Blog Archive

Buffer overflow in Chromium affecting multiple packages

23 novembre 2020

Regular Expression Denial of Service (REDoS) in UAParser.js

26 octobre 2020

SourMint malicious SDK research write up

16 octobre 2020

SourMint: iOS remote code execution, Android findings, and community response

15 octobre 2020

Arbitrary code execution in Grunt

21 septembre 2020

SourMint: Malicious code, ad fraud, and data leak in iOS

24 août 2020

SourMint malicious SDK research writeup

24 août 2020

Prototype pollution in express-fileupload

24 août 2020

Breaking out of message brokers

5 août 2020

Instant security information with the Snyk security badge

4 août 2020

Arbitrary File Write via Archive Extraction (Zip Slip) in go-rpmutils

20 juillet 2020

Demystifying HTTP request smuggling

30 juin 2020

Regular Expression Denial-of-Service in websocket-extensions

22 juin 2020

Discover package vulnerabilities with the Snyk integration for JSDelivr

8 juin 2020

Why do organizations trust Snyk to win the open source security battle?

27 mai 2020

Mitigating clickJacking — the DevSecOps way!

25 mai 2020

3 big Amazon S3 vulnerabilities you may be missing

21 mai 2020

Snyk vulnerability disclosure program: what’s going on behind the scenes?

14 avril 2020

Responsible disclosure: the impact of vulnerability disclosure on open source security

7 avril 2020

Vulnerable Gradle plugin-publish plugin reveals sensitive information

31 mars 2020

Exploring the minimist prototype pollution security vulnerability

26 mars 2020