All disclosed vulnerabilities by Snyk

• • H
  Server-Side Request Forgery (SSRF) in nossrf (npm)

  Discovered by Liran Tal
  23 Mar 2025
• • H
  Cross-site Scripting (XSS) in phpoffice/phpexcel (composer)

  Discovered by Nikkolai Fernandez
  7 Mar 2025
• • C
  Embedded Malicious Code in cdn-icon-fetcher-help (npm)
  5 Mar 2025
• • C
  Embedded Malicious Code in cdn-icon-fetch (npm)
  5 Mar 2025
• • M
  Insertion of Sensitive Information into Log File in ray (pip)

  Discovered by Letao Jiang
  5 Mar 2025
• • M
  Cross-site Scripting (XSS) in tarteaucitronjs (npm)

  Discovered by François (mably)
  17 Feb 2025
• • C
  Remote Code Execution (RCE) in jsonpath-plus (npm)

  Discovered by Nick Copi
  14 Feb 2025
• • H
  Regular Expression Denial of Service (ReDoS) in parse-duration (npm)

  Discovered by Liran Tal (Snyk Security Research)
  12 Feb 2025
• • M
  Server-side Request Forgery (SSRF) in hackney (hex)

  Discovered by Sam Sanoop
  10 Feb 2025
• • H
  Improper Input Validation in spatie/browsershot (composer)

  Discovered by Chua Jian Shen, Ee Yang Tee
  4 Feb 2025