We’ve disclosed 14 vulnerabilities 🎉

The Snyk security team helps disclose many vulnerabilities every month, in key packages across a variety of ecosystems. We work closely with open source package maintainers in order to ensure all vulnerabilities are responsibly and efficiently handled in a timely manner.
Our ever-growing list of sources include:

Vulnerability disclosures and reports sent to us from members of the community
Vulnerabilities we've uncovered by monitoring security chatter and trends across open source ecosystems
Partnerships with organizations and academic institutions
Research done internally by the Snyk Security Team

Report a new vulnerability

Featured disclosed vulnerabilities

Denial of Service (DoS)

Affects

graphql

Discovered by Tadhg Lewis

Arbitrary Argument Injection

Affects

blamer

Discovered by Liran Tal

Denial of Service (DoS)

Affects

sidekiq

Discovered by Keegan Parr

Recently disclosed vulnerabilities by Snyk

- M
Denial of Service (DoS) in graphql (npm)

Discovered by Tadhg Lewis

19 Sep 2023
- M
Arbitrary Argument Injection in blamer (npm)

Discovered by Liran Tal

18 Sep 2023
- M
Denial of Service (DoS) in sidekiq (rubygems)

Discovered by Keegan Parr

12 Sep 2023
- M
Cross-site Scripting (XSS) in @excalidraw/excalidraw (npm)

Discovered by Eugene Lim, The MOps Team

15 Aug 2023
- L
Undesired Behavior in moq (nuget)

Discovered by DinglDanglBob

9 Aug 2023
- H
Prototype Pollution in underscore-keypath (npm)

Discovered by Peng Zhou, Yuhan Gao

31 Jul 2023
- M
Prototype Pollution in tough-cookie (npm)

Discovered by Kokorin Vsevolod

30 Jun 2023
- L
Improper Interaction Between Multiple Correctly-Behaving Entities in darcyclarke-manifest-pkg (npm)

Discovered by Darcy Clarke

29 Jun 2023
- H
Prototype Pollution in flatnest (npm)

Discovered by Yuhan Gao, Peng Zhou

29 Jun 2023
- C
Command Injection in git-commit-info (npm)

Discovered by Feng Xiao

27 Jun 2023

View all vulnerabilities disclosed by Snyk