We’ve disclosed3449vulnerabilities
by Snyk Security
Researchers
Snyk Vulnerability Database
The leading database for open source vulnerabilities and cloud misconfigurations.
Embedded Malicious Code
Affecting @zapier/zapier-sdk package, versions =0.15.5 , =0.15.6 , =0.15.7
How to fix?
Avoid using all malicious instances of the @zapier/zapier-sdk package.
Vulnerabilities from the last week
Embedded Malicious Code
Affected versions of this package are vulnerable to Embedded Malicious Code. The package was flagged as malicious during the Sha1-hulud supply chain attack. Although the Sha1-hulud IoCs are not present within the package, the contents of the affected version were removed from the official package manager.
XML External Entity (XXE) Injection
Affects
peppol-py is an A python implementation for sending peppol eDelivery AS4 documents.
Affected versions of this package are vulnerable to XML External Entity (XXE) Injection via the XML validation process. An attacker can access sensitive files from the filesystem and exfiltrate their contents to a remote host by submitting crafted XML data.
XML External Entity (XXE) Injection
Affected versions of this package are vulnerable to XML External Entity (XXE) Injection via the XML parsing process. An attacker can access sensitive files by submitting specially crafted XML data containing external entities.
Recent vulnerabilities disclosed by Snyk
- H
Incomplete Filtering of One or More Instances of Special Elements in validator (npm)- C
Prototype Pollution in expr-eval (npm)- C
Prototype Pollution in expr-eval-fork (npm)- H
Arbitrary Argument Injection in cloudinary (npm)- M
Improper Validation of Specified Type of Input in validator (npm)
About Snyk
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.
