Explore packages and vulnerabilities by …
Operating system
Infrastructure as Code
Vulnerabilities from the last week
Exposed Dangerous Method or Function
NO KNOWN SECURITY ISSUESPOPULARHEALTHYACTIVE
Affects
Affected versions of this package are vulnerable to Exposed Dangerous Method or Function in the Code node when running in legacy JavaScript execution mode. An attacker can access or modify files on the host system with the same privileges as the application process by invoking internal helper functions from within the node. This is only exploitable if the instance is self-hosted, the legacy execution mode is enabled, and the attacker has authenticated workflow editing access.
Deserialization of Untrusted Data
Affects
Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the torch.load function. An attacker can execute arbitrary code by providing a specially crafted model file that is loaded without proper security parameters.
Deserialization of Untrusted Data
Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the GetAsanaObject processor, which uses generic Java object serialization and deserialization without filtering. An attacker can execute arbitrary code by supplying crafted serialized objects to the configured cache server.
Note:
This is only exploitable if the system is running with the GetAsanaObject processor and the attacker has direct access to the configured cache server.
Recent vulnerabilities disclosed by Snyk
- H
Prototype Pollution in pace-js (npm)- M
Remote Code Execution (RCE) in n8n-workflow (npm)- M
Remote Code Execution (RCE) in n8n-nodes-base (npm)- M
Remote Code Execution (RCE) in @n8n/config (npm)- M
Cross-site Request Forgery (CSRF) in fastapi-sso (pip)
Snyk security
researchers
have disclosed
3455
vulnerabilities
About Snyk dependencies vulnerability database
Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.
