Disclosed Vulnerabilities | Snyk

All disclosed vulnerabilities by Snyk

- M
Cross-site Scripting (XSS) in mailparser (npm)
Discovered by Ravishanker Kusuma
2 Mar 2026
- M
Incorrect Control Flow Scoping in @tootallnate/once (npm)
Discovered by Nanak Singh Khurana
2 Mar 2026
- C
Arbitrary Code Injection in unisharp/laravel-filemanager (composer)
Discovered by Nam Vo Thanh, James Nicoll
25 Feb 2026
- M
Infinite loop in bn.js (npm)
Discovered by Kr0emer
19 Feb 2026
- H
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') in directorytree/imapengine (composer)
Discovered by Wan Amirul Hakim Wan Yuhainis
13 Feb 2026
- M
Regular Expression Denial of Service (ReDoS) in markdown-it (npm)
Discovered by Duc Le Trung
11 Feb 2026
- C
Arbitrary Code Injection in jsonpath (npm)
Discovered by Nick Copi
5 Feb 2026
- H
CRLF Injection in github.com/lxc/incus/v6/internal/instance (golang)
Discovered by rmcnamara-snyk
26 Jan 2026
- H
CRLF Injection in github.com/lxc/incus/internal/instance (golang)
Discovered by rmcnamara-snyk
26 Jan 2026
- H
Directory Traversal in github.com/lxc/incus/v6/internal/server/instance/drivers (golang)
Discovered by rmcnamara-snyk
26 Jan 2026