Snyk blog

Latest updates from Snyk team

All articles

Vulnerabilities

Learn more about vulnerabilities and exploits from our dedicated security team and others.

Application Security, Ecosystems, Open Source, Vulnerabilities

Remote code execution, cross-site scripting, and denial of service vulnerabilities account for 2/3 of known vulnerabilities in .NET ecosystem

Welcome to our new security report: .NET open source security insights. This report is split into three posts: .NET open ...

Hayley Denbraver
July 25, 2019
Application Security, Ecosystems, Open Source, Vulnerabilities

Unique to the .NET ecosystem, 75% of the top twenty vulnerabilities have a high severity rating

Welcome to our new security report: .NET open source security insights. This report is split into three posts: .NET open ...

Hayley Denbraver
July 25, 2019
Application Security, Ecosystems, Open Source, Vulnerabilities

.NET open source security insights

Welcome to our new security report: .NET open source security insights. This report is split into three posts: .NET open ...

Hayley Denbraver
July 25, 2019
Application Security, Vulnerabilities

Concerns of supply-chain attacks amplify as remote code execution was found in Ruby gem strong_password

On July 5th, 2019, the CVE-2019-13354 security advisory was published for a malicious version of the strong_password Ruby gem which ...

Liran Tal
July 6, 2019
Application Security, Open Source, Vulnerabilities

Snyk research team discovers severe prototype pollution security vulnerabilities affecting all versions of lodash

On July 2nd, 2019, Snyk published a high severity prototype pollution security vulnerability (CVE-2019-10744) affecting all versions of lodash, as ...

Liran Tal
July 4, 2019
Application Security, Ecosystems, Vulnerabilities

Yet another malicious package found in npm, targeting cryptocurrency wallets

Cryptocurrency wallet developer Komodo has been in the news recently as the most recent victim of an attempted cryptocurrency attack ...

Simon Maple
Simon Maple
June 17, 2019
Vulnerabilities

A Denial of Service vulnerability discovered in the Axios JavaScript package - affecting all versions of the popular HTTP client

Affected versions of axios are vulnerable to Denial of Service (DoS) because content continues to be processed from requests even ...

Liran Tal
May 6, 2019
Open Source, Vulnerabilities

After three years of silence, a new jQuery prototype pollution vulnerability emerges once again

On March 26th, 2019, almost three years after the last jQuery security vulnerability was disclosed, we recently learned about a ...

Liran Tal
April 15, 2019
Vulnerabilities

Malicious remote code execution backdoor discovered in the popular bootstrap-sass Ruby gem

On March 26, 2019, a malicious version of the popular bootstrap-sass package, that has been downloaded a total of 28 ...

Liran Tal
April 3, 2019
Next