All disclosed vulnerabilities by Snyk

• • M
  Infinite loop in bn.js (npm)

  Discovered by Kr0emer
  19 Feb 2026
• • H
  Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') in directorytree/imapengine (composer)

  Discovered by Wan Amirul Hakim Wan Yuhainis
  13 Feb 2026
• • M
  Regular Expression Denial of Service (ReDoS) in markdown-it (npm)

  Discovered by Duc Le Trung
  11 Feb 2026
• • C
  Arbitrary Code Injection in jsonpath (npm)

  Discovered by Nick Copi
  5 Feb 2026
• • H
  CRLF Injection in github.com/lxc/incus/v6/internal/instance (golang)

  Discovered by rmcnamara-snyk
  26 Jan 2026
• • H
  CRLF Injection in github.com/lxc/incus/internal/instance (golang)

  Discovered by rmcnamara-snyk
  26 Jan 2026
• • H
  Directory Traversal in github.com/lxc/incus/v6/internal/server/instance/drivers (golang)

  Discovered by rmcnamara-snyk
  26 Jan 2026
• • H
  Directory Traversal in github.com/lxc/incus/internal/server/instance/drivers (golang)

  Discovered by rmcnamara-snyk
  26 Jan 2026
• • M
  Regular Expression Denial of Service (ReDoS) in diff (npm)

  Discovered by Guiyi He
  22 Jan 2026
• • M
  Stored XSS in net.sourceforge.plantuml:plantuml (maven)

  Discovered by Catalin Iovita (Snyk Security Research)
  15 Jan 2026