We’ve disclosed 11 vulnerabilities 🎉
The
Snyk security team
helps disclose many vulnerabilities every month, in key packages across a variety of ecosystems. We work
closely with open source package maintainers in order to ensure all vulnerabilities are responsibly and
efficiently handled in a timely manner.
Our ever-growing list of sources include:
- Vulnerability disclosures and reports sent to us from members of the community
- Vulnerabilities we've uncovered by monitoring security chatter and trends across open source ecosystems
- Partnerships with organizations and academic institutions
- Research done internally by the Snyk Security Team
Featured disclosed vulnerabilities
Malicious Package
dropbox-internal-sdk Open this link in a new tab
Discovered by Snyk Research Team
Server-side Request Forgery (SSRF)
link-preview-js Open this link in a new tab
Discovered by Reworr
Recently disclosed vulnerabilities by Snyk
- C
Malicious Package in bb-netlify (npm)
- C
Malicious Package in dropbox-internal-sdk (npm)
- M
Server-side Request Forgery (SSRF) in link-preview-js (npm)
- M
Session Fixation in passport (npm)
- M
Regular Expression Denial of Service (ReDoS) in scss-tokenizer (npm)
- C
Malicious Package in am-annotation-drawing (npm)
- C
Malicious Package in netlify-bb (npm)
- C
Malicious Package in gd-employer-infosite (npm)
- C
Malicious Package in am-screen-recording-permissions (npm)
- H
Command Injection in git-clone (npm)