Below is the roundup of our recent security updates, visit our site to find the full list of vulnerability disclosures.
- HIGH: Prototype Pollution in systeminformation (npm) | CVE-2020-7778 | Discovered by EffectRenan - 2020-11-25
- HIGH: Arbitrary Code Execution in jsen (npm) | CVE-2020-7777 | Discovered by Alessio Della Libera (d3lla) - 2020-11-23
- MED: Regular Expression Denial of Service (ReDoS) in djvalidator (npm) | CVE-2020-7779 | Discovered by Yeting Li - 2020-11-19 (CVE UPDATED)
Big thanks to all of the security researchers who help us make software more secure one day and one package at a time.
If you have found a security vulnerability you are welcome to report them to us here.