Snyk Security Labs Research

Featured
Open Source Security

Call for action: Exploring vulnerabilities in Github Actions

In this blog post, we will provide an overview of GitHub Actions, examine various vulnerable scenarios with real-world examples, offer clear guidance on securely using error-prone features, and introduce an open source tool designed to scan configuration files and flag potential issues.

Read now

Editor's Picks

Vulnerability Insights

Leaky Vessels: Docker and runc container breakout vulnerabilities (January 2024)

Application Security

Gitpod remote code execution 0-day vulnerability via WebSockets

Showing 1 - 12 of 20 posts

feature-snyk-platform-learn-getting-snyk-setup

Container Security

Abusing Ubuntu 24.04 features for root privilege escalation

September 9, 2024

feature-snyk-platform-learn-getting-snyk-setup

AI

Agent hijacking: The true impact of prompt injection attacks

August 28, 2024

feature-snyk-platform-learn-using-snyk-with-CI-CD

Security Labs

Vulnerabilities in NodeJS C/C++ add-on extensions

August 14, 2024

blog-feature-open-source-security

Code Security

Repo Jacking: The Great Source-code Swindle

July 25, 2024

wordpress-sync/blog-feature-toolkit

Application Security

Breaking caches and bypassing Istio RBAC with HTTP response header injection

June 20, 2024

feature-getting-snyk-setup

Open Source Security

Call for action: Exploring vulnerabilities in Github Actions

June 6, 2024

feature-leaky-vessels-deep-dive

Container Security

Leaky Vessels deep dive: Escaping from Docker one syscall at a time

February 6, 2024

feature-leaky-vessels-2024-21626

Container Security

Vulnerability: runc process.cwd and leaked fds container breakout (CVE-2024-21626)

January 31, 2024

feature-leaky-vessels-2024-23651

Container Security

Buildkit mount cache race: Build-time race condition container breakout (CVE-2024-23651)

January 31, 2024

feature-leaky-vessels-2024-23652

Container Security

Buildkit build-time container teardown arbitrary delete (CVE-2024-23652)

January 31, 2024

feature-leaky-vessels-2024-23653

Container Security

Buildkit GRPC SecurityMode privilege check: Build-time container breakout (CVE-2024-23653)

January 31, 2024

feature-insights-context

Application Security

SocketSleuth: Improving security testing for WebSocket applications

September 6, 2023

12

Found a vulnerability? We can help you report it.

Using our form, you can disclose vulnerabilities you’ve found or vulnerabilities that are missing from the Snyk Vulnerability Database. We’ll help you verify the vulnerability,  contact the maintainer, and assign a CVE for the issue.

Before submitting a report, please review our disclosure policy, which can be found here.

Report a new vuln

Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer’s toolkit.

Start freeBook a live demo

Product

What is Snyk?Snyk Code (SAST)Snyk Open Source (SCA)Snyk ContainerSnyk Infrastructure as CodeSnyk AppRisk (ASPM)Developer Security PlatformApplication securitySoftware supply chain securitySecure AI-generated code DeepCode AIPricingDeployment optionsIntegrationsIDE pluginsGit SecurityCI/CD pipelines securitySnyk CLISnyk LearnSnyk for JavaScript

Resources

DocumentationSnyk API DocsAPI statusDisclosed vulnerabilitiesSupport portal & FAQ’sBlogSecurity fundamentalsResources for security leadersResources for ethical hackersVulnerability DatabaseSnyk OSS AdvisorSnyk Top 10VideosCustomer resourcesSecurity LabsThe Secure Developer Podcast

Company

AboutCustomersCareersEventsSnyk for governmentSecurity & trustLegal termsPrivacyFor California residents: Do not sell my personal informationWebsite Terms of UseProcurement

Connect

Book a live demoContact usSupportReport a new vuln

Security

Application SecurityContainer SecuritySupply Chain SecurityJavaScript SecurityOpen Source SecurityAWS SecuritySecure SDLCSecurity postureSecure codingEthical HackingAI in cybersecurityCode CheckerPythonEnterprise CybersecurityJavaScriptSnyk With GitHubSnyk vs VeracodeSnyk vs CheckmarxSnyk vs Synopsys

© 2024 Snyk Limited
Registered in England and Wales

logo-devseccon