Snyk Cli vulnerabilities
6 known vulnerabilities affecting snyk/snyk_cli.
Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH4MEDIUM1LOW1
Vulnerabilities
Page 1 of 1
CVE-2025-6624LOWCVSS 1.2fixed in 1.1297.32025-06-26
CVE-2025-6624 [LOW] CWE-532 CVE-2025-6624: Versions of the package snyk before 1.1297.3 are vulnerable to Insertion of Sensitive Information in
Versions of the package snyk before 1.1297.3 are vulnerable to Insertion of Sensitive Information into Log File through local Snyk CLI debug logs. Container Registry credentials provided via environment variables or command line arguments can be exposed when executing Snyk CLI in DEBUG or DEBUG/TRACE mode. The issue affects the following Snyk commands: 1
ghsanvdosv
CVE-2024-48963HIGHCVSS 7.5fixed in 1.1294.02024-10-23
CVE-2024-48963 [HIGH] CWE-78 CVE-2024-48963: The package Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted PHP
The package Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted PHP project. The vulnerability can be triggered if Snyk test is run inside the untrusted project due to the improper handling of the current working directory name. Snyk recommends only scanning trusted projects.
nvd
CVE-2024-48964HIGHCVSS 7.5fixed in 1.1294.02024-10-23
CVE-2024-48964 [HIGH] CWE-78 CVE-2024-48964: The package Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted Grad
The package Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted Gradle project. The vulnerability can be triggered if Snyk test is run inside the untrusted project due to the improper handling of the current working directory name. Snyk recommends only scanning trusted projects.
nvd
CVE-2022-24441HIGHCVSS 8.8fixed in 1.1064.02022-11-30
CVE-2022-24441 [HIGH] CWE-78 CVE-2022-24441: The package snyk before 1.1064.0 are vulnerable to Code Injection when analyzing a project. An attac
The package snyk before 1.1064.0 are vulnerable to Code Injection when analyzing a project. An attacker who can convince a user to scan a malicious project can include commands in a build file such as build.gradle or gradle-wrapper.jar, which will be executed with the privileges of the application. This vulnerability may be triggered when running the t
ghsanvdosv
CVE-2022-22984MEDIUMCVSS 6.3fixed in 1.1064.0≥ unspecified, < 1.1064.02022-11-30
CVE-2022-22984 [MEDIