| 562 |
The most popular docker images each contain at least 30 vulnerabilities |
2019-02-26 |
| 312 |
NPM package compromised by author: erases files on RU / BY computers on install |
2022-03-16 |
| 282 |
The MongoDB hack and the importance of secure defaults |
2017-01-11 |
| 259 |
NPM lockfiles can be a security blindspot for injecting malicious modules in PRs |
2019-12-26 |
| 215 |
Open source maintainer pulls the plug on NPM packages colors and faker |
2022-01-09 |
| 192 |
Kotlin becomes second most popular language on the JVM |
2020-02-06 |
| 189 |
Abusing Ubuntu 24.04 features for root privilege escalation |
2024-11-13 |
| 170 |
The Frequency of Known Vulnerabilities in JavaScript |
2017-03-09 |
| 147 |
Malicious remote code execution backdoor discovered bootstrap-sass Ruby gem |
2019-04-04 |
| 139 |
HTTPS Adoption doubled this year |
2016-07-22 |
| 114 |
Serverless security implications from infra to OWASP |
2017-04-19 |
| 108 |
Looking at how many sites use vulnerable JavaScript libraries |
2017-11-22 |
| 103 |
Building a backdoor with Node.js |
2020-03-19 |
| 102 |
SourMint Malicious SDK |
2020-08-25 |
| 98 |
How to crash an email server with a single email (2018) |
2020-05-07 |
| 94 |
Zip Slip Vulnerability |
2018-06-05 |
| 88 |
XSS Attacks: The Next Wave |
2017-06-08 |
| 86 |
Show HN: Vuln Cost – immersive VS Code extension to surface vulnerabilities |
2020-04-05 |
| 53 |
Snyk introduces security monitoring for serverless applications |
2017-04-26 |
| 41 |
"Leaky Vessels" Docker Container Breakout Vulnerability |
2024-01-31 |
| 38 |
Snyk.io – Find and fix known vulnerabilities in Node.js dependencies |
2015-12-27 |
| 34 |
Understand filesystem takeover vulnerabilities in NPM JavaScript package manager |
2020-01-07 |
| 20 |
The 2017 State of Open Source Security from Snyk |
2017-11-16 |
| 19 |
Log4Shell Remediation Cheat Sheet |
2021-12-16 |
| 18 |
Snyk lays off 30 people |
2022-07-04 |
| 17 |
Two most popular Docker base images each have over 500 vulnerabilities |
2019-04-18 |
| 17 |
Top 50 breaches data challenges the OWASP Top 10 |
2017-05-10 |
| 17 |
Yarn is Micro Secure |
2016-10-25 |
| 13 |
77% of sites use at least one vulnerable JavaScript library |
2017-03-29 |
| 12 |
Equifax compromised via OSS library – who owns this, and how to defend yourself |
2017-09-11 |
| 11 |
88% increase in application library vulnerabilities over two years |
2019-02-26 |
| 11 |
Top ten Docker images contain over 8000 vulnerable paths |
2019-03-11 |
| 11 |
HTTPS Adoption has *more than doubled* this year |
2016-07-20 |
| 10 |
SourMint: Malicious code, ad fraud, and data leak in iOS |
2020-08-24 |
| 10 |
Snyk discovers prototype pollution security vulnerabilities affecting lodash |
2019-07-04 |
| 9 |
JavaScript type confusion: Bypassed input validation |
2021-11-03 |
| 8 |
Regular Expression Denial of Service and Catastrophic Backtracking |
2017-01-18 |
| 8 |
Type Manipulation: Escaping Template Sandboxes |
2017-03-21 |
| 8 |
The 5 dimensions of an npm dependency |
2016-06-16 |
| 7 |
Snyk Closes $150M to Accelerate Developer-First Security |
2020-01-21 |
| 7 |
State of Open Source Security Survey – Need Your Input |
2017-09-24 |
| 7 |
Mitigating ImageMagick vulnerabilities in Node.js |
2016-05-06 |
| 6 |
Secure JavaScript URL Validation |
2022-10-22 |
| 6 |
77% of Sites Use at Least One Vulnerable JavaScript Library |
2017-03-30 |
| 6 |
How not to publish malicious npm packages |
2016-03-29 |
| 5 |
Node.js release fixes a critical HTTP security vulnerability |
2020-02-06 |
| 5 |
JVM Ecosystem Report 2018 – biggest ever JVM survey |
2018-10-17 |
| 5 |
Best practices for managing Java dependencies |
2022-08-30 |
| 5 |
npm passes the 1 Millionth package milestone! |
2019-06-04 |
| 5 |
