We’ve disclosed3416vulnerabilities
by Snyk Security
Researchers
Snyk Vulnerability Database
The leading database for open source vulnerabilities and cloud misconfigurations.
Improper Neutralization of Quoting Syntax
Affecting postgresql package, versions [,13.19) , [14.0,14.16) , [15.0,15.11) , [16.0,16.7) , [17.0,17.3)
How to fix?
Upgrade postgresql to version 13.19, 14.16, 15.11, 16.7, 17.3 or higher.
Vulnerabilities from the last week
Exposed Dangerous Method or Function
Affects
webpack-dev-server is an Uses webpack with a development server that provides live reloading. It should be used for development only.
Affected versions of this package are vulnerable to Exposed Dangerous Method or Function via the __webpack_modules__ object. An attacker can extract sensitive source code by injecting a malicious script into their site that utilizes Function::toString to access and serialize the functions stored within __webpack_modules__.
Note: This is only exploitable if the attacker knows both the specific port and the output entrypoint script path.
SQL Injection
Affects
litellm is a Library to easily interface with LLM API providers
Affected versions of this package are vulnerable to SQL Injection via spend_management_endpoints.py. An attacker could potentially inject malicious SQL code through unsanitized input, leading to unauthorized data access or manipulation.
Exposed Dangerous Method or Function
org.webjars.npm:webpack-dev-server is an Uses webpack with a development server that provides live reloading. It should be used for development only.
Affected versions of this package are vulnerable to Exposed Dangerous Method or Function via the __webpack_modules__ object. An attacker can extract sensitive source code by injecting a malicious script into their site that utilizes Function::toString to access and serialize the functions stored within __webpack_modules__.
Note: This is only exploitable if the attacker knows both the specific port and the output entrypoint script path.
Recent vulnerabilities disclosed by Snyk
- H
Files or Directories Accessible to External Parties in mcp-markdownify-server (npm)- H
Server-Side Request Forgery (SSRF) in mcp-markdownify-server (npm)- M
Incorrect Behavior Order: Early Validation in lockfile-lint-api (npm)- M
Cross-site Scripting (XSS) in raylib (conan)- H
Denial of Service (DoS) in open62541 (conan)
About Snyk
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.
