We’ve disclosed 3277 vulnerabilities
by Snyk Security
Researchers
How to fix?
Avoid using all malicious instances of the tukaani-project/xz
package.
trip-component-platform-online-region-selector is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship.
pdoc is an API Documentation for Python Projects
Affected versions of this package are vulnerable to Dependency on Vulnerable Third-Party Component which is accessible if the --math
option is used to generate documents. A request is made to retrieve JavaScript code from the domain polyfill.io
, which has been found to serve malicious code.
org.dspace:dspace is a digital asset management system that powers Institutional Repositories
Affected versions of this package are vulnerable to Cross-site Scripting (XSS) when loading Bitstream documents including HTML, XML or JavaScript, which may be inlined and executed in the browser rather than downloaded as-is. A user with Submitter privilege can cause JavaScript to be executed in another user's browser session by convincing another authenticated user to download a malicious file.
Note:
Existing DSpace CORS and CSRF protections limit the impact of this vulnerability.
Cross-site Scripting (XSS) in djangorestframework (pip)
Arbitrary File Creation in opencart/opencart (composer)
Arbitrary File Write via Archive Extraction (Zip Slip) in opencart/opencart (composer)
Reflected Cross-site Scripting in opencart/opencart (composer)
Reflected Cross-site Scripting in opencart/opencart (composer)
by Snyk Security
Researchers
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.