Vulnerabilities

A serious security flaw in runC can result in root privilege escalation in Docker and Kubernetes

A security flaw discovered by Adam Iwaniuk and Borys Popławski and found in open source software runC was disclosed on ...

NumPy Arbitrary Code Execution Vulnerability

A recently discovered vulnerability in NumPy, the widely used open source package for scientific computing in Python, allows for the ...

Severe Security Vulnerability in Bower’s Zip Archive Extraction

Earlier this month it was found that Bower, a popular web package manager, is vulnerable to archive extractions and currently, ...

Critical Arbitrary Code Execution Vulnerability Found in Kubernetes

On December 3rd 2018, a severe vulnerability was disclosed to the kubernetes community, which marks the first critical CVE found ...

A Post-Mortem of the Malicious event-stream backdoor

Last week the imaginable happened. A malicious package, flatmap-stream, was published to npm and was later added as a dependency ...

Malicious code found in npm package event-stream downloaded 8 million times in the past 2.5 months

A widely used npm package, event-stream, has been found to contain a malicious package named flatmap-stream. This was disclosed via ...

Public Disclosure of a Critical Arbitrary File Overwrite Vulnerability: Zip Slip

The Snyk Security team is today announcing the public disclosure of a critical arbitrary file overwrite vulnerability called Zip Slip. ...

Attacking an FTP Client: MGETting more than you bargained for

Snyk identified and responsibly disclosed a directory traversal vulnerability found in FTP clients that connect to malicious servers. This post ...

Snyk is Now Integrated with Chrome's Lighthouse

Today we have another exciting announcement: Snyk is now powering the brand-new vulnerable JavaScript audit in Google Chrome’s Lighthouse, the ...