We’ve disclosed3397vulnerabilities
by Snyk Security
Researchers
Upgrade postgresql
to version 13.19, 14.16, 15.11, 16.7, 17.3 or higher.
peritter is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship.
streamlit is a The fastest way to build data apps in Python
Affected versions of this package are vulnerable to Arbitrary File Upload in the file_uploader.py
widget, which does not enforce uploaded file type restrictions on the server side, even if they are set in the client.
org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.
Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization that allows an attacker who can convince a user to follow a malicious link to escape sandbox protections, due to a logic error in the Mojo component. This vulnerability does not enable code execution on its own, but is presumed chainable with another vulnerability to achieve code execution and has been observed in the wild.
Note: This vulnerability is only exploitable on Windows.
by Snyk Security
Researchers
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.