Vulnerabilities

Demystifying HTTP request smuggling

HTTP request smuggling is an interesting vulnerability type that has gained popularity over the last year. This vulnerability could allow ...

Regular Expression Denial-of-Service in websocket-extensions

Welcome to the newest Snyk blog series! In this monthly series, Snyk looks back on the vulnerabilities discovered by or ...

Why do organizations trust Snyk to win the open source security battle?

Defining and explaining the role of a proprietary security team dedicated to researching and analyzing vulnerabilities in open source ecosystems—in ...

Mitigating clickJacking—the DevSecOps way!

In the past few weeks, we got a few reports (through our bug bounty program) that some of our inner ...

Snyk vulnerability disclosure program: what’s going on behind the scenes?

At Snyk we firmly believe in keeping the open source community secure. This is why we launched our responsible vulnerability ...

Responsible disclosure: the impact of vulnerability disclosure on open source security

It’s a common mistake to think that once a vulnerability is found, the responsible thing would be to make it ...

Vulnerable Gradle plugin-publish plugin reveals sensitive information

Just a few days ago, on March 27, a security vulnerability was disclosed and published — CVE-2020-7599 — on Gradle’s ...

Exploring the minimist prototype pollution security vulnerability

On March 11th, 2020, Snyk published a medium severity prototype pollution security vulnerability (CVE-2020-7598) affecting the minimist npm package. This ...

Django security tips

Lucky you, you user of the web framework for perfectionists with deadlines (AKA Django). The Django team has put a ...