Snyk Vulnerability Database | Snyk (original) (raw)

The leading database for open source vulnerabilities and cloud misconfigurations.

Improper Neutralization of Quoting Syntax

Affecting postgresql package, versions [,13.19) , [14.0,14.16) , [15.0,15.11) , [16.0,16.7) , [17.0,17.3)

How to fix?

Upgrade postgresql to version 13.19, 14.16, 15.11, 16.7, 17.3 or higher.

Vulnerabilities from the last week

Improper Validation of Integrity Check Value

electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS.

Affected versions of this package are vulnerable to Improper Validation of Integrity Check Value via the ASAR integrity validation process. An attacker can bypass integrity checks and modify application content by altering files within the application bundle on a filesystem to which they have write access.

Note: This is only exploitable if embeddedAsarIntegrityValidation and onlyLoadAppFromAsar fuses are enabled and the application is launched from a writable filesystem on Windows.

Directory Traversal

dbgpt is a DB-GPT is an experimental open-source project that uses localized GPT large models to interact with your data and environment. With this solution, you can beassured that there is no risk of data leakage, and your data is 100% private and secure.

Affected versions of this package are vulnerable to Directory Traversal via the import_flow function. An attacker can access or modify files outside the intended directory by manipulating the File argument in crafted requests.

Improper Authorization

org.graylog2:graylog2-server is a log management platform.

Affected versions of this package are vulnerable to Improper Authorization via an incorrect permission check in the token creation process. An attacker can gain elevated privileges by crafting requests to the REST API and creating API tokens for higher-privileged users if they know the user ID.

Note: This is only exploitable if the attacker has a valid user account in the system.

Recent vulnerabilities disclosed by Snyk

• • L
    Discovered by Snyk Research Team
    25 Jun 2025
• • H
    Discovered by Raul Onitza-Klugman (Snyk Security Research)
    28 May 2025
• • H
    Discovered by Raul Onitza-Klugman (Snyk Security Research)
    28 May 2025
• • M
    Discovered by Xavier Bruni
    15 May 2025
• • M
    8 May 2025

We’ve disclosed

3417

vulnerabilities

by Snyk Security
Researchers

About Snyk

Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.