We’ve disclosed 3252 vulnerabilities
by Snyk Security
How to fix?
github.com/opencontainers/runc/libcontainer to version 1.1.12 or higher.
Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) when processing a malicious function name with the
apache-superset is a modern, enterprise-ready business intelligence web application.
Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File. A user with Alerts & Reports privileges to create Alerts can cause a malicious SQL statement to throw and error and have its contents logged. Thee error is not properly handled and can expose sensitive data.
org.cloudfoundry.identity:cloudfoundry-identity-scim is a CloudFoundry Identity SCIM package.
Affected versions of this package are vulnerable to Weak Password Recovery Mechanism for Forgotten Password due to improper handling of password reset links, which are not expired after a user updates their current email address. This vulnerability is applicable only when using the
UAA internal user store for authentication. Deployments enabled for integration via SAML or LDAP are not affected.
Use of Uninitialized Variable in fastecdsa (pip)
Information Exposure in sanitize-html (npm)
Improper Restriction of Excessive Authentication Attempts in github.com/greenpau/caddy-security (golang)
HTTP Header Injection in github.com/greenpau/caddy-security (golang)
Server-side Request Forgery (SSRF) in github.com/greenpau/caddy-security (golang)
by Snyk Security
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.