We’ve disclosed 3267 vulnerabilities
by Snyk Security
Researchers
How to fix?
Avoid using all malicious instances of the tukaani-project/xz
package.
pdfjs-dist is a Portable Document Format (PDF) library that is built with HTML5.
Affected versions of this package are vulnerable to Arbitrary Code Injection in font_loader.js
, which passes input to the eval()
function when the default isEvalSupported
option is in use. An attacker can execute code by convincing a user to open a malicious PDF file.
gradio is a Python library for easily interacting with trained machine learning models
Affected versions of this package are vulnerable to Improper Access Control due to the improper consideration of the _is_server_fn
attribute. An attacker can execute unauthorized functions by exploiting this oversight.
org.webjars.bowergithub.mozilla:pdfjs-dist is a Portable Document Format (PDF) library that is built with HTML5.
Affected versions of this package are vulnerable to Arbitrary Code Injection in font_loader.js
, which passes input to the eval()
function when the default isEvalSupported
option is in use. An attacker can execute code by convincing a user to open a malicious PDF file.
Improper Certificate Validation in componentspace.saml2 (nuget)
Arbitrary Code Injection in mysql2 (npm)
Prototype Pollution in lodash (npm)
Prototype Pollution in lodash.zipobjectdeep (npm)
Remote Code Execution (RCE) in mysql2 (npm)
by Snyk Security
Researchers
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.