We’ve disclosed3417vulnerabilities
by Snyk Security
Researchers
Upgrade postgresql
to version 13.19, 14.16, 15.11, 16.7, 17.3 or higher.
viryc-hsc is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship.
dbgpt is a DB-GPT is an experimental open-source project that uses localized GPT large models to interact with your data and environment. With this solution, you can beassured that there is no risk of data leakage, and your data is 100% private and secure.
Affected versions of this package are vulnerable to Directory Traversal via the import_flow
function. An attacker can access or modify files outside the intended directory by manipulating the File
argument in crafted requests.
org.owasp.esapi:esapi is an OWASP project to create simple strong security controls for every web platform.
Affected versions of this package are vulnerable to Improper Neutralization of Special Elements via the encodeForSQL
function in th Encoder.java
file. An attacker can manipulate SQL queries by supplying specially crafted input containing special elements.
by Snyk Security
Researchers
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.