Snyk Vulnerability Database

The leading database for open source vulnerabilities and cloud misconfigurations.

Embedded Malicious Code

Affecting ngx-bootstrap package, versions =18.1.4 , =19.0.3 , =19.0.4 , =20.0.3 , =20.0.4 , =20.0.5 , =20.0.6

How to fix?

Avoid using all malicious instances of the ngx-bootstrap package.

Vulnerabilities from the last week

cui-travel-component is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship.

Incorrect Authorization

Affects

authlib [,1.6.4)

authlib is a library in building OAuth and OpenID Connect servers.

Affected versions of this package are vulnerable to Incorrect Authorization via the deserialize_compact function. An attacker can bypass intended authorization policies by crafting a signed token with unknown critical header parameters, which are improperly accepted and processed.

Cross-site Scripting (XSS)

Affects

com.liferay:com.liferay.change.tracking.service [,3.0.91)

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the Name text field in the publication process. An attacker can execute arbitrary web scripts or HTML in the context of a user's browser by injecting a crafted payload.

Recent vulnerabilities disclosed by Snyk

- L
Cross-site Scripting (XSS) in jsondiffpatch (npm)
Discovered by zendive
3 Sept 2025
- H
Prototype Pollution in @nyariv/sandboxjs (npm)
Discovered by Erwin Chan
4 Aug 2025
- C
SQL Injection in z-push/z-push-dev (composer)
Discovered by XBOW
28 Jul 2025
- H
Server-Side Request Forgery (SSRF) in ssrfcheck (npm)
Discovered by Liran Tal
27 Jul 2025
- H
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in bun (npm)
Discovered by Liran Tal
22 Jul 2025

We’ve disclosed
3433
vulnerabilities

by Snyk Security
Researchers

See all Snyk disclosed vulnerabilities

Report a new vulnerability

About Snyk

Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.