Explore packages and vulnerabilities by …
Operating system
Infrastructure as Code
Vulnerabilities from the last week
Uncontrolled Recursion
NO KNOWN SECURITY ISSUESINFLUENTIAL PROJECTHEALTHYACTIVE
Affects
mercurius is a GraphQL adapter for Fastify
Affected versions of this package are vulnerable to Uncontrolled Recursion in the subscription queries received over WebSocket connections. An attacker can bypass intended query depth restrictions by submitting deeply nested subscription queries via WebSocket, potentially causing excessive resource consumption and service disruption.
Improperly Implemented Security Check for Standard
Affects
fickling is an A static analyzer and interpreter for Python pickle data
Affected versions of this package are vulnerable to Improperly Implemented Security Check for Standard in the always_check_safety() function. An attacker can execute arbitrary code by supplying a malicious pickle payload to unprotected deserialization entry points.
Improper Verification of Cryptographic Signature
Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the JwtAuthenticator component when handling encrypted JWTs. An attacker can gain unauthorized access by crafting a JWE-wrapped PlainJWT with arbitrary claims if they possess the server's RSA public key, thereby impersonating any user, including administrators.
Recent vulnerabilities disclosed by Snyk
- C
Arbitrary Code Injection in es-toolkit (npm)- M
Cross-site Scripting (XSS) in mailparser (npm)- M
Incorrect Control Flow Scoping in @tootallnate/once (npm)- C
Arbitrary Code Injection in unisharp/laravel-filemanager (composer)- M
Infinite loop in bn.js (npm)
Snyk security
researchers
have disclosed
3470
vulnerabilities
About Snyk dependencies vulnerability database
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.
