Vulnerabilities > Snyk

DATE CVE VULNERABILITY TITLE RISK
2024-10-23 CVE-2024-48963 OS Command Injection vulnerability in Snyk CLI
The package Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted PHP project.
network
low complexity
snyk CWE-78
critical
9.8
2024-10-23 CVE-2024-48964 Code Injection vulnerability in Snyk CLI
The package Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted Gradle project.
network
low complexity
snyk CWE-94
8.8
2023-04-20 CVE-2023-1767 Cross-site Scripting vulnerability in Snyk Advisor
The Snyk Advisor website (https://snyk.io/advisor/) was vulnerable to a stored XSS prior to 28th March 2023.
network
low complexity
snyk CWE-79
5.4
2023-02-28 CVE-2023-1065 Improper Authentication vulnerability in Snyk Kubernetes Monitor
This vulnerability in the Snyk Kubernetes Monitor can result in irrelevant data being posted to a Snyk Organization, which could in turn obfuscate other, relevant, security issues.
network
low complexity
snyk CWE-287
5.3
2022-11-30 CVE-2022-22984 OS Command Injection vulnerability in Snyk products
The package snyk before 1.1064.0; the package snyk-mvn-plugin before 2.31.3; the package snyk-gradle-plugin before 3.24.5; the package @snyk/snyk-cocoapods-plugin before 2.5.3; the package snyk-sbt-plugin before 2.16.2; the package snyk-python-plugin before 1.24.2; the package snyk-docker-plugin before 5.6.5; the package @snyk/snyk-hex-plugin before 1.1.6 are vulnerable to Command Injection due to an incomplete fix for [CVE-2022-40764](https://security.snyk.io/vuln/SNYK-JS-SNYK-3037342).
network
low complexity
snyk CWE-78
6.3
2022-11-30 CVE-2022-24441 OS Command Injection vulnerability in Snyk Security
The package snyk before 1.1064.0 are vulnerable to Code Injection when analyzing a project.
network
low complexity
snyk CWE-78
8.8
2022-10-03 CVE-2022-40764 OS Command Injection vulnerability in Snyk CLI and Golang CLI
Snyk CLI before 1.996.0 allows arbitrary command execution, affecting Snyk IDE plugins and the snyk npm package.
local
low complexity
snyk CWE-78
7.8
2022-07-25 CVE-2020-7649 Path Traversal vulnerability in Snyk Broker
This affects the package snyk-broker before 4.73.0.
network
low complexity
snyk CWE-22
4.9
2019-08-05 CVE-2019-3800 Information Exposure vulnerability in multiple products
CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag.
7.8