CVE Tools

snyk

Security ProductsGBcommercial

6

Cumulative CVEs

1

Monthly snapshots

#65

Peak rank

Top products

bodymen1 component-flatten1 dot-object1

Latest CVEs

The 15 most recently published vulnerabilities affecting snyk.

CVE-2025-6624Versions of the package snyk before 1.1297.3 are vulnerable to Insertion of Sensitive Information into Log File through local Snyk CLI debug logs. Container Registry credentials provided via enviro...7.2Jun 26, 2025
CVE-2024-21571Snyk has identified a remote code execution (RCE) vulnerability in all versions of Code Agent. The vulnerability enables an attacker to execute arbitrary code within the Code Agent container. Explo...8.1Dec 6, 2024
CVE-2024-48963The package Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted PHP project. The vulnerability can be triggered if Snyk test is run inside the untrusted project due ...7.5Oct 23, 2024
CVE-2024-48964The package Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted Gradle project. The vulnerability can be triggered if Snyk test is run inside the untrusted project d...7.5Oct 23, 2024
CVE-2023-1767The Snyk Advisor website (https://snyk.io/advisor/) was vulnerable to a stored XSS prior to 28th March 2023. A feature of Snyk Advisor is to display the contents of a scanned package's Readme on it...4.3Apr 20, 2023
CVE-2023-1065This vulnerability in the Snyk Kubernetes Monitor can result in irrelevant data being posted to a Snyk Organization, which could in turn obfuscate other, relevant, security issues. It does not expo...6.5Feb 28, 2023
CVE-2022-24441Code Injection5.8Nov 30, 2022
CVE-2022-22984Command Injection5.0Nov 30, 2022
CVE-2022-40764Snyk CLI before 1.996.0 allows arbitrary command execution, affecting Snyk IDE plugins and the snyk npm package. Exploitation could follow from the common practice of viewing untrusted files in the...7.8Oct 3, 2022
CVE-2020-7649Directory Traversal4.9Jul 25, 2022
CVE-2019-10797Netty in WSO2 transport-http before v6.3.1 is vulnerable to HTTP Response Splitting due to HTTP Header validation being disabled.6.5Feb 19, 2020
CVE-2019-10791promise-probe before 0.10.0 allows remote attackers to perform a command injection attack. The file, outputFile and options functions can be controlled by users without any sanitization.9.8Feb 18, 2020
CVE-2019-10793dot-object before 2.1.3 is vulnerable to Prototype Pollution. The set function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload.6.3Feb 18, 2020
CVE-2019-10792bodymen before 1.1.1 is vulnerable to Prototype Pollution. The handler function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload.6.3Feb 18, 2020
CVE-2019-10795undefsafe before 2.0.3 is vulnerable to Prototype Pollution. The 'a' function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload.6.3Feb 18, 2020