We’ve disclosed 8 vulnerabilities 🎉

The Snyk security team helps disclose many vulnerabilities every month, in key packages across a variety of ecosystems. We work closely with open source package maintainers in order to ensure all vulnerabilities are responsibly and efficiently handled in a timely manner.
Our ever-growing list of sources include:

Vulnerability disclosures and reports sent to us from members of the community
Vulnerabilities we've uncovered by monitoring security chatter and trends across open source ecosystems
Partnerships with organizations and academic institutions
Research done internally by the Snyk Security Team

Report a new vulnerability

Featured disclosed vulnerabilities

Directory Traversal

Affects

static-server

Discovered by Liran Tal - Snyk Research Team

Denial of Service (DoS)

Affects

asyncua

Discovered by Tran Van Arthur

Improper Authentication

Affects

asyncua

Discovered by Tran Van Arthur

Recently disclosed vulnerabilities by Snyk

- H
Directory Traversal in static-server (npm)

Discovered by Liran Tal - Snyk Research Team

2 Oct 2023
- M
Denial of Service (DoS) in asyncua (pip)

Discovered by Tran Van Arthur

2 Oct 2023
- M
Improper Authentication in asyncua (pip)

Discovered by Tran Van Arthur

2 Oct 2023
- M
Cross-site Scripting (XSS) in quill-mention (npm)

Discovered by Cameron Foale

27 Sep 2023
- H
Command Injection in pydash (pip)

Discovered by Calum Hutton

26 Sep 2023
- M
Denial of Service (DoS) in graphql (npm)

Discovered by Tadhg Lewis

19 Sep 2023
- M
Arbitrary Argument Injection in blamer (npm)

Discovered by Liran Tal

18 Sep 2023
- M
Denial of Service (DoS) in sidekiq (rubygems)

Discovered by Keegan Parr

12 Sep 2023
- M
Cross-site Scripting (XSS) in @excalidraw/excalidraw (npm)

Discovered by Eugene Lim, The MOps Team

15 Aug 2023
- L
Undesired Behavior in moq (nuget)

Discovered by DinglDanglBob

9 Aug 2023

View all vulnerabilities disclosed by Snyk