All disclosed vulnerabilities by Snyk

• • C
  Remote Code Execution (RCE) in @whyour/qinglong (npm)

  Discovered by Edward W
  12 Mar 2026
• • M
  Cross-site Scripting (XSS) in spin.js (npm)

  Discovered by Eric Cornelissen, Samuel Kajava
  10 Mar 2026
• • C
  Arbitrary Code Injection in es-toolkit (npm)

  Discovered by Makoto Maeda
  9 Mar 2026
• • M
  Cross-site Scripting (XSS) in mailparser (npm)

  Discovered by Ravishanker Kusuma
  2 Mar 2026
• • M
  Incorrect Control Flow Scoping in @tootallnate/once (npm)

  Discovered by Nanak Singh Khurana
  2 Mar 2026
• • C
  Arbitrary Code Injection in unisharp/laravel-filemanager (composer)

  Discovered by Nam Vo Thanh, James Nicoll
  25 Feb 2026
• • M
  Infinite loop in bn.js (npm)

  Discovered by Kr0emer
  19 Feb 2026
• • H
  Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') in directorytree/imapengine (composer)

  Discovered by Wan Amirul Hakim Wan Yuhainis
  13 Feb 2026
• • M
  Regular Expression Denial of Service (ReDoS) in markdown-it (npm)

  Discovered by Duc Le Trung
  11 Feb 2026
• • C
  Arbitrary Code Injection in jsonpath (npm)

  Discovered by Nick Copi
  5 Feb 2026