We’ve disclosed 7 vulnerabilities 🎉
The
Snyk security team
helps disclose many vulnerabilities every month, in key packages across a variety of ecosystems. We work
closely with open source package maintainers in order to ensure all vulnerabilities are responsibly and
efficiently handled in a timely manner.
Our ever-growing list of sources include:
- Vulnerability disclosures and reports sent to us from members of the community
- Vulnerabilities we've uncovered by monitoring security chatter and trends across open source ecosystems
- Partnerships with organizations and academic institutions
- Research done internally by the Snyk Security Team
Featured disclosed vulnerabilities
Regular Expression Denial of Service (ReDoS)
url-regex Open this link in a new tab
Discovered by yousukezan
Command Injection
workspace-tools Open this link in a new tab
Discovered by Alessio Della Libera of Snyk Research Team
Recently disclosed vulnerabilities by Snyk
- M
Regular Expression Denial of Service (ReDoS) in url-regex (pip)
- H
Denial of Service (DoS) in dicer (npm)
- H
Command Injection in workspace-tools (npm)
- M
Prototype Pollution in sds (npm)
- H
Prototype Pollution in convict (npm)
- H
Denial of Service (DoS) in bignum (npm)
- H
Denial of Service (DoS) in sqlite3 (npm)
- H
Prototype Pollution in dexie (npm)
- M
Access Control Bypass in drupal/core (composer)
- H
Improper Input Validation in drupal/core (composer)