Vulnerabilities

Critical Arbitrary Code Execution Vulnerability Found in Kubernetes

On December 3rd 2018, a severe vulnerability was disclosed to the kubernetes community, which marks the first critical CVE found ...

A Post-Mortem of the Malicious event-stream backdoor

Last week the imaginable happened. A malicious package, flatmap-stream, was published to npm and was later added as a dependency ...

Malicious code found in npm package event-stream downloaded 8 million times in the past 2.5 months

A widely used npm package, event-stream, has been found to contain a malicious package named flatmap-stream. This was disclosed via ...

Public Disclosure of a Critical Arbitrary File Overwrite Vulnerability: Zip Slip

The Snyk Security team is today announcing the public disclosure of a critical arbitrary file overwrite vulnerability called Zip Slip. ...

Attacking an FTP Client: MGETting more than you bargained for

Snyk identified and responsibly disclosed a directory traversal vulnerability found in FTP clients that connect to malicious servers. This post ...

Snyk is Now Integrated with Chrome's Lighthouse

Today we have another exciting announcement: Snyk is now powering the brand-new vulnerable JavaScript audit in Google Chrome’s Lighthouse, the ...

What’s a known vulnerability?

A vulnerability is a vulnerability, whether known or not. The key difference between the two is the likelihood of an ...

77% of 433,000 Sites Use Vulnerable JavaScript Libraries

Last week, we released our first annual State of Open Source Security report. One of the discoveries the report mentions ...

Exposed or not, vulnerabilities are dangerous

Whether a vulnerability is currently exposed or not matters, but only in prioritization. Where its exploitable today or not, leaving ...