Explore packages and vulnerabilities by …
Operating system
Infrastructure as Code
Vulnerabilities from the last week
Use of a Broken or Risky Cryptographic Algorithm
NO KNOWN SECURITY ISSUESPOPULARHEALTHYACTIVE
parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js.
Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm via the Google authentication. An attacker can gain unauthorized access to any user account linked with Google authentication by forging a JWT token with alg set to "none". This is only exploitable if Google authentication is enabled.
Incomplete List of Disallowed Inputs
Affects
fickling is an A static analyzer and interpreter for Python pickle data
Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in the is_likely_safe(), check_safety(), --check-safety, always_check_safety() and check_safety() interfaces. An attacker can execute arbitrary code, open network connections, create files, or establish backdoor listeners by crafting malicious pickle files that exploit the bypass in the safety checks.
Cross-site Scripting (XSS)
Affects
org.webjars.npm:svelte is a package for building web applications.
Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the bind:innerText and bind:textContent bindings on contenteditable elements during server-side rendering. An attacker can execute arbitrary scripts in the context of the application by injecting malicious HTML as the initial value when untrusted data is rendered.
Recent vulnerabilities disclosed by Snyk
- C
Arbitrary Code Injection in unisharp/laravel-filemanager (composer)- M
Infinite loop in bn.js (npm)- H
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') in directorytree/imapengine (composer)- M
Regular Expression Denial of Service (ReDoS) in markdown-it (npm)- C
Arbitrary Code Injection in jsonpath (npm)
Snyk security
researchers
have disclosed
3467
vulnerabilities
About Snyk dependencies vulnerability database
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.
