Below is the roundup of our recent security updates, visit our site to find the full list of vulnerability disclosures.
- HIGH: Command Injection in nodemailer (npm) | CVE-2020-7769 | Discovered by Vineet Kumar - 2020-11-12
- MED: Cross-site Scripting (XSS) in lavalite/cms (composer) | 2020-11-12
- HIGH: Regular Expression Denial of Service (ReDoS) in express-validators (npm) | CVE-2020-7767 | Discovered by Yeting Li - 2020-11-11
- HIGH: Prototype Pollution in grpc (npm) | CVE-2020-7768 | Discovered by NerdJS - 2020-11-11
- HIGH: Prototype Pollution in @grpc/grpc-js (npm) | CVE-2020-7768 | Discovered by NerdJS - 2020-11-11
- HIGH: Prototype Pollution in json-ptr (npm) | CVE-2020-7766 | Discovered by Alessio Della Libera (d3lla) - 2020-11-10
- MED: Prototype Pollution in @firebase/util (npm) | CVE-2020-7765 | Discovered by Snyk Security Team - 2020-11-09
- MED: Web Cache Poisoning in find-my-way (npm) | CVE-2020-7764 | Discovered by Discovered by trygve_lie - 2020-11-08
Big thanks to all of the security researchers who help us make software more secure one day and one package at a time.
If you have found a security vulnerability you are welcome to report them to us here.