We’ve disclosed3429vulnerabilities
by Snyk Security
Researchers
Upgrade postgresql
to version 13.19, 14.16, 15.11, 16.7, 17.3 or higher.
@pdfme/common is a TypeScript base PDF generator and React base UI. Open source, developed by the community, and completely free to use under the MIT license!
Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the validateAST
function in the expression.ts
file. An attacker can execute arbitrary JavaScript code, steal sensitive information, or modify application behavior by crafting malicious input that bypasses sandbox restrictions and manipulates prototype accessor methods.
pyload-ng is a The free and open-source Download Manager written in pure Python
Affected versions of this package are vulnerable to Improper Preservation of Permissions via the host
header. An attacker can gain unauthorized access and create arbitrary packages by sending crafted requests from a remote location.
Affected versions of this package are vulnerable to Credential Exposure due to the storage of sensitive credentials in plaintext within the global configuration file on the controller file system. An attacker can obtain confidential information by gaining access to the file system.
by Snyk Security
Researchers
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.