Vulnerabilities > Snyk

DATE	CVE	VULNERABILITY TITLE	RISK
2024-10-23	CVE-2024-48963	OS Command Injection vulnerability in Snyk CLI The package Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted PHP project. network low complexity snyk CWE-78 critical	9.8
2024-10-23	CVE-2024-48964	Code Injection vulnerability in Snyk CLI The package Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted Gradle project. network low complexity snyk CWE-94	8.8
2023-04-20	CVE-2023-1767	Cross-site Scripting vulnerability in Snyk Advisor The Snyk Advisor website (https://snyk.io/advisor/) was vulnerable to a stored XSS prior to 28th March 2023. network low complexity snyk CWE-79	5.4
2023-02-28	CVE-2023-1065	Improper Authentication vulnerability in Snyk Kubernetes Monitor This vulnerability in the Snyk Kubernetes Monitor can result in irrelevant data being posted to a Snyk Organization, which could in turn obfuscate other, relevant, security issues. network low complexity snyk CWE-287	5.3
2022-11-30	CVE-2022-22984	OS Command Injection vulnerability in Snyk products The package snyk before 1.1064.0; the package snyk-mvn-plugin before 2.31.3; the package snyk-gradle-plugin before 3.24.5; the package @snyk/snyk-cocoapods-plugin before 2.5.3; the package snyk-sbt-plugin before 2.16.2; the package snyk-python-plugin before 1.24.2; the package snyk-docker-plugin before 5.6.5; the package @snyk/snyk-hex-plugin before 1.1.6 are vulnerable to Command Injection due to an incomplete fix for [CVE-2022-40764](https://security.snyk.io/vuln/SNYK-JS-SNYK-3037342). network low complexity snyk CWE-78	6.3
2022-11-30	CVE-2022-24441	OS Command Injection vulnerability in Snyk Security The package snyk before 1.1064.0 are vulnerable to Code Injection when analyzing a project. network low complexity snyk CWE-78	8.8
2022-10-03	CVE-2022-40764	OS Command Injection vulnerability in Snyk CLI and Golang CLI Snyk CLI before 1.996.0 allows arbitrary command execution, affecting Snyk IDE plugins and the snyk npm package. local low complexity snyk CWE-78	7.8
2019-08-05	CVE-2019-3800	Information Exposure vulnerability in multiple products CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. local low complexity pivotal anynines apigee appdynamics bluemedora contrastsecurity cyberark datadoghq datastax dynatrace forgerock google ibm microsoft newrelic pagerduty riverbed samba signalsciences snyk solace splunk sumologic synopsys tibco wavefront yugabyte CWE-200	2.1

Vulnerabilities > Snyk {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Snyk"}]}

Vulnerabilities > Snyk