Vulnerabilities > Snyk
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-20 | CVE-2023-1767 | Cross-site Scripting vulnerability in Snyk Advisor The Snyk Advisor website (https://snyk.io/advisor/) was vulnerable to a stored XSS prior to 28th March 2023. | 5.4 |
| 2023-02-28 | CVE-2023-1065 | Improper Authentication vulnerability in Snyk Kubernetes Monitor This vulnerability in the Snyk Kubernetes Monitor can result in irrelevant data being posted to a Snyk Organization, which could in turn obfuscate other, relevant, security issues. | 5.3 |
| 2022-11-30 | CVE-2022-22984 | OS Command Injection vulnerability in Snyk products The package snyk before 1.1064.0; the package snyk-mvn-plugin before 2.31.3; the package snyk-gradle-plugin before 3.24.5; the package @snyk/snyk-cocoapods-plugin before 2.5.3; the package snyk-sbt-plugin before 2.16.2; the package snyk-python-plugin before 1.24.2; the package snyk-docker-plugin before 5.6.5; the package @snyk/snyk-hex-plugin before 1.1.6 are vulnerable to Command Injection due to an incomplete fix for [CVE-2022-40764](https://security.snyk.io/vuln/SNYK-JS-SNYK-3037342). | 6.3 |
| 2022-11-30 | CVE-2022-24441 | OS Command Injection vulnerability in Snyk Security The package snyk before 1.1064.0 are vulnerable to Code Injection when analyzing a project. | 8.8 |
| 2022-10-03 | CVE-2022-40764 | OS Command Injection vulnerability in Snyk CLI and Golang CLI Snyk CLI before 1.996.0 allows arbitrary command execution, affecting Snyk IDE plugins and the snyk npm package. | 7.8 |
| 2019-08-05 | CVE-2019-3800 | Information Exposure vulnerability in multiple products CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. | 2.1 |