All disclosed vulnerabilities by Snyk

• • C
  Malicious Package in relative-ci-agent (npm)

  Discovered by Viorel Cojocaru
  6 Oct 2025
• • H
  Allocation of Resources Without Limits or Throttling in pdfmake (npm)

  Discovered by Ryusei Ishikawa
  6 Oct 2025
• • H
  Prototype Pollution in algoliasearch-helper (npm)

  Discovered by Yuhan Gao, Peng Zhou
  26 Sept 2025
• • M
  Improper Validation of Syntactic Correctness of Input in github.com/nyaruka/phonenumbers (golang)

  Discovered by Shai Shnaider
  26 Sept 2025
• • L
  Cross-site Scripting (XSS) in jsondiffpatch (npm)

  Discovered by zendive
  3 Sept 2025
• • H
  Prototype Pollution in @nyariv/sandboxjs (npm)

  Discovered by Erwin Chan
  4 Aug 2025
• • C
  SQL Injection in z-push/z-push-dev (composer)

  Discovered by XBOW
  28 Jul 2025
• • H
  Server-Side Request Forgery (SSRF) in ssrfcheck (npm)

  Discovered by Liran Tal
  27 Jul 2025
• • H
  Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in bun (npm)

  Discovered by Liran Tal
  22 Jul 2025
• • H
  Directory Traversal in files-bucket-server (npm)

  Discovered by Liran Tal
  22 Jul 2025