All disclosed vulnerabilities by Snyk

• • M
  Cross-site Scripting (XSS) in smoothie (npm)

  Discovered by WofWca
  20 Dec 2022
• • H
  Command Injection in exec-local-bin (npm)

  Discovered by JHU System Security Lab
  20 Dec 2022
• • H
  Command Injection in abacus-ext-cmdline (npm)

  Discovered by JHU System Security Lab
  20 Dec 2022
• • H
  Command Injection in npm-node-utils (npm)

  Discovered by Mingqing Kang
  19 Dec 2022
• • H
  Denial of Service (DoS) in lite-server (npm)

  Discovered by Liran Tal, Snyk
  19 Dec 2022
• • H
  Prototype Pollution in safe-eval (npm)

  Discovered by Yuhan Gao (gyhlelecola@163.com), Peng Zhou (zpbrent@gmail.com)
  19 Dec 2022
• • H
  Directory Traversal in lite-dev-server (npm)

  Discovered by Liran Tal, Snyk
  19 Dec 2022
• • H
  Directory Traversal in easy-static-server (npm)

  Discovered by Liran Tal, Snyk
  19 Dec 2022
• • H
  Command Injection in p4 (npm)

  Discovered by JHU
  19 Dec 2022
• • M
  Arbitrary File Write via Archive Extraction (Zip Slip) in github.com/snapcore/snapd/overlord/snapshotstate/backend (golang)

  Discovered by Sam Sanoop of Snyk Security Team
  15 Dec 2022