We’ve disclosed 14 vulnerabilities 🎉
The Snyk security team helps disclose many vulnerabilities every month, in key packages across a variety
of ecosystems. We work closely with open source package maintainers in order to ensure all vulnerabilities
are responsibly and efficiently handled in a timely manner.
Our ever-growing list of sources include:
-
Vulnerability disclosures and reports sent to us from members of the community
-
Vulnerabilities we've uncovered by monitoring security chatter and trends across open source ecosystems
-
Partnerships with organizations and academic institutions
-
Research done internally by the Snyk Security Team
Featured disclosed vulnerabilities
Recently disclosed vulnerabilities by Snyk
- M
Cross-site Scripting (XSS) in livewire/livewire (composer)
- M
Regular Expression Denial of Service (ReDoS) in black (pip)
- H
Command Injection in pdf-image (npm)
- H
Use of Uninitialized Variable in fastecdsa (pip)
- M
Information Exposure in sanitize-html (npm)
- M
Improper Restriction of Excessive Authentication Attempts in github.com/greenpau/caddy-security (golang)
- M
HTTP Header Injection in github.com/greenpau/caddy-security (golang)
- M
Server-side Request Forgery (SSRF) in github.com/greenpau/caddy-security (golang)
- M
Open Redirect in github.com/greenpau/caddy-security (golang)
- M
Cross-site Scripting (XSS) in github.com/greenpau/caddy-security (golang)