-
CVE-2022-40764 references [github.com/snyk/snyk-go-plugin](https://github.com/snyk/snyk-go-plugin), which may be a Go module.
Description:
Snyk CLI before 1.996.0 allows arbitrary command execution, …
-
## Environment
**Liquibase Version**: LATEST
**Liquibase Integration & Version**: gradle
**Database Vendor & Version**: Amazon Redshift
**Infrastructure Type/Provider**: AWS
## Desc…
-
Hi,
### Describe the Bug
mcr.microsoft.com/dotnet/aspnet:6.0 docker image uses deprecated versions of several dependencies that have been flagged by our dependency's scanners:
**gzip Improper…
-
What is hard to see is the current vulnerabilities on the master branch because snyk is checking against the package.json so refers to published release of the modules.
Maybe better to track using …
-
This appeared in the CVE feed today: https://security.snyk.io/vuln/SNYK-PYTHON-GITPYTHON-3113858
Not sure if this was reported to you before or not, reporting it here just in case.
-
### Is your feature request related to a specific problem?
More security is good
### Describe the solution you'd like
Adding an automated, common, open-source tool like [bandit](https://bandi…
-
## Proposal
To allow executing Go tools without the need to install them. This is similar to how [npx](https://docs.npmjs.com/cli/v7/commands/npx) is operating. For example, using _npx_, you can in…
-
If this library published inter-compatible type-definitions, it would facilitate the use of the library by projects that use other versions of typescript.
For example, see https://github.com/snyk/c…
-
**Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)**
/kind bug
**Description**
Building a container from Dockerfile with `WORKDIR` + using `--mount=type=secret` with …
-
### 🐛 Describe the bug
In `torch.jit.annotations`, it looks like there are some functions that are deprecated, but still retain code, which may lead to some backdoors, especially since some of these …