Homepage
Snyk Security Dog Illustration

Snyk Security Database

The leading database for open source vulnerabilities and cloud misconfigurations

Explore packages and vulnerabilities by …

Application

npmMavenpipNuGetcocoapodsComposerGo logoGoRubyGemsUnmanagedCargo logoCargoSwifthexpubConan logoConan

Operating system

DebianAlpine LinuxUbuntuRed Hat Enterprise LinuxCentOSAmazon Linux logoAmazon LinuxOracle Linux logoOracle LinuxRocky LinuxSuse Linux Enterprise ServerWolfiAlmaLinuxChainguard

Infrastructure as Code

AWSAzureGCPKubernetes

Vulnerabilities from the last week

Cross-site Scripting (XSS)

0.0
0
10
NO KNOWN SECURITY ISSUESINFLUENTIAL PROJECTHEALTHYSUSTAINABLE
Affects

trix <2.1.17

trix is a Rich Text Editor.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the data-trix-serialized-attributes attribute bypassing the DOMPurify sanitizer. An attacker can execute arbitrary JavaScript code within the user's session by crafting HTML containing a malicious payload in this attribute, potentially leading to unauthorized actions or disclosure of sensitive information when the content is rendered.

Cross-site Scripting (XSS)

0.0
0
10
Affects

copyparty [,1.20.12)

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the upload of .prologue.html file when a crafted URL is accessed. An attacker can execute arbitrary JavaScript in the context of another user's session by uploading a malicious .prologue.html file and tricking a victim into clicking a specially crafted link.

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

0.0
0
10
Affects

org.apache.iotdb:iotdb-core [,1.3.7) , [2.0.1-beta,2.0.7)

Affected versions of this package are vulnerable to Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') via JEXL dependency. An attacker can execute arbitrary commands, access sensitive data, or disrupt service by submitting specially crafted input.

Recent vulnerabilities disclosed by Snyk

Snyk security
researchers
have disclosed

3473

vulnerabilities

Snyk mascot with laptop
See all Snyk disclosed vulnerabilities
Report a new vulnerability

About Snyk dependencies vulnerability database

Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.

Snyk graduation illustration