We’ve disclosed 7 vulnerabilities 🎉
The
Snyk security team
helps disclose many vulnerabilities every month, in key packages across a variety of ecosystems. We work
closely with open source package maintainers in order to ensure all vulnerabilities are responsibly and
efficiently handled in a timely manner.
Our ever-growing list of sources include:
- Vulnerability disclosures and reports sent to us from members of the community
- Vulnerabilities we've uncovered by monitoring security chatter and trends across open source ecosystems
- Partnerships with organizations and academic institutions
- Research done internally by the Snyk Security Team
Featured disclosed vulnerabilities
Command Injection
workspace-tools Open this link in a new tab
Discovered by Alessio Della Libera of Snyk Research Team
Prototype Pollution
sds Open this link in a new tab
Discovered by P.Adithya Srinivas, Masudul Hasan Masud Bhuiyan, Cristian-Alexandru Staicu
Prototype Pollution
convict Open this link in a new tab
Discovered by Alessio Della Libera of Snyk Security Team
Recently disclosed vulnerabilities by Snyk
- H
Command Injection in workspace-tools (npm)
- M
Prototype Pollution in sds (npm)
- H
Prototype Pollution in convict (npm)
- H
Denial of Service (DoS) in bignum (npm)
- H
Denial of Service (DoS) in sqlite3 (npm)
- H
Prototype Pollution in dexie (npm)
- M
Access Control Bypass in drupal/core (composer)
- H
Improper Input Validation in drupal/core (composer)
- M
Cross-site Scripting (XSS) in whoogle-search (pip)
- M
Cross-site Scripting (XSS) in s-cart/core (composer)