CVE-2026-39827 vulnerabilities

Vulnerabilities for packages: pulumi, osv-scanner, cilium, cloud-provider-aws, telegraf, gitlab-runner, gh, external-secrets-operator, wolfictl, helm, pulumi-kubernetes-operator, scorecard, syft, terragrunt, guac, aactl, grype, gitea, cert-manager, wal-g, knative-serving, istio, docker-cli-buildx...

CVE-2026-46597 vulnerabilities

Vulnerabilities for packages: sealed-secrets, pulumi, cloudflared, crossplane-provider-aws-cloudformation, osv-scanner, cilium, cloud-provider-aws, buildah, telegraf, cluster-api-azure-controller, gitlab-runner, gh, crossplane-provider-aws-kinesis, external-secrets-operator,...

Snyk CLI 安全漏洞

Snyk CLI is a build-time tool from Snyk USA for finding and fixing known vulnerabilities in projects. A security vulnerability exists in Snyk CLI versions prior to 1.1294.0 that stems from vulnerability to code injection attacks when scanning for untrusted Gradle projects...

@candrewsintegralblue/snyk (=0.0.4), @commerce-apps/raml-toolkit (>=0.5.8 <=0.5.10) +2 more potentially affected by CVE-2022-22984 via @snyk/snyk-hex-plugin (>=1.0.0 <=1.1.4)

@snyk/snyk-hex-plugin NPM version =1.0.0, =0.5.8, =3.0.3-beta.1, =1.520.0, =1.684.0 Source cves: CVE-2022-22984 Source advisory: OSV:GHSA-4X6G-3CMX-W76R...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection due to an incomplete fix for CVE-2022-40764. A successful exploit allows attackers to run arbitrary commands on the host system where the Snyk CLI is installed by passing in crafted command line flags. In order to...

Snyk wc-cmd Command Injection Vulnerability

Snyk wc-cmd is an application from Snyk Corporation that provides statistics on the number of bytes, words, and lines in a given file, and displays the results as output. A command injection vulnerability exists in wc-cmd, which originates from a command injection attack on the index.js file...