We’ve disclosed 3368 vulnerabilities
by Snyk Security
Researchers
Snyk Vulnerability Database
The leading database for open source vulnerabilities and cloud misconfigurations.
Embedded Malicious Code
Affecting @lottiefiles/lottie-player package, versions
>=2.0.5 <2.0.8
How to fix?
Avoid using all malicious instances of the @lottiefiles/lottie-player package.
Vulnerabilities from the last week
Access Restriction Bypass
Affects
electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.
Affected versions of this package are vulnerable to Access Restriction Bypass due to an inappropriate implementation in the Extensions feature. An attacker can bypass site isolation.
Arbitrary Code Injection
Affects
torchgeo is a TorchGeo: datasets, samplers, transforms, and pre-trained models for geospatial data
Affected versions of this package are vulnerable to Arbitrary Code Injection via the handling of specific data inputs. An attacker can execute arbitrary code on the system.
Session Fixation
org.jenkins-ci.plugins:oic-auth is a Jenkins plugin which lets you login to Jenkins using your own, self-hosted or public openid connect server.
Affected versions of this package are vulnerable to Session Fixation which does not invalidate the existing session on login.
Recent vulnerabilities disclosed by Snyk
- M
Arbitrary Code Execution in dom-iterator (npm)
- H
Directory Traversal in source-map-support (npm)
- M
Cross-site Scripting (XSS) in tarteaucitronjs (npm)
- H
Regular Expression Denial of Service (ReDoS) in cross-spawn (npm)
- M
Reliance on Untrusted Inputs in a Security Decision in sinatra (rubygems)
About Snyk
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.
