We’ve disclosed 3603 vulnerabilities
by Snyk Security
Researchers
How to fix?
Avoid using all malicious instances of the tukaani-project/xz
package.
vxe-table is a 一个基于 vue 的 PC 端表格组件,支持增删改查、虚拟树、列拖拽,懒加载、快捷菜单、数据校验、树形结构、打印导出、自定义模板、渲染器、JSON 配置式...
Affected versions of this package are vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') via the export
function. An attacker can inject malicious scripts by manipulating the inputValue
argument.
matlab-proxy is a Python® package enables you to launch MATLAB® and access it from a web browser.
Affected versions of this package are vulnerable to Improper Authentication where token authentication is invalidated due to cookie overlap from other servers operating on different ports within the same domain.
Affected versions of this package are vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in the File Rename Handler. An attacker can inject malicious scripts by manipulating the input field.
Authentication Bypass in pyhawk (pip)
Authentication Bypass in hawkauthlib (pip)
Authentication Bypass in hawk (npm)
Improper Certificate Validation in componentspace.saml2 (nuget)
Arbitrary Code Injection in mysql2 (npm)
by Snyk Security
Researchers
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.