Snyk Intel Vulnerability Database

Empowering agile development teams with trusted data and insights to rapidly secure open source code

Sign up for free
Snyk Intel Vulnerability Database is the most advanced and accurate open source vulnerability database in the industry. Continuously curated by an experienced Security Research Team, our Open Source Vulnerability Database maintains its high standards which enable your teams to be optimally efficient at containing open source security issues while maintaining their focus on development.

Comprehensive security coverage

Best Coverage

The Snyk Intel vulnerability database goes far beyond CVE vulnerabilities and other public databases, including many additional non-CVE vulnerabilities derived from numerous sources

More vulnerabilities covered than the next largest publicly available commercial vulnerability database
Know Sooner

Snyk exposes many vulnerabilities before they are added to public databases.

of the JavaScript vulnerabilities in NVD were added first to the Snyk open source vulnerability database
Detect Faster

Because Snyk exposes many vulnerabilities before other sources you can detect and correct issues faster.

faster identification of vulnerabilities in Snyk vulnerability database than the next largest commercial database

Vulnerability database methodologies

  • 01
    Enriched data from numerous vulnerability databases:

    such as CVE, NVD and more. Data derived from these resources is analyzed, tested and enriched, before being included in the database.

  • 02
    Dedicated proprietary research for new vulnerabilities:

    Snyk’s dedicated security team is focused on uncovering severe vulnerabilities in key components. A recent disclosure by our team is Zip-Slip, see more examples in the footnote below.

  • 03
    Threat Intelligence systems:

    Listen to chatter on security bulletins, Jira boards, Github commits etc.; to automatically identify vulnerabilities that have yet to be reported. Previously surfaced vulnerabilities from this source include Apache Airflow and Marked.

  • 04
    Community relationship:

    Snyk collaborates with the community and operates bug bounties for new disclosures. This activity results in hundreds of community disclosures, such as f2e-server.

  • 05
    Collaboration with academia:

    The team partners with PhD academia labs such as Berkeley, Virginia Tech and Waterloo, to exchange tools, methods and data. Findings are then exclusively disclosed by Snyk

Team of security experts

Snyk’s security database is managed by a team of experts, researchers and analysts ensuring the database maintains a high level of accuracy with a low false-positive rate. Snyk database authority was validated by the leading security institutes. Snyk was granted a CVE numbering authority, it is a member of the Node foundation security membership group and a contributor member of OWASP. The team is headed by Snyk’s co-founder, Danny Grander, a veteran security researcher. Previously, Danny built cyber solutions for government agencies, led vulnerabilities research and managed research and development teams. Danny is a competitor and frequent winner of CTF at DefCon, CCC CTF, Google CTF.

Curated, enriched and actionable content

Hand curated content and enriched metadata:
  • Vulnerability description: hand-curated content and summaries, including code snippets where applicable.
  • All items in the database are analyzed and tested for their accuracy (version ranges, vulnerable method, etc).
  • CVSS score and vector assigned to 100% of vulnerabilities.
Triage support:
  • Vulnerable functions called in runtime For issue prioritization, Snyk is able to alert when a vulnerable function is actually being called during the runtime of the application.
  • Exploitability Snyk indicates when a vulnerability has a published proof of concept of how it can be exploited Published exploit code serves as a good indicator of exploitability because it enables attackers to easily weaponize a vulnerability.

Powering security across the ecosystem

Powering Google Chrome

Powering vulnerability scanning in NodeSource N|Solid and Certified Modules

Security partner of Linux Foundation

Leif Dreizler Segment, Security Engineering

“Compared to other solutions we evaluated, Snyk had more comprehensive security coverage, better language support, and was easier to integrate with our development pipeline”

Try Snyk for free

Protected by Snyk