Snyk Vulnerability Database
The leading database for open source vulnerabilities and cloud misconfigurations.
Improper Neutralization of Quoting Syntax
How to fix?
Upgradepostgresql to version 13.19, 14.16, 15.11, 16.7, 17.3 or higher.
Vulnerabilities from the last week
Malicious Package
invoiceread-paypal is a malicious package.This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship.
SQL Injection
apache-airflow-providers-mysql is a provider for Apache Airflow
Affected versions of this package are vulnerable to SQL Injection through thedump_sql() orload_sql() functions. A user can inject DML into a table parameter from the UI on a DAG that uses one of these functions.
Regular Expression Denial of Service (ReDoS)
org.webjars:jspdf is a WebJar for jspdf.
Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) in theaddImage(),html(), andaddSvgAsImage() methods. An attacker can occupy excessive CPU by supplying a malicious data-url.
Recent vulnerabilities disclosed by Snyk
- Cross-site Scripting (XSS) in phpoffice/phpexcel (composer)Discovered by Nikkolai Fernandez7 Mar 2025
- Embedded Malicious Code in cdn-icon-fetcher-help (npm)5 Mar 2025
- Embedded Malicious Code in cdn-icon-fetch (npm)5 Mar 2025
- Insertion of Sensitive Information into Log File in ray (pip)Discovered by Letao Jiang5 Mar 2025
- Cross-site Scripting (XSS) in tarteaucitronjs (npm)Discovered by François (mably)17 Feb 2025
We’ve disclosed3396vulnerabilities
by Snyk Security
Researchers
About Snyk
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.
