We’ve disclosed 3378 vulnerabilities
by Snyk Security
Researchers
How to fix?
Avoid using all malicious instances of the tukaani-project/xz
package.
electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.
Affected versions of this package are vulnerable to Integer Overflow or Wraparound when decoding videos with a large frame size. An attacker can cause memory corruption within the AV1 decoder by providing a specially crafted video file.
mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models.
Affected versions of this package are vulnerable to Path Traversal due to improper sanitization of user-supplied paths in the artifact deletion functionality. An attacker can delete arbitrary directories on the server's filesystem by exploiting the double decoding process in the _delete_artifact_mlflow_artifacts
handler and local_file_uri_to_path
function. This vulnerability arises from an additional unquote operation in the delete_artifacts
function of local_artifact_repo.py
, which fails to adequately prevent path traversal sequences.
org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages.
Affected versions of this package are vulnerable to Improper Access Control in the hotspot/compiler
component. An attacker can compromise data integrity.
Prototype Pollution in lodash (npm)
Prototype Pollution in lodash.zipobjectdeep (npm)
Remote Code Execution (RCE) in mysql2 (npm)
Prototype Poisoning in mysql2 (npm)
Improper Input Validation in mysql2 (npm)
by Snyk Security
Researchers
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.