Hey folks in order to have quick access to our recent security updates, we will be creating a weekly roundup of vulnerability disclosures from our site.
- HIGH: Path Traversal in browserless-chrome (npm) | CVE-2020-7758 | Discovered by Snyk Security Team - 2020-10-29
- MED: Path Traversal in droppy (npm) | CVE-2020-7757 | Discovered by Snyk Security Team - 020-10-29
- HIGH: Regular Expression Denial of Service (ReDoS) in trim (npm) | CVE-2020-7753 | Discovered by Liyuan Chen - 2020-10-27
- HIGH: Command Injection in systeminformation (npm) | CVE-2020-7752 | Discovered by EffectRenan - 2020-10-26
- MED: Prototype Pollution in pathval (npm) | CVE-2020-7751 | Discovered by posix - 2020-10-25
- HIGH: Cross-site Scripting (XSS) in scratch-svg-renderer (npm) | CVE-2020-7750 | Discovered by apple502j - 2020-10-21
- HIGH: Server-side Request Forgery (SSRF) in osm-static-maps (npm) | CVE-2020-7749 | Discovered by Vasilii Ermilov - 2020-10-19
- MED: Prototype Pollution in @tsed/core (npm) | CVE-2020-7748 | Discovered by Snyk Security Team - 2020-10-19
- MED: Cross-site Scripting (XSS) in lightning-server (npm) | CVE-2020-7747 | Discovered by Snyk Security Team - 2020-10-19
- HIGH: Prototype Pollution in chart.js (npm) | CVE-2020-7746 | Discovered by Alessio Della Libera (d3lla) - 2020-10-19
Big thanks to all of the security researchers who help us make software more secure one day and one package at a time.
If you have found a security vulnerability you are welcome to report them to us here.