We’ve disclosed3384vulnerabilities
by Snyk Security
Researchers
Snyk Vulnerability Database
The leading database for open source vulnerabilities and cloud misconfigurations.
Embedded Malicious Code
Affecting @solana/web3.js package, versions >=1.95.6 <1.95.8
How to fix?
Avoid using all malicious instances of the @solana/web3.js package.
Vulnerabilities from the last week
Malicious Package
Affects
solana-stable-web-huks is a malicious package. This package contains malicious code that exfiltrate Solana private keys.
Insufficient Type Distinction
strawberry-graphql is an A library for creating GraphQL APIs
Affected versions of this package are vulnerable to Insufficient Type Distinction in the relay integration that affects multiple ORM integrations (Django, SQLAlchemy, Pydantic). An attacker can access unauthorized data by querying for a specific type using the global node field, which may incorrectly return an instance of a different type mapped to the same model.
Note:
This is only exploitable if Multiple GraphQL types inherit from relay.Node, these types are mapped to the same database model and the global node field is used for type resolution.
XML External Entity (XXE) Injection
org.verapdf:core-arlington is an industry supported, open source PDF/A validation library
Affected versions of this package are vulnerable to XML External Entity (XXE) Injection via the CLI when executing policy checks using custom schematron files due to improper parsing of policyfile in the mergeEnabledFeaturesFromPolicy function. An attacker can execute arbitrary code by injecting malicious XSLT code into the policy files.
Recent vulnerabilities disclosed by Snyk
- H
Improper Input Validation in spatie/browsershot (composer)- H
Prototype Pollution in bun (npm)- H
Directory Traversal in spatie/browsershot (composer)- C
Remote Code Execution (RCE) in unisharp/laravel-filemanager (composer)- M
Cross-site Scripting (XSS) in @vue/devtools-applet (npm)
About Snyk
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.