Bitbucket Security Best Practices |
2019-04-12 |
| 5 |
Python Security Best Practices Cheat Sheet |
2019-03-02 |
| 5 |
Snyk's Style Guide: How we built it, and how we use it every day |
2016-07-13 |
| 4 |
Cheatsheet: Top Application Security Acronyms |
2020-12-01 |
| 4 |
Escaping from Docker one syscall at a time |
2024-02-08 |
| 4 |
Containerizing .NET Apps? |
2022-10-03 |
| 4 |
Kubernetes container isolation impacts privilege escalation attacks |
2020-12-03 |
| 4 |
Using Node.js Event Loop for Timing Attacks (2016) |
2020-01-14 |
| 4 |
2019 side-by-side comparison of Angular and React security vulnerabilities |
2019-10-30 |
| 4 |
Code execution back door found in Ruby’s rest-client library |
2019-08-21 |
| 4 |
75% of the top twenty known .NET vulnerabilities have a high severity rating |
2019-07-25 |
| 4 |
Ruby gem strong_password found to contain remote code execution code |
2019-07-07 |
| 4 |
Malicious code found in NPM event-stream downloaded 8M times in 2 months |
2018-11-26 |
| 4 |
Differences in version handling between RubyGems and npm |
2016-12-15 |
| 4 |
Exploiting buffer |
2016-04-06 |
| 4 |
Using Node.js Event Loop for Timing Attacks |
2016-02-22 |
| 3 |
NPM Security Best Practices |
2019-03-14 |
| 3 |
Snyk Open Source Advisor – Snyk |
2021-08-01 |
| 3 |
Runc process.cwd and leaked fds container breakout (CVE-2024-21626) |
2024-02-01 |
| 3 |
How to Keep HTTP Connections Alive for 9 Hours |
2023-10-24 |
| 3 |
Using Kubernetes Config Maps |
2022-10-03 |
| 3 |
Argument Injection in Git and Mercurial |
2022-09-30 |
| 3 |
Snyk finds 200 malicious packages and Cobalt Strike dependency confusion trojan |
2022-05-25 |
| 3 |
Node.js Event-Loop: How even quick Node.js async functions can block Event-Loop |
2021-11-30 |
| 3 |
Java logging: what should you log and what not? |
2020-11-17 |
| 3 |
Demystifying HTTP Request Smuggling |
2020-07-29 |
| 3 |
Yarn 2 – the future of package managers for JavaScript? |
2020-04-06 |
| 3 |
Using UBI images to minimize container vulnerabilities |
2020-04-03 |
| 3 |
Cloud transforms IT security into AppSec |
2020-03-15 |
| 3 |
Apache License 2.0, MIT or BSD – License Comparison – Snyk |
2020-03-09 |
| 3 |
Security breach leaks the personal data of all 6.5M Israeli voters |
2020-02-12 |
| 3 |
36% of developers switched from Oracle JDK to an alternate OpenJDK distribution |
2020-02-07 |
| 3 |
Malicious packages found to be typo-squatting in Python Package Index |
2019-12-05 |
| 3 |
Angular vs. React: the security risk of indirect dependencies |
2019-11-11 |
| 3 |
A year-old malicious remote code execution vulnerability discovered in Webmin |
2019-08-20 |
| 3 |
10 Eclipse plugins you shouldn’t code without |
2019-08-20 |
| 3 |
After 3 years of silence, a new jQuery prototype pollution vulnerability emerges |
2019-04-17 |
| 3 |
250k new modules on NPM in 2018, growing 37% and 317B downloads a year |
2019-03-04 |
| 3 |
GitHub Security Cheatsheet |
2018-05-31 |
| 3 |
Local Type Inference Cheat Sheet for Java 10 and Beyond |
2018-04-28 |
| 2 |
Lottie Player NPM package compromised |
2024-10-31 |
| 2 |
Modern Node.js Runtime Features |
2024-06-30 |
| 2 |
.NET developers alert: Moq NuGET package exfiltrates user emails from Git |
2023-08-13 |
| 2 |
How secure is WebAssembly? 5 security concerns unique to WebAssembly |
2023-08-09 |
| 2 |
Data Loss Prevention for Developers |
2023-05-25 |
| 2 |
Security implications of HTTP response headers |
2023-05-18 |
| 2 |
Comparing Node.js web frameworks: Which is most secure? |
2023-03-21 |
| 2 |
Mitigating path traversal vulns in Java with Snyk Code |
2023-03-15 |
| 2 |
Node.js multithreading with worker threads: pros and cons |
2023-03-09 |
| 2 |
How to write your first unit test in JavaScript |
2022-11-01 |
| 2 |
New OpenSSL 3 critical vulnerability |
