Vulnerabilities > Snyk
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-10-23 | CVE-2024-48963 | OS Command Injection vulnerability in Snyk CLI The package Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted PHP project. | 9.8 |
2024-10-23 | CVE-2024-48964 | Code Injection vulnerability in Snyk CLI The package Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted Gradle project. | 8.8 |
2023-04-20 | CVE-2023-1767 | Cross-site Scripting vulnerability in Snyk Advisor The Snyk Advisor website (https://snyk.io/advisor/) was vulnerable to a stored XSS prior to 28th March 2023. | 5.4 |
2023-02-28 | CVE-2023-1065 | Improper Authentication vulnerability in Snyk Kubernetes Monitor This vulnerability in the Snyk Kubernetes Monitor can result in irrelevant data being posted to a Snyk Organization, which could in turn obfuscate other, relevant, security issues. | 5.3 |
2022-11-30 | CVE-2022-22984 | OS Command Injection vulnerability in Snyk products The package snyk before 1.1064.0; the package snyk-mvn-plugin before 2.31.3; the package snyk-gradle-plugin before 3.24.5; the package @snyk/snyk-cocoapods-plugin before 2.5.3; the package snyk-sbt-plugin before 2.16.2; the package snyk-python-plugin before 1.24.2; the package snyk-docker-plugin before 5.6.5; the package @snyk/snyk-hex-plugin before 1.1.6 are vulnerable to Command Injection due to an incomplete fix for [CVE-2022-40764](https://security.snyk.io/vuln/SNYK-JS-SNYK-3037342). | 6.3 |
2022-11-30 | CVE-2022-24441 | OS Command Injection vulnerability in Snyk Security The package snyk before 1.1064.0 are vulnerable to Code Injection when analyzing a project. | 8.8 |
2022-10-03 | CVE-2022-40764 | OS Command Injection vulnerability in Snyk CLI and Golang CLI Snyk CLI before 1.996.0 allows arbitrary command execution, affecting Snyk IDE plugins and the snyk npm package. | 7.8 |
2022-07-25 | CVE-2020-7649 | Path Traversal vulnerability in Snyk Broker This affects the package snyk-broker before 4.73.0. | 4.9 |
2019-08-05 | CVE-2019-3800 | Information Exposure vulnerability in multiple products CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. | 7.8 |