We’ve disclosed3417vulnerabilities
by Snyk Security
Researchers
Snyk Vulnerability Database
The leading database for open source vulnerabilities and cloud misconfigurations.
Improper Neutralization of Quoting Syntax
Affecting postgresql package, versions [,13.19) , [14.0,14.16) , [15.0,15.11) , [16.0,16.7) , [17.0,17.3)
How to fix?
Upgrade postgresql to version 13.19, 14.16, 15.11, 16.7, 17.3 or higher.
Vulnerabilities from the last week
Command Injection
Affects
mcp-remote is a Remote proxy for Model Context Protocol, allowing local-only clients to connect to remote servers using oAuth
Affected versions of this package are vulnerable to Command Injection via the function sanitizeUrlz in the file utils.ts. An attacker can execute arbitrary system commands by tricking a user into connecting to a malicious MCP server.
Directory Traversal
Affects
lightrag-hku is a LightRAG: Simple and Fast Retrieval-Augmented Generation
Affected versions of this package are vulnerable to Directory Traversal via the upload_to_input_dir function in the file api/routers/document_routes.py. An attacker can access or modify files outside the intended directory by manipulating the file.filename argument during file upload.
Insufficiently Protected Credentials
Affects
Affected versions of this package are vulnerable to Insufficiently Protected Credentials in the storage of authentication tokens in plaintext within config.xml files on the controller. An attacker can gain unauthorized access to sensitive credentials by obtaining Item/Extended Read permissions or direct access to the file system. Additionally, the configuration form does not mask these tokens, allowing them to be observed and captured.
Recent vulnerabilities disclosed by Snyk
- L
Insertion of Sensitive Information into Log File in snyk (npm)- H
Files or Directories Accessible to External Parties in mcp-markdownify-server (npm)- H
Server-Side Request Forgery (SSRF) in mcp-markdownify-server (npm)- M
Incorrect Behavior Order: Early Validation in lockfile-lint-api (npm)- M
Cross-site Scripting (XSS) in raylib (conan)
About Snyk
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.
