Explore how XSS vulnerabilities arise across Markdown and math renderers. Learn how URL parsing inconsistencies in Goldmark, KaTeX, and MathJax can bypass validation and introduce security risks. 

Same href, different syntax: XSS across content parsers

1 Click, Zero Permission: How a Small OAuth Mistake Leads to Total Account Takeover part 2

1 Click, Zero Permission: How a Small OAuth Mistake Leads to Total Account Takeover part 1

More than flowcharts: exploiting diagram renderers

Escaping the Agent: On Ways to Bypass OpenClaw’s Security Sandbox

Introducing Agent Scan - Skill Inspector: Detect Malicious Skills Instantly

MAESTRO: Layered Threat Modeling for Agentic AI Ecosystems

Why Threat Modeling is the Best Defense for AI Agents

Step into the Lab

Unmasking the Toxic Flow Analysis: A Principled Approach to Hardening AI Agent Security

Vibe Coding with Claude Agentic AI Tool

Multi-Agentic System Threat Modelling Guide

AWS Whitepaper: Navigating the Security Landscape of Generative AI

Announcing the CoSAI Principles for Secure-by-Design Agentic Systems

Partner Research

Where security meets curiosity

Explore Snyk Labs for cutting-edge AI security research, LLM insights, and innovative AI in security experiments to secure your AI-native applications. 

AI Security Research & Experiments for AI-Native Apps | Snyk Labs

A Vulnerable Agent Application - SmartPal

Bear is a tool that generates a compilation database for clang tooling.

This repo is to demonstrate the file traversal hack which uses a vulnerability in the Instant Markdown VSCode extension 

A set of custom GitHub actions providing additional functionality when integrating Snyk into your Actions CI/CD pipeline.

An AI-BOM goof project for Snyk AI-BOM cli

A tool to scan Snyk AI-BOMs for specific components in Snyk organizations

Open source chat kit engineered for seamless interaction with AI models.

A simple web application that makes it easy for employees at your company to see and promote content you're creating! 

Open proposal of Application Security "Rules" for AI Coding Agents

Sample AI generated app for Snyk demonstration purposes.

Apply Custom Role to a list of users in each Org of a Group

An Awesome List of Log4Shell resources to help you stay informed and secure! 🔒

Count the number of contributing developers to an Azure Repos organization in the last 90 days

test and monitor bazel targets for vulnerabilities in external open source dependencies, uses bazel query output

Migrate Snyk v1 Code Ignores to Snyk Code Consistent Ignores

npx command for updating users Snyk CLI for @snyk/protect

Docker goof version of breaking into a container

This project aims to aggregate information about various events happening in the tech space by pulling down relevant information from a variety of external sources.

A demo repo showcasing Snyk's Docker offering

A ESLint configuration package for React developers who want to avoid security mistakes.

ESLint plugin with rules for finding security issues in React projects.

A step by step workshop to exploit various vulnerabilities in Node.js and Java applications

This is a demo of how to get started with Snyk's Snowflake integration. More info on this integration can be found in Snyk docs.

Scans your Github Actions for security issues

Check images in your charts for vulnerabilities

Some basic Infrastructure-as-Code examples to accompany blogs

Snyk IaC to Cloud Custom Rules is in beta. This repository contains example custom rules to help you get started.

This repository goes with the Snyk Blog post on Writing Unit Tests in Java

Approximate call graph builder for JavaScript

An experimental tool for working with Snyk and Kubernetes

Lint an npm or yarn lockfile to analyze and detect security issues

A modern JavaScript utility library delivering modularity, performance, & extras.

MCP Server for the Node.js API documentation

An MCP server for NPM JavaScript Package Management tools

A Node.js tracing and instrumentation utility

Best practices to containerize Node.js web applications with Docker

Tiny helper to protect against Prototype Pollution vulnerabilities in your application regardless if they introduced in your own code or in 3rd-party code

repository of images that define OSS project type and support level to be included in the README of Snyk open source projects

This project is intended to serve as a proof of concept to demonstrate exploiting the vulnerability in the PDF.js (pdfjs-dist) library reported in CVE-2024-4367

Snyk PHP Goof - A vulnerable PHP demo application

Python script to query SBOM Test API and keep track of changes in vulnerabilities

bazel (starlark) rules to test and monitor targets for vulnerabilities in external open source dependencies

convert cyclone dx sbom to snyk depgraph and test or monitor it for open source issues

Snyk CLI extension for example List Projects command

A vulnerable Serverless application deployed on GCF

Welcome to the Secure AI Development Advanced workshop! In this hands-on session, you'll learn advanced techniques for building applications with AI coding assistants while maintaining security best practices.

Demonstrates and visualizes adversarial attacks against image classification models. The project implements several popular attack methods and provides detailed visualizations of the perturbations and their effects.

Snyk API Typescript client generated from API Blueprints

Collection of docker entrypoints that facilitate snyk '--all-projects'-style bulk scanning

Python scripts for bulk modification of Organization settings

Examples of integrating the Snyk CLI into a CI/CD system

A wrapper for Snyk CLI that transforms security scan results into grumpy, sarcastic commentary from an experienced security "greybeard" using OpenAI.

Tool to automate the importing of an AWS Organization in to Snyk Cloud

monitor your on-premise Artifactory container images for vulnerabilities in Snyk

Inputs a Snyk Report style CSV and ignores everything

retrieve all dependencies for all orgs in a group

A POC showing how to use Snyk IaC product in PR checks

Project to provide a high level summary of projects in an organization in a single CSV

Simple tool to generate a list of repositories that aren't in Snyk

Queue based request manager to throttle and retry interaction with Snyk API endpoints

A way to ensure your GitHub Repos are monitored by Snyk

Keeps Snyk projects in sync with their associated Github repos

A Go CLI tool to synchronize a Snyk SSO user memberships to Group and Orgs across 2 domains

CLI tool designed to manage tags and attributes at scale

Show open source vulnerabilities from Snyk in ThreadFix

For Snyk CLI, ignore all issues introduced through a given set of dependencies

sync user org memberships from an external source into Snyk

Mitigate security concerns of Dependency Confusion supply chain security risks

A demo repo showcasing Snyk's IAC offering for terraform

Snyk identity Terraform Provider for managing snyk memberships at Group and Org

TEMPORARY: Super vulnerable todo list application

ToxicSkills - malicious agent skills in openclaw / clawhub / agent supply chain

Dependency Frost game version for Snyk embed

Same href, different syntax: XSS across content parsers

Latest Demos and Research

Step into the Lab

Vibe Coding with Claude Agentic AI Tool

Partner Research

Where security meets curiosity

Explore projects from Snyk Labs