Security Research

About Snyk's in-house security team

Vulnerabilities found by Snyk's security team

The Security Team at Snyk performs its own research into vulnerabilities in open source modules. These vulnerabilities supplement our Vulnerability Database.

Zip Slip

  • H

Zip Slip is a widespread arbitrary file overwrite critical vulnerability, which typically results in remote command execution. It was discovered and responsibly disclosed by the Snyk Security team, and affects thousands of projects.

Published 5th June 2018. More details

Arbitrary File Write

  • M

Snyk identified and responsibly disclosed a directory traversal vulnerability found in FTP clients that connect to malicious servers.

Published 4th April 2018. More details

Insecure Credential Comparison

  • M

We found a medium severity vulnerability in safe-compare .

Published 17th April 2018. More details

Cross-site Scripting (XSS)

  • M

We found a medium severity vulnerability in erubis .

Published 22nd January 2018. More details

Regular Expression Denial of Service (ReDoS)

  • L

We found a low severity vulnerability in ms .

Published 15th May 2017. More details

Cross-site Scripting (XSS)

  • M

We found a medium severity vulnerability in haml .

Published 8th May 2017. More details

Prototype Override Protection Bypass

  • H

We found a high severity vulnerability in qs .

Published 1st March 2017. More details

Cross-site Scripting (XSS)

  • H

We found a high severity vulnerability in marked .

Published 30th January 2017. More details

XML External Entity (XXE) Injection

  • H

We found a high severity vulnerability in nokogiri .

Published 16th January 2017. More details

Arbitrary Code Execution

  • H

We found a high severity vulnerability in ejs .

Published 28th November 2016. More details

Cross-site Scripting (XSS)

  • M

We found a medium severity vulnerability in ejs .

Published 30th November 2016. More details

Denial of Service (DoS)

  • M

We found a medium severity vulnerability in ejs .

Published 30th November 2016. More details

Regular Expression Denial of Service (ReDoS)

  • M

We found a medium severity vulnerability in moment .

Published 24th October 2016. More details

Shell Command Injection

  • H

We found a high severity vulnerability in git-ls-remote .

Published 25th September 2016. More details

We follow a responsible disclosure process before publically listing vulnerabilities.

If you've found a new vulnerability, let us know and we'll work with you to add it to our vulnerability database.