Explore packages and vulnerabilities by …
Operating system
Infrastructure as Code
Vulnerabilities from the last week
Cross-site Scripting (XSS)
NO KNOWN SECURITY ISSUESINFLUENTIAL PROJECTHEALTHYLIMITED
Affects
mailparser is an email parser.
Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the textToHtml() function due to the improper sanitisation of URLs in the email content. An attacker can execute arbitrary scripts in victim browsers by adding extra quote " to the URL with embedded malicious JavaScript code.
Allocation of Resources Without Limits or Throttling
Affects
zae-limiter is a Rate limiting library backed by DynamoDB with token bucket algorithm
Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the acquire function. An attacker can cause elevated latency and rejected requests for high-traffic entities, and potentially impact other entities sharing the same DynamoDB partition, by sending sustained high-rate traffic to a single entity.
Directory Traversal
Affects
Affected versions of this package are vulnerable to Directory Traversal via the uniqueId parameter. An attacker can write files outside the intended media directory by setting the uniqueId to an absolute path when uploading a device image.
Recent vulnerabilities disclosed by Snyk
- M
Cross-site Scripting (XSS) in mailparser (npm)- M
Incorrect Control Flow Scoping in @tootallnate/once (npm)- C
Arbitrary Code Injection in unisharp/laravel-filemanager (composer)- M
Infinite loop in bn.js (npm)- H
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') in directorytree/imapengine (composer)
Snyk security
researchers
have disclosed
3469
vulnerabilities
About Snyk dependencies vulnerability database
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.
