We’ve disclosed 3283 vulnerabilities
by Snyk Security
Researchers
How to fix?
Avoid using all malicious instances of the tukaani-project/xz
package.
directus is a Directus is a real-time API and App dashboard for managing SQL database content.
Affected versions of this package are vulnerable to Improper Access Control due to the improper handling of _in
and _nin
operators. An attacker can bypass access controls by crafting requests that exploit the evaluation of empty arrays as valid, leading to unauthorized actions or access.
khoj-assistant is an An AI copilot for your Second Brain
Affected versions of this package are vulnerable to Open Redirect through the next
parameter on the login page. An attacker can redirect a victim to a malicious site by manipulating the URL parameter to point to an undesirable destination.
org.apache.nifi:nifi-web-ui is a system to process and distribute data.
Affected versions of this package are vulnerable to Cross-site Scripting (XSS) through the description
field in the Parameter Context configuration.
Note: This is only exploitable if the user is authenticated and authorized to configure a Parameter Context.
Denial of Service (DoS) in speaker (npm)
Improper Check or Handling of Exceptional Conditions in node-twain (npm)
Out-of-bounds Read in node-stringbuilder (npm)
Denial of Service (DoS) in images (npm)
Improper Validation of Array Index in audify (npm)
by Snyk Security
Researchers
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.