We’ve disclosed 3255 vulnerabilities
by Snyk Security
Researchers
How to fix?
Upgrade github.com/opencontainers/runc/libcontainer
to version 1.1.12 or higher.
frosmo-react is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship.
designate is a DNS as a Service
Affected versions of this package are vulnerable to Insufficient Granularity of Access Control where private configuration information including access keys to BIND were made world readable. A malicious attacker with access to any container could exploit this flaw to access sensitive information.
org.springframework:spring-web is a package that provides a comprehensive programming and configuration model for modern Java-based enterprise applications - on any kind of deployment platform.
Affected versions of this package are vulnerable to Open Redirect when using UriComponentsBuilder
to parse an externally provided URL
and perform validation checks on the host of the parsed URL.
Note: This is the same as CVE-2024-22243, but with different input.
Cross-site Scripting (XSS) in livewire/livewire (composer)
Regular Expression Denial of Service (ReDoS) in black (pip)
Command Injection in pdf-image (npm)
Use of Uninitialized Variable in fastecdsa (pip)
Information Exposure in sanitize-html (npm)
by Snyk Security
Researchers
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.