All disclosed vulnerabilities by Snyk

• • C
  Remote Code Execution (RCE) in jsonpath-plus (npm)

  Discovered by Nick Copi
  14 Feb 2025
• • H
  Regular Expression Denial of Service (ReDoS) in parse-duration (npm)

  Discovered by Liran Tal (Snyk Security Research)
  12 Feb 2025
• • M
  Server-side Request Forgery (SSRF) in hackney (hex)

  Discovered by Sam Sanoop
  10 Feb 2025
• • H
  Improper Input Validation in spatie/browsershot (composer)

  Discovered by Chua Jian Shen, Ee Yang Tee
  4 Feb 2025
• • H
  Arbitrary File Upload in cockpit-hq/cockpit (composer)

  Discovered by Chi Siang Choo
  4 Feb 2025
• • H
  Improper Input Validation in spatie/browsershot (composer)

  Discovered by Ee Yang Tee
  4 Feb 2025
• • H
  Arbitrary Code Execution in masuit.tools.abstractions (nuget)

  Discovered by Keyang Yin, zpbrent(zhou peng@shu)
  16 Jan 2025
• • H
  Improper Input Validation in spatie/browsershot (composer)

  Discovered by Ahmad Shauqi
  19 Dec 2024
• • H
  Prototype Pollution in bun (npm)

  Discovered by Liran Tal - Snyk Research Team
  16 Dec 2024
• • H
  Directory Traversal in spatie/browsershot (composer)

  Discovered by Jian Shen Chua
  16 Dec 2024