2022-11-01 |
| 2 |
Quick Linting Checks in Python |
2022-10-18 |
| 2 |
Choosing the best Node.js Docker image |
2022-10-10 |
| 2 |
Phony PyPI package imitates known developer |
2022-10-05 |
| 2 |
Testing Effectively in Terraform |
2022-09-29 |
| 2 |
Best practices for creating a modern NPM package |
2022-09-13 |
| 2 |
Continuous dependency updates: Improving processes by front-loading pain (2021) |
2022-08-01 |
| 2 |
State of Open Source Security 2022 |
2022-06-22 |
| 2 |
Celebrating open source innovation from Ukraine |
2022-03-23 |
| 2 |
Security in context: When is a CVE not a CVE? |
2021-12-17 |
| 2 |
Detect and prevent dependency confusion attacks on NPM |
2021-09-29 |
| 2 |
JVM Ecosystem Report 2021 |
2021-06-24 |
| 2 |
VSCode Extensions Vulnerabilities |
2021-06-07 |
| 2 |
Snyk takes on responsibility for Node.js vulnerability disclosure program |
2021-05-27 |
| 2 |
Kubernetes Security Context settings you should understand |
2021-03-29 |
| 2 |
Command injection: how it works, what are the risks, and how to prevent it |
2020-12-15 |
| 2 |
React Security Best Practices |
2020-11-16 |
| 2 |
Privileged Docker containers–do you need them? |
2020-11-05 |
| 2 |
Angular Security Best Practices |
2020-08-21 |
| 2 |
Test website security with Snyk’s newest WebPageTest integration |
2020-05-14 |
| 2 |
Why did is-promise happen and what can we learn from it |
2020-04-28 |
| 2 |
AngularJS Security Fundamentals |
2020-03-19 |
| 2 |
Comparing React and Angular secure coding practices 2019 |
2019-11-13 |
| 2 |
Snyk Container: find and fix vulnerabilities in containers and k8s applications |
2019-11-13 |
| 2 |
JavaScript frameworks security report 2019 |
2019-11-12 |
| 2 |
10 Java Security Best Practices |
2019-09-17 |
| 2 |
Kubernetes open sourced their security audit. What can we learn? |
2019-08-08 |
| 2 |
Kuberentes open sourced their security audit. What can we learn? |
2019-08-08 |
| 2 |
CRLF injection found in popular Python dependency |
2019-05-15 |
| 2 |
A Denial of Service Vulnerability in Axios JavaScript HTTP Client |
2019-05-07 |
| 2 |
80% of developers are not addressing Docker security |
2019-04-29 |
| 2 |
So, you think your CI/CD environment is secure? |
2019-02-25 |
| 2 |
NPM Security Best Practices |
2019-02-19 |
| 2 |
Severe Security Vulnerability in Bower’s Zip Archive Extraction |
2019-01-31 |
| 2 |
Another popular NPM library is identified using malicious package |
2018-11-27 |
| 2 |
Snyk Launches Support for Gradle, Scala and Python |
2017-08-03 |
| 2 |
Fix and prevent known vulnerabilities in Node.js and Ruby apps |
2017-03-30 |
| 2 |
Using ES2015 Proxy for fun and profit |
2016-08-25 |
| 2 |
Socket.io client disables the core SSL/TLS verification checks by default |
2016-06-02 |
| 2 |
Fixing the XSS vulnerability in the marked Markdown parser |
2016-05-20 |
| 1 |
Snyk Acquires Developer-First DAST Provider Probely |
2024-11-13 |
| 1 |
How to make a mock API server in JavaScript |
2022-10-20 |
| 1 |
Cache poisoning in popular open source packages CVE-2021-23336 |
2021-02-16 |
| 1 |
Sequelize ORM NPM library found vulnerable to SQL Injection attacks |
2019-09-11 |
| 1 |
Understanding command injection vulnerabilities in Go |
2024-11-15 |
| 1 |
Can machines dream of secure code? From AI hallucinations to vulnerabilities |
2023-08-20 |
| 1 |
Cross-site leaks (XS leaks): What they are and how to avoid them |
2023-08-16 |
| 1 |
Session management security: Best practices for protecting user sessions |
2023-08-14 |
| 1 |
How to Dockerize a PHP application securely |
2023-08-09 |
| 1 |
Sandbox Bypass Affecting org.thymeleaf:thymeleaf |
2023-08-03 |
| 1 |
Snyk top code vulnerabilities report |
2023-05-19 |
| 1 |
Gitpod remote code execution 0-day vulnerability via WebSockets |
