We’ve disclosed3432vulnerabilities
by Snyk Security
Researchers
Snyk Vulnerability Database
The leading database for open source vulnerabilities and cloud misconfigurations.
Improper Neutralization of Quoting Syntax
Affecting postgresql package, versions [,13.19) , [14.0,14.16) , [15.0,15.11) , [16.0,16.7) , [17.0,17.3)
How to fix?
Upgrade postgresql to version 13.19, 14.16, 15.11, 16.7, 17.3 or higher.
Vulnerabilities from the last week
Regular Expression Denial of Service (ReDoS)
Affects
Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) due to the globEscape function. An attacker can send specially crafted inputs that exploit inefficient regular expression complexity.
NULL Pointer Dereference
Affects
Affected versions of this package are vulnerable to NULL Pointer Dereference via the getShaderNodes() function. An attacker can cause a crash by providing a specially crafted MTLX file that triggers a null pointer dereference during shader node parsing.
Cross-site Scripting (XSS)
Affects
Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in the Overview tab error message handling process. An attacker can execute arbitrary JavaScript code in the context of the affected user's browser by injecting malicious payloads into error messages that are improperly sanitized.
Recent vulnerabilities disclosed by Snyk
- H
Prototype Pollution in @nyariv/sandboxjs (npm)- C
SQL Injection in z-push/z-push-dev (composer)- H
Server-Side Request Forgery (SSRF) in ssrfcheck (npm)- H
- H
Directory Traversal in files-bucket-server (npm)
About Snyk
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.
