@snyk/snyk-cocoapods-plugin (=2.6.0), snyk-docker-plugin (>=8.0.0 <=8.4.0) potentially affected by CVE-2026-32094 via shescape (=2.1.0)

shescape NPM version =2.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on shescape and may be impacted: - @snyk/snyk-cocoapods-plugin =2.6.0 - snyk-docker-plugin =8.0.0, =8.4.0 Source cves: CVE-2026-32094 Source advisory: SNYK:JS-SHESCAPE-15467452...

Malicious code in cocoapods_fixbugs-plugin (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

@adobe/git-server (>=1.0.1 <=1.0.5), @adobe/helix-cli (>=5.7.7 <=6.1.0) +34 more potentially affected by CVE-2022-22984 via @snyk/snyk-cocoapods-plugin (>=1.0.2 <=2.5.2)

@snyk/snyk-cocoapods-plugin NPM version =1.0.2, =1.0.1, =5.7.7, =2.16.1, =0.0.4, =8.0.36, =5.0.22, =3.10.42, =0.5.8, =3.2.4, =0.0.2, =0.0.8, =0.2.0, =1.20.0-alpha.11736.3, =1.24.0-alpha.1 and more Source cves: CVE-2022-22984 Source advisory: OSV:GHSA-4X6G-3CMX-W76R...

GHSA-4X6G-3CMX-W76R Snyk plugins vulnerable to Command Injection

The package snyk before 1.1064.0; the package snyk-mvn-plugin before 2.31.3; the package snyk-gradle-plugin before 3.24.5; the package @snyk/snyk-cocoapods-plugin before 2.5.3; the package snyk-sbt-plugin before 2.16.2; the package snyk-python-plugin before 1.24.2; the package snyk-docker-plugin...

PT-2022-15754 · Snyk · Snyk-Python-Plugin +7

Name of the Vulnerable Software and Affected Versions: snyk versions prior to 1.1064.0 snyk-mvn-plugin versions prior to 2.31.3 snyk-gradle-plugin versions prior to 3.24.5 @snyk/snyk-cocoapods-plugin versions prior to 2.5.3 snyk-sbt-plugin versions prior to 2.16.2 snyk-python-plugin versions prio...

@adobe/git-server (>=1.0.3 <=1.0.5), @adobe/helix-cli (>=5.9.3 <=6.1.0) +30 more potentially affected by CVE-2022-22984 +1 more via @snyk/snyk-cocoapods-plugin (>=2.0.1 <=2.5.2)

@snyk/snyk-cocoapods-plugin NPM version =2.0.1, =1.0.3, =5.9.3, =2.17.2, =0.0.4, =8.0.36, =5.0.22, =3.10.42, =0.5.8, =3.2.4, =0.0.2, =0.0.8, =0.2.0, =1.20.0-alpha.11736.3, =1.24.0-alpha.1 and more Source cves: CVE-2022-22984, CVE-2022-40764 Source advisory: SNYK:JS-SNYKSNYKCOCOAPODSPLUGIN-3038625...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection due to an incomplete fix for CVE-2022-40764. A successful exploit allows attackers to run arbitrary commands on the host system where the Snyk CLI is installed by passing in crafted command line flags. In order to...