![Cover image for [Security Disclosures] Weekly Roundup (Nov 20 - 25)](https://community.snyk.io/images/wujKESuYeL1vBfvlaRWd6X0gVLur19oxtkye9rqLD-Q/s:1000:420/mb:500000/aHR0cHM6Ly9jb21t/dW5pdHkuc255ay5p/by9yZW1vdGVpbWFn/ZXMvaS9qYzkycno0/eHBvZ21uY2gzOTIx/dS5wbmc)
Below is the roundup of our recent security updates, visit our site to find the full list of vulnerability disclosures.
- HIGH: Prototype Pollution in systeminformation (npm) | CVE-2020-7778 | Discovered by EffectRenan - 2020-11-25
- HIGH: Arbitrary Code Execution in jsen (npm) | CVE-2020-7777 | Discovered by Alessio Della Libera (d3lla) - 2020-11-23
- MED: Regular Expression Denial of Service (ReDoS) in djvalidator (npm) | CVE-2020-7779 | Discovered by Yeting Li - 2020-11-19 (CVE UPDATED)
Big thanks to all of the security researchers who help us make software more secure one day and one package at a time.
If you have found a security vulnerability you are welcome to report them to us here.
Discussion