.1.2, 19.2.1 or higher.
Vulnerabilities from the last week
Inadequate Encryption Strength
Affects
altcha is a Privacy-first CAPTCHA widget, compliant with global regulations (GDPR/HIPAA/CCPA/LGDP/DPDPA/PIPL) and WCAG accessible. No tracking, self-verifying.
Affected versions of this package are vulnerable to Inadequate Encryption Strength in the Proof of Work obfuscation scheme. An attacker can recover sensitive nonce values by performing mathematical deduction in constant time.
Deserialization of Untrusted Data
Affects
Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the Trainer component. An attacker can execute arbitrary code, cause denial of service, disclose sensitive information, or tamper with data by providing specially crafted serialized input.
Inadequate Encryption Strength
Affects
org.webjars.npm:altcha is a Privacy-first CAPTCHA widget, compliant with global regulations (GDPR/HIPAA/CCPA/LGDP/DPDPA/PIPL) and WCAG accessible. No tracking, self-verifying.
Affected versions of this package are vulnerable to Inadequate Encryption Strength in the Proof of Work obfuscation scheme. An attacker can recover sensitive nonce values by performing mathematical deduction in constant time.
Recent vulnerabilities disclosed by Snyk
- M
Cross-site Scripting (XSS) in @tiptap/extension-link (npm)- H
Incomplete Filtering of One or More Instances of Special Elements in validator (npm)- C
Prototype Pollution in expr-eval (npm)- C
Prototype Pollution in expr-eval-fork (npm)- H
Arbitrary Argument Injection in cloudinary (npm)
About Snyk
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.
