Snyk Vulnerability Database
The leading database for open source vulnerabilities and cloud misconfigurations.
Improper Neutralization of Quoting Syntax
How to fix?
Upgradepostgresql to version 13.19, 14.16, 15.11, 16.7, 17.3 or higher.
Vulnerabilities from the last week
Improper Authorization
next is a react framework.
Affected versions of this package are vulnerable to Improper Authorization due to the improper handling of thex-middleware-subrequest header. An attacker can bypass authorization checks by sending crafted requests containing this specific header.
Unsafe Dependency Resolution
dmentThis issue was found to be a duplicate.The original vulnerability with details can be found [here](https://security.snyk.io/vuln/via thepull_package API function. An attacker can execute arbitrary commands on the victim's machine by exploiting theproject_wheel_metadata function to execute thesetup.py file inside the tar file.
Note:
This vulnerability bypasses the protections newly implemented through thesafe_extract() function.).
Denial of Service (DoS)
Affected versions of this package are vulnerable to Denial of Service (DoS) through therun_tool command which exposes classes in thewater.tools package via theast parser. An attacker can shut down the server and write large files to arbitrary directories by exploiting theXGBoostLibExtractTool class.
Recent vulnerabilities disclosed by Snyk
- Server-Side Request Forgery (SSRF) in nossrf (npm)Discovered by Liran Tal23 Mar 2025
- Cross-site Scripting (XSS) in phpoffice/phpexcel (composer)Discovered by Nikkolai Fernandez7 Mar 2025
- Embedded Malicious Code in cdn-icon-fetcher-help (npm)5 Mar 2025
- Embedded Malicious Code in cdn-icon-fetch (npm)5 Mar 2025
- Insertion of Sensitive Information into Log File in ray (pip)Discovered by Letao Jiang5 Mar 2025
We’ve disclosed3397vulnerabilities
by Snyk Security
Researchers
About Snyk
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.