2023-03-02 |
| 1 |
The Big Fix: 2023 (Secure All Software) |
2023-02-14 |
| 1 |
NPM security: preventing supply chain attacks |
2022-11-24 |
| 1 |
Container Images Simplified with Ko |
2022-10-18 |
| 1 |
SMTP Injection |
2022-10-11 |
| 1 |
Supply chains security as per Executive Order M-21-30 |
2022-10-10 |
| 1 |
Breaking Down Security Roles |
2022-10-10 |
| 1 |
CSRF vulnerability in NPM package csurf |
2022-09-21 |
| 1 |
Building a Secure Node.js API with gRPC |
2022-08-31 |
| 1 |
A definitive guide to Ruby gems dependency management |
2022-08-09 |
| 1 |
Tips for C++ Security |
2022-08-01 |
| 1 |
Snyk Lauches the Big Fix: Fix Vulnerabilities, Get a Shirt |
2022-01-25 |
| 1 |
Maintainer pulls the plug on NPM packages colors and faker, now what? |
2022-01-14 |
| 1 |
URL confusion vulnerabilities in the wild: Exploring parser inconsistencies |
2022-01-11 |
| 1 |
VS Code Extension Vulnerabilities |
2021-05-27 |
| 1 |
Snyk Code is now available for free |
2021-05-20 |
| 1 |
How to prevent code injection in JavaScript and Node.js |
2021-04-07 |
| 1 |
Typosquatting attacks are responsible for malicious modules in NPM |
2021-01-12 |
| 1 |
Helping Python developers shift security left with a new PyCharm plugin |
2020-09-12 |
| 1 |
Reachable vulnerabilities: how to effectively prioritize open source security |
2020-08-19 |
| 1 |
The State of Open Source Security 2020 |
2020-06-25 |
| 1 |
Checking Helm Charts for security misconfigurations |
2020-06-14 |
| 1 |
Vulnerability DB: Information and remediation for known vulnerabilities |
2020-05-25 |
| 1 |
Java turns 25–aging like fine wine or more like milk? |
2020-05-22 |
| 1 |
Snyk’s developer-first license compliance management |
2020-04-26 |
| 1 |
Prototype pollution vulnerability in minimist NPM package |
2020-03-26 |
| 1 |
Fastify Node.js framework improves JSON security thanks to security report |
2020-03-16 |
| 1 |
Ghostcat breach affects all Tomcat versions |
2020-02-26 |
| 1 |
A Snyk peek into Node.js and NPM’s state of open source security report 2019 |
2019-10-09 |
| 1 |
Everything you wanted to know about security vulnerabilities in Linux-based |
2019-09-18 |
| 1 |
Jackson Deserialization Vulnerability |
2019-08-26 |
| 1 |
What about the security of my AWS Lambda functions and their dependencies |
2019-07-10 |
| 1 |
Scoring Security Vulnerabilities 101: Introducing CVSS for CVEs |
2019-05-16 |
| 1 |
190k users affected by Docker Hub's security breach. Now what? |
2019-04-30 |
| 1 |
How much do we know about how packages behave on the NPM registry? |
2019-04-23 |
| 1 |
Take actions to improve security in your Docker images |
2019-04-19 |
| 1 |
Docker Image Security Best Practices |
2019-04-08 |
| 1 |
Malicious remote code execution backdoor discovered in bootstrap-sass Ruby gem |
2019-04-04 |
| 1 |
Experimental Integrity Policies to Node.js |
2019-04-01 |
| 1 |
ReDoS vulnerabilities in NPM spikes by 143% and XSS continues to grow |
2019-02-27 |
| 1 |
Directory Traversal Affecting org.apache.tomcat:tomcat-catalina |
2018-06-23 |
| 1 |
Deserialization of Untrusted Data Affecting Com.Google.guava:guava, [,24.1.1) |
2018-06-23 |
| 1 |
Arbitrary Code Execution Affecting com.h2database:h2, versions [,1.4.197) |
2018-06-23 |
| 1 |
Attacking an FTP Client: MGETting more than you bargained for |
2018-04-04 |
| 1 |
We'll know DevSecOps has won once it's dead |
2018-01-31 |
| 1 |
Npm deprecated all malicious typosquatting libraries from this list |
2017-08-02 |
| 1 |
Understanding Responsible Disclosures |
2017-01-31 |
| 1 |
Fixing Serverless Security Vulnerabilities |
2016-10-24 |
| 1 |
The security concerns of a JavaScript sandbox with the Node.js VM module |
2024-12-22 |
| 3 |
Snyk Security Labs Testing Update: Cursor.com AI Code Editor |
2025-01-14 |