Security Labs

The Snyk Security Labs team leads high-impact research, paving the way for secure innovation in application development.

Our work has led to major CVEs in core container infrastructure, closed significant supply chain attack vectors in popular open source registries, and demonstrated novel attacks on emerging technologies.

Found a vulnerability? Or know of one missing from the Snyk Vulnerability Database? We’ll help you verify it, contact the maintainer, and assign a CVE for the issue.

Report a vulnerability

article

In Localhost We Trust: Exploring Vulnerabilities in Cortex.cpp, Jan’s AI Engine

Read now

article

Don’t Get Too Comfortable: Hacking ComfyUI Through Custom Nodes

Read now

article

Hijacking OAUTH flows via Cookie Tossing

Read now

article

Remote Code Execution with Spring Boot 3.4.0 Properties

Read now

Showing 1 - 12 of 25 posts

article

In Localhost We Trust: Exploring Vulnerabilities in Cortex.cpp, Jan’s AI Engine

article

Don’t Get Too Comfortable: Hacking ComfyUI Through Custom Nodes

article

Remote Code Execution with Spring Boot 3.4.0 Properties

article

Hijacking OAUTH flows via Cookie Tossing

article

GitFlops: The dangers of terraform automation platforms

article

Proxmox VE CVE-2024-21545 - Tricking the API into giving you the keys

Found a Vulnerability?

We can help you report it

Report a vulnerability

article

Abusing Ubuntu 24.04 features for root privilege escalation

article

Agent hijacking: The true impact of prompt injection attacks

article

Repo Jacking: The Great Source-code Swindle

article

Breaking caches and bypassing Istio RBAC with HTTP response header injection

article

Call for action: Exploring vulnerabilities in Github Actions

article

Leaky Vessels deep dive: Escaping from Docker one syscall at a time

1 2 3

Experiments

Where AI security meets curiosity

Explore Projects from Snyk Labs

github-actions-scanner

JavaScript

Scans your Github Actions for security issues

Updated 3 days ago

View on Github

snyk-cli-greybeard

Shell

A wrapper for Snyk CLI that transforms security scan results into grumpy, sarcastic commentary from an experienced security "greybeard" using OpenAI.

Updated 14 days ago

View on Github

snyk-adversarial-inputs-to-image-classifiers

Python

Demonstrates and visualizes adversarial attacks against image classification models. The project implements several popular attack methods and provides detailed visualizations of the perturbations and their effects.

Updated 32 days ago

View on Github

View more experiments