Vulnerabilities > Snyk > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-20 | CVE-2023-1767 | Cross-site Scripting vulnerability in Snyk Advisor The Snyk Advisor website (https://snyk.io/advisor/) was vulnerable to a stored XSS prior to 28th March 2023. | 5.4 |
| 2023-02-28 | CVE-2023-1065 | Improper Authentication vulnerability in Snyk Kubernetes Monitor This vulnerability in the Snyk Kubernetes Monitor can result in irrelevant data being posted to a Snyk Organization, which could in turn obfuscate other, relevant, security issues. | 5.3 |
| 2022-11-30 | CVE-2022-22984 | OS Command Injection vulnerability in Snyk products The package snyk before 1.1064.0; the package snyk-mvn-plugin before 2.31.3; the package snyk-gradle-plugin before 3.24.5; the package @snyk/snyk-cocoapods-plugin before 2.5.3; the package snyk-sbt-plugin before 2.16.2; the package snyk-python-plugin before 1.24.2; the package snyk-docker-plugin before 5.6.5; the package @snyk/snyk-hex-plugin before 1.1.6 are vulnerable to Command Injection due to an incomplete fix for [CVE-2022-40764](https://security.snyk.io/vuln/SNYK-JS-SNYK-3037342). | 6.3 |
| 2022-07-25 | CVE-2020-7649 | Path Traversal vulnerability in Snyk Broker This affects the package snyk-broker before 4.73.0. | 4.9 |