We’ve disclosed 3213 vulnerabilities
by Snyk Security
Researchers
Snyk Vulnerability Database
The leading database for open source vulnerabilities and cloud misconfigurations.
Heap-based Buffer Overflow
Affecting curl package, versions
[7.69.0,8.4.0)
How to fix?
Upgrade curl to version 8.4.0 or higher.
Vulnerabilities from the last week
HTTP Request Smuggling
Affects
@fastify/reply-from is a forward your HTTP request to another server, for fastify
Affected versions of this package are vulnerable to HTTP Request Smuggling due to improper handling of the ContentType header with additional whitespace and charset information. An attacker can bypass security checks by crafting a header that exploits this behavior.
Race Condition
Affects
alfred3-interact is a Components for interactive experiments in the alfred3 framework.
Affected versions of this package are vulnerable to Race Condition via MatchMaker._init_member() which creates a member before its session ID is available in the database.
Improper Handling of Insufficient Privileges
org.xwiki.platform:xwiki-platform-oldcore is a generic wiki platform offering runtime services for applications built on top of it.
Affected versions of this package are vulnerable to Improper Handling of Insufficient Privileges for the rollback action. An attacker can gain rights they no longer have by rolling back to a previous version of a page. This is only exploitable if the attacker has the ability to access the rollback functionality.
Recent vulnerabilities disclosed by Snyk
- H
Improper Input Validation in follow-redirects (npm)
- H
Prototype Pollution in mockjs (npm)
- M
Insufficient Entropy in pubnub (pub)
- M
Insufficient Entropy in pubnub (cocoapods)
- M
Insufficient Entropy in github.com/pubnub/swift (swift)
About Snyk
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.
