Blog Archive

Buffer overflow in Chromium affecting multiple packages

November 23, 2020

Regular Expression Denial of Service (REDoS) in UAParser.js

October 26, 2020

SourMint malicious SDK research write up

October 16, 2020

SourMint: iOS remote code execution, Android findings, and community response

October 15, 2020

Arbitrary code execution in Grunt

September 21, 2020

SourMint: Malicious code, ad fraud, and data leak in iOS

August 24, 2020

SourMint malicious SDK research writeup

August 24, 2020

Prototype pollution in express-fileupload

August 24, 2020

Breaking out of message brokers

August 5, 2020

Instant security information with the Snyk security badge

August 4, 2020

Arbitrary File Write via Archive Extraction (Zip Slip) in go-rpmutils

July 20, 2020

Demystifying HTTP request smuggling

June 30, 2020

Regular Expression Denial-of-Service in websocket-extensions

June 22, 2020

Discover package vulnerabilities with the Snyk integration for JSDelivr

June 8, 2020

Why do organizations trust Snyk to win the open source security battle?

May 27, 2020

Mitigating clickJacking — the DevSecOps way!

May 25, 2020

3 big Amazon S3 vulnerabilities you may be missing

May 21, 2020

Snyk vulnerability disclosure program: what’s going on behind the scenes?

April 14, 2020

Responsible disclosure: the impact of vulnerability disclosure on open source security

April 7, 2020

Vulnerable Gradle plugin-publish plugin reveals sensitive information

March 31, 2020

Exploring the minimist prototype pollution security vulnerability

March 26, 2020