We’ve disclosed 2 vulnerabilities 🎉
The Snyk security team helps disclose many vulnerabilities every month, in key packages across a variety of ecosystems. We work closely with open source package maintainers in order to ensure all vulnerabilities are responsibly and efficiently handled in a timely manner.
Our ever-growing list of sources include:
Vulnerability disclosures and reports sent to us from members of the community
Vulnerabilities we've uncovered by monitoring security chatter and trends across open source ecosystems
Partnerships with organizations and academic institutions
Research done internally by the Snyk Security Team
Featured disclosed vulnerabilities
Files or Directories Accessible to External Parties
Affects
Discovered by Raul Onitza-Klugman (Snyk Security Research)
Server-Side Request Forgery (SSRF)
Affects
Discovered by Raul Onitza-Klugman (Snyk Security Research)
Recently disclosed vulnerabilities by Snyk
- L
Insertion of Sensitive Information into Log File in snyk (npm)- H
Files or Directories Accessible to External Parties in mcp-markdownify-server (npm)- H
Server-Side Request Forgery (SSRF) in mcp-markdownify-server (npm)- M
Incorrect Behavior Order: Early Validation in lockfile-lint-api (npm)- M
Cross-site Scripting (XSS) in raylib (conan)- H
Denial of Service (DoS) in open62541 (conan)- M
CRLF Injection in drogon (conan)- H
HTTP Response Splitting in drogon (conan)- M
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') in crowcpp-crow (conan)- M
Content Injection in crowcpp-crow (conan)