Below is the roundup of our recent security updates, visit our site to find the full list of vulnerability disclosures.
- MED: Arbitrary File Read in jsreport-chrome-pdf (npm) | CVE-2020-7762 | Discovered by Anand Namana - 2020-11-05
- MED: Regular Expression Denial of Service (ReDoS) in @absolunet/kafe (npm) | CVE-2020-7761 | Discovered by Yeting Li - 2020-11-05
- HIGH: Arbitrary File Read in phantom-html-to-pdf (npm) | CVE-2020-7763 | Discovered by Anand Namana - 2020-11-05
- MED: Prototype Pollution in json8 (npm) | Discovered by Alessio Della Libera (d3lla) - 2020-11-03
- MED: SQL Injection in pimcore/pimcore (composer) | CVE-2020-7759 | Discovered by Daniele Scanu - 2020-11-01
- MED: Regular Expression Denial of Service (ReDoS) in codemirror (npm) | CVE-2020-7760 | Discovered by Yeting Li
Big thanks to all of the security researchers who help us make software more secure one day and one package at a time.
If you have found a security vulnerability you are welcome to report them to us here.