Vulnerabilities

Learn more about vulnerabilities and exploits from our dedicated security team and others.

5 ways to prevent code injection in JavaScript and Node.js

Learn some best practices for keeping your Node.js and JavaScript projects safe from code injection attacks.

April 5, 2021

Developer Driven Workflows – Dockerfile & image scanning, prioritization, and remediation

When deploying applications in containers, developers are now having to take on responsibilities related to operating system level security concerns. Often, these are unfamiliar topics that, in many cases, had previously been handled by operations and security teams. While this new domain can seem daunting there are various tools and practices that you can incorporate […]

March 25, 2021

How I was hacking docker containers by exploiting ImageMagick vulnerabilities

What if I told you that using vulnerable Docker images can put you at significant and imminent risk of a command injection security vulnerability of hacking docker containers that use that vulnerable Docker image? In this article, I’ll take you through a step-by-step process of container hacking, in which we will exploit a Node.js-based web […]

March 11, 2021

Guide to Software Composition Analysis (SCA)

2020 was a watershed year for open source. Digital transformation, already gaining momentum before COVID19 hit, suddenly accelerated. More and more companies became software companies, and with this shift—usage of open source peaked. Why? Simply put, open source enables development teams to deliver value more rapidly and more frequently, thus enabling their companies to better […]

January 27, 2021

Prioritize fixes more efficiently with Reachable Vulnerabilities for GitHub

We are pleased to start the new year with the beta availability of Reachable Vulnerabilities for GitHub, providing development and security teams with deep application-level context for vulnerabilities identified in GitHub-hosted applications and enabling them to prioritize fixes more efficiently. Announced in July last year, Reachable Vulnerabilities analyzes an application’s execution path to identify whether […]

January 21, 2021

Snyk’s approach to container security research and relative importance

Container vulnerabilities are tricky things to deal with, requiring an understanding of both Linux security and container image architecture. Setting aside vulnerabilities that might occur in your code, most of the vulnerabilities that you deal with in containers relate to Linux operating system packages and their dependencies. And yet, containers are typically handled by developers, […]

December 14, 2020

How to detect the ExternalIP Kubernetes vulnerability in your Kubernetes configurations with Snyk

On Tuesday, a Kubernetes vulnerability was announced affecting all Kubernetes versions where a hostile user may be able to intercept traffic if external IP addresses are being used on services. Snyk has added a new check to Snyk Infrastructure as Code (Snyk IaC) to check your Kubernetes deployment definitions and notify you if you are […]

December 10, 2020

Regular Expression Denial of Service (REDoS) in UAParser.js

Welcome to the Snyk Monthly Vulnerability Profile. In this series, Snyk looks back on the vulnerabilities discovered by or reported to our Security Research Team. We choose one noteworthy vulnerability from the past month and tell the story behind the discovery, research, and disclosure of the vulnerability. We highlight the researchers, developers, and users who […]

October 26, 2020

Arbitrary code execution in Grunt

Welcome to the Snyk Monthly Vulnerability Profile. In this series, Snyk looks back on the vulnerabilities discovered by or reported to our Security Research Team. We choose one noteworthy vulnerability from the past month and tell the story behind the discovery, research, and disclosure of the vulnerability. We highlight the researchers, developers, and users who […]

September 21, 2020

Prototype pollution in express-fileupload

Welcome to the Snyk Monthly Vulnerability Profile. In this series, Snyk looks back on the vulnerabilities discovered by or reported to our Security Research Team. We choose one noteworthy vulnerability from the past month and tell the story behind the discovery, research, and disclosure of the vulnerability. We highlight the researchers, developers, and users who […]

August 24, 2020

Prioritizing vulnerabilities in Kubernetes deployments

Snyk has recently introduced a Priority Score to help prioritize vulnerabilities we detect, helping you identify the most important issues that need your attention. Prioritization and Snyk Container The new Priority Score is fully supported in Snyk Container. All of your container images will be scored based on the severity of the vulnerability, data we […]

August 6, 2020