We’ve disclosed 3290 vulnerabilities
by Snyk Security
Researchers
How to fix?
Avoid using all malicious instances of the tukaani-project/xz
package.
electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.
Affected versions of this package are vulnerable to Privilege Context Switching Error in libuv
's handling of io_uring
operations called before calling setuid()
. This allows users to elevate privileges.
OctoPrint is a snappy web interface for your 3D printer
Affected versions of this package are vulnerable to Authentication Bypass by Spoofing due to the autologinLocal
configuration option. An attacker can bypass authentication controls by spoofing their IP address using the X-Forwarded-For
header.
Note: If autologin is not enabled, this vulnerability does not have any impact.
io.antmedia:ant-media-server is a media server supporting RTMP, RTSP, WebRTC and Adaptive Bitrate.
Affected versions of this package are vulnerable to Improper Authorization due to improper handling of HTTP header based authorization. An attacker can execute non-administrative API calls that should be restricted to authorized users by manipulating HTTP headers.
Improper Certificate Validation in componentspace.saml2 (nuget)
Arbitrary Code Injection in mysql2 (npm)
Prototype Pollution in lodash (npm)
Prototype Pollution in lodash.zipobjectdeep (npm)
Remote Code Execution (RCE) in mysql2 (npm)
by Snyk Security
Researchers
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.