We’ve disclosed 3408 vulnerabilities
by Snyk Security
Researchers
How to fix?
Avoid using all malicious instances of the tukaani-project/xz
package.
@bit/loader is a Framework for building module loaders with very little effort for noobs
Affected versions of this package are vulnerable to Prototype Pollution via the M
function e
argument in index.js
. An attacker can execute arbitrary code by exploiting this vulnerability.
omero-web is an OMERO.web
Affected versions of this package are vulnerable to Improper Input Validation via the callback
parameter. An attacker can exploit this vulnerability by passing a maliciously crafted payload to various endpoints with JSONP enabled.
Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key due to the lack of dynamic permissions. An attacker can gain unauthorized access to sensitive information by exploiting insecure direct object references.
Authentication Bypass in pyhawk (pip)
Authentication Bypass in hawkauthlib (pip)
Authentication Bypass in hawk (npm)
Improper Certificate Validation in componentspace.saml2 (nuget)
Arbitrary Code Injection in mysql2 (npm)
by Snyk Security
Researchers
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.