We’ve disclosed3413vulnerabilities
by Snyk Security
Researchers
Snyk Vulnerability Database
The leading database for open source vulnerabilities and cloud misconfigurations.
Improper Neutralization of Quoting Syntax
Affecting postgresql package, versions [,13.19) , [14.0,14.16) , [15.0,15.11) , [16.0,16.7) , [17.0,17.3)
How to fix?
Upgrade postgresql to version 13.19, 14.16, 15.11, 16.7, 17.3 or higher.
Vulnerabilities from the last week
Malicious Package
Affects
slimdx is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship.
Deserialization of Untrusted Data
Affects
vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs
Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the Mooncake integration. An attacker can execute arbitrary code by sending malicious payloads to a pickle based deserialization method over unsecured ZeroMQ sockets.
Note: This is only exploitable if the vLLM instance is configured to use the mooncake integration.
Cross-site Request Forgery (CSRF)
Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) via the REST server. An attacker can execute commands as the user by producing a malicious link that, if clicked while the user is logged in, exploits the server.
Recent vulnerabilities disclosed by Snyk
- M
Cross-site Scripting (XSS) in raylib (conan)- H
Denial of Service (DoS) in open62541 (conan)- M
CRLF Injection in drogon (conan)- H
HTTP Response Splitting in drogon (conan)- M
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') in crowcpp-crow (conan)
About Snyk
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.
