We’ve disclosed 3 vulnerabilities 🎉
The Snyk security team helps disclose many vulnerabilities every month, in key packages across a variety
of ecosystems. We work closely with open source package maintainers in order to ensure all vulnerabilities
are responsibly and efficiently handled in a timely manner.
Our ever-growing list of sources include:
-
Vulnerability disclosures and reports sent to us from members of the community
-
Vulnerabilities we've uncovered by monitoring security chatter and trends across open source ecosystems
-
Partnerships with organizations and academic institutions
-
Research done internally by the Snyk Security Team
Featured disclosed vulnerabilities
Arbitrary File Write via Archive Extraction (Zip Slip)
opencart/opencart
Discovered by Calum Hutton
Recently disclosed vulnerabilities by Snyk
- M
Cross-site Scripting (XSS) in djangorestframework (pip)
- H
Arbitrary File Creation in opencart/opencart (composer)
- H
Arbitrary File Write via Archive Extraction (Zip Slip) in opencart/opencart (composer)
- L
Reflected Cross-site Scripting in opencart/opencart (composer)
- L
Reflected Cross-site Scripting in opencart/opencart (composer)
- L
Reflected Cross-site Scripting in opencart/opencart (composer)
- H
SQL Injection in opencart/opencart (composer)
- M
Out-of-bounds Read in pymongo (pip)
- H
Prototype Pollution in mysql2 (npm)
- C
Authentication Bypass in pyhawk (pip)