We’ve disclosed 2308 vulnerabilities
by Snyk Security
Researchers
Open Source Vulnerability Database
The most comprehensive, accurate, and timely database for open source vulnerabilities.
Buffer Overflow
Affecting openssl package, versions
[3.0.0,3.0.7)
How to fix?
Upgrade openssl to version 3.0.7 or higher.
Vulnerabilities from the last week
Directory Traversal
Affects
static-dev-server is an A simple http server to serve static resource files from a local directory and auto reload when file change.
Affected versions of this package are vulnerable to Directory Traversal. This is because when paths from users to the root directory are joined, the assets for the path accessed are relative to that of the root directory.
Arbitrary Code Injection
Affects
paddlepaddle is a Parallel Distributed Deep Learning
Affected versions of this package are vulnerable to Arbitrary Code Injection via paddle.audio.functional.get_window because it calls eval on a user-supplied winstr.
Access Restriction Bypass
io.quarkus:quarkus-vertx-http is a Cloud Native, (Linux) Container First framework for writing Java applications.
Affected versions of this package are vulnerable to Access Restriction Bypass via the CORS filter which allows simple GET and POST requests with invalid Origin to proceed.
Recent vulnerabilities disclosed by Snyk
- M
Session Fixation in tribalsystems/zenario (composer)
- M
Command Injection in snyk-gradle-plugin (npm)
- M
Command Injection in snyk-docker-plugin (npm)
- M
Command Injection in snyk-mvn-plugin (npm)
- M
Command Injection in @snyk/snyk-cocoapods-plugin (npm)
About Snyk
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.
