Vulnerabilities

After three years of silence, a new jQuery prototype pollution vulnerability emerges once again

On March 26th, 2019, almost three years after the last jQuery security vulnerability was disclosed, we recently learned about a ...

Malicious remote code execution backdoor discovered in the popular bootstrap-sass Ruby gem

On March 26, 2019, a malicious version of the popular bootstrap-sass package, that has been downloaded a total of 28 ...

A serious security flaw in runC can result in root privilege escalation in Docker and Kubernetes

A security flaw discovered by Adam Iwaniuk and Borys Popławski and found in open source software runC was disclosed on ...

NumPy Arbitrary Code Execution Vulnerability

A recently discovered vulnerability in NumPy, the widely used open source package for scientific computing in Python, allows for the ...

Severe Security Vulnerability in Bower’s Zip Archive Extraction

Earlier this month it was found that Bower, a popular web package manager, is vulnerable to archive extractions and currently, ...

Critical Arbitrary Code Execution Vulnerability Found in Kubernetes

On December 3rd 2018, a severe vulnerability was disclosed to the kubernetes community, which marks the first critical CVE found ...

A Post-Mortem of the Malicious event-stream backdoor

Last week the imaginable happened. A malicious package, flatmap-stream, was published to npm and was later added as a dependency ...

Malicious code found in npm package event-stream downloaded 8 million times in the past 2.5 months

A widely used npm package, event-stream, has been found to contain a malicious package named flatmap-stream. This was disclosed via ...

Public Disclosure of a Critical Arbitrary File Overwrite Vulnerability: Zip Slip

The Snyk Security team is today announcing the public disclosure of a critical arbitrary file overwrite vulnerability called Zip Slip. ...