We’ve disclosed 3360 vulnerabilities
by Snyk Security
Researchers
How to fix?
There is no fixed version for OpenPrinting/cups-browsed
.
ethers-test is a malicious package. This package contains malicious code attempting to steal sensitive data from the victim such as Etherum private keys and gain SSH access to the victim's machine.
deepspeed is a DeepSpeed library
Affected versions of this package are vulnerable to Arbitrary Command Injection through the execution of unauthorized commands or code. An attacker can execute arbitrary code on the system by sending crafted inputs to the affected function.
org.webjars.npm:markdown-to-jsx is a lightweight, customizable React markdown component.
Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the src
property due to improper input sanitization. An attacker can execute arbitrary code by injecting a malicious iframe
element in the markdown.
Denial of Service (DoS) in http-proxy-middleware (npm)
Cross-site Scripting (XSS) in markdown-to-jsx (npm)
Remote Code Execution (RCE) in jsonpath-plus (npm)
Arbitrary Argument Injection in ggit (npm)
Command Injection in ggit (npm)
by Snyk Security
Researchers
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.