We’ve disclosed 3374 vulnerabilities
by Snyk Security
Researchers
How to fix?
Upgrade github.com/opencontainers/runc/libcontainer
to version 1.1.12 or higher.
@thi.ng/paths is an Immutable, optimized and optionally typed path-based object property / array accessors with structural sharing
Affected versions of this package are vulnerable to Improper Control of Dynamically-Managed Code Resources due to the improper handling of object properties in the mutIn
and mutInManyUnsafe
components. An attacker can execute arbitrary code on the victim's system by supplying a specially crafted object.
ansys-geometry-core is an A python wrapper for Ansys Geometry service
Affected versions of this package are vulnerable to OS Command Injection due to the improper handling of user input in the _start_program
method. An attacker can execute arbitrary commands on the system by manipulating the input parameters to this method.
org.webjars.npm:express is a WebJar for express.
Affected versions of this package are vulnerable to Open Redirect due to the implementation of URL encoding using encodeurl
before passing it to the location
header. This can lead to unexpected evaluations of malformed URLs by common redirect allow list implementations in applications, allowing an attacker to bypass a properly implemented allow list and redirect users to malicious sites.
Prototype Pollution in web3-utils (npm)
Cross-site Scripting (XSS) in livewire/livewire (composer)
Regular Expression Denial of Service (ReDoS) in black (pip)
Command Injection in pdf-image (npm)
Use of Uninitialized Variable in fastecdsa (pip)
by Snyk Security
Researchers
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.