We’ve disclosed3449vulnerabilities
by Snyk Security
Researchers
Snyk Vulnerability Database
The leading database for open source vulnerabilities and cloud misconfigurations.
Arbitrary Code Injection
Affecting react-server-dom-webpack package, versions >=19.0.0-rc.0 <19.0.1 , >=19.1.0 <19.1.2 , >=19.2.0 <19.2.1
How to fix?
Upgrade react-server-dom-webpack to version 19.0.1, 19.1.2, 19.2.1 or higher.
Vulnerabilities from the last week
Protection Mechanism Failure
@anthropic-ai/sandbox-runtime is an Anthropic Sandbox Runtime (ASRT) - A general-purpose tool for wrapping security boundaries around arbitrary processes
Affected versions of this package are vulnerable to Protection Mechanism Failure due to improper enforcement of network sandboxing in the sandboxing logic. An attacker can bypass intended network restrictions by executing code that initiates network requests to unauthorized domains.
Note:
This is only exploitable if the sandbox policy does not configure any allowed domains.
Directory Traversal
Affects
composio-core is a Core package to act as a bridge between composio platform and other services.
Affected versions of this package are vulnerable to Directory Traversal via the _download_file_or_dir function. An attacker can access sensitive files outside the intended directory by supplying crafted input paths.
Open Redirect
Affected versions of this package are vulnerable to Open Redirect in the Shiro web login for logged-in users with incorrect permissions. An attacker can redirect users to malicious websites by crafting specially designed URLs.
Recent vulnerabilities disclosed by Snyk
- H
Incomplete Filtering of One or More Instances of Special Elements in validator (npm)- C
Prototype Pollution in expr-eval (npm)- C
Prototype Pollution in expr-eval-fork (npm)- H
Arbitrary Argument Injection in cloudinary (npm)- M
Improper Validation of Specified Type of Input in validator (npm)
About Snyk
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.
