We’ve disclosed3396vulnerabilities
by Snyk Security
Researchers
Snyk Vulnerability Database
The leading database for open source vulnerabilities and cloud misconfigurations.
Improper Neutralization of Quoting Syntax
Affecting postgresql package, versions [,13.19) , [14.0,14.16) , [15.0,15.11) , [16.0,16.7) , [17.0,17.3)
How to fix?
Upgrade postgresql to version 13.19, 14.16, 15.11, 16.7, 17.3 or higher.
Vulnerabilities from the last week
Prototype Pollution
Affects
canvg is a JavaScript SVG parser and renderer on Canvas.
Affected versions of this package are vulnerable to Prototype Pollution in the StyleElement constructor.
Note: This vulnerability is being investigated and its details may be updated to reflect new developments.
Unsafe Dependency Resolution
Affects
dment This issue was found to be a duplicate. The original vulnerability with details can be found [here](https://security.snyk.io/vuln/through the deletion of a critical dependency which could be maliciously claimed by a third party. An attacker can execute arbitrary code on the system by installing compromised development dependencies.).
Prototype Pollution
Affects
org.webjars.bower:canvg is a JavaScript SVG parser and renderer on Canvas.
Affected versions of this package are vulnerable to Prototype Pollution in the StyleElement constructor.
Note: This vulnerability is being investigated and its details may be updated to reflect new developments.
Recent vulnerabilities disclosed by Snyk
- H
Cross-site Scripting (XSS) in phpoffice/phpexcel (composer)- C
Embedded Malicious Code in cdn-icon-fetcher-help (npm)- C
Embedded Malicious Code in cdn-icon-fetch (npm)- M
Insertion of Sensitive Information into Log File in ray (pip)- M
Cross-site Scripting (XSS) in tarteaucitronjs (npm)
About Snyk
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.
