Vulnerabilities

Prototype pollution in express-fileupload

Welcome to the Snyk Monthly Vulnerability Profile. In this series, Snyk looks back on the vulnerabilities discovered by or reported ...

Prioritizing vulnerabilities in Kubernetes deployments

Snyk has recently introduced a Priority Score to help prioritize vulnerabilities we detect, helping you identify the most important issues ...

Breaking out of message brokers

I recently reported two vulnerabilities in Apache Airflow—an open-source library that allows developers to programmatically author, schedule, and monitor workflows. ...

Prioritization on steroids with Snyk's new Priority Score

Snyk’s new Priority Score helps to drastically simplify one of the biggest challenges in using open source securely—working out which ...

Optimizing prioritization with deep application-level context

Prioritizing vulnerability fixes is becoming increasingly difficult due to both the constant rise in the number of vulnerabilities and the ...

Announcing Snyk’s developer-first prioritization capabilities

We’re excited to unveil Snyk’s developer-first prioritization capabilities, helping development and security teams prioritize fixes for security vulnerabilities in their ...

Helping developers prioritize the security backlog

Today, developers are increasingly stepping up to fix the vulnerabilities in their apps, which is amazing. However, when they do ...

Arbitrary File Write via Archive Extraction (Zip Slip) in go-rpmutils

Welcome to the Snyk Monthly Vulnerability Profile. In this series, Snyk looks back on the vulnerabilities discovered by or reported ...

Demystifying HTTP request smuggling

HTTP request smuggling is an interesting vulnerability type that has gained popularity over the last year. This vulnerability could allow ...