We’ve disclosed 7 vulnerabilities 🎉
The
Snyk security team
helps disclose many vulnerabilities every month, in key packages across a variety of ecosystems. We work
closely with open source package maintainers in order to ensure all vulnerabilities are responsibly and
efficiently handled in a timely manner.
Our ever-growing list of sources include:
-
Vulnerability disclosures and reports sent to us from members of the community
-
Vulnerabilities we've uncovered by monitoring security chatter and trends across open source ecosystems
-
Partnerships with organizations and academic institutions
-
Research done internally by the Snyk Security Team
Featured disclosed vulnerabilities
Missing Origin Validation in WebSockets
code-server
Discovered by Elliot W - Snyk Research Team
Recently disclosed vulnerabilities by Snyk
- M
Regular Expression Denial of Service (ReDoS) in word-wrap (npm)
- H
Missing Origin Validation in WebSockets in code-server (npm)
- H
Prototype Pollution in collection.js (npm)
- C
Malicious Package in ul-mailru (npm)
- C
Malicious Package in stats-collect-components (npm)
- C
Malicious Package in github-repos-searching (npm)
- C
Malicious Package in parallel-workers (npm)
- C
Malicious Package in hoots-lib (npm)
- C
Malicious Package in @testing_security/toxic-pkg-dont-use (npm)
- C
Malicious Package in tiaa-web-ui-core (npm)