We’ve disclosed 2338 vulnerabilities
by Snyk Security
Researchers
Open Source Vulnerability Database
The most comprehensive, accurate, and timely database for open source vulnerabilities.
Buffer Overflow
Affecting openssl package, versions
[3.0.0,3.0.7)
How to fix?
Upgrade openssl to version 3.0.7 or higher.
Vulnerabilities from the last week
Directory Traversal
Affects
serve-lite is an a lightweight http-server for static file-based web development
Affected versions of this package are vulnerable to Directory Traversal due to missing input sanitization or other checks and protections employed to the req.url passed as-is to path.join().
Cross-site Request Forgery (CSRF)
Affects
modoboa is a Mail hosting made simple
Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) in the remove_permission() function in views/identity.py, accessible via the /admin endpoint.
Arbitrary File Write via Archive Extraction (Zip Slip)
Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) as there are no validations that zip files being unpacked have entries that are not maliciously writing outside of the intended destination directory.
Recent vulnerabilities disclosed by Snyk
- H
Directory Traversal in serve-lite (npm)
- M
Cross-site Scripting (XSS) in serve-lite (npm)
- M
Regular Expression Denial of Service (ReDoS) in ua-parser-js (npm)
- H
Directory Traversal in onnx (pip)
- C
Remote Code Execution (RCE) in com.bstek.uflo:uflo-core (maven)
About Snyk
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.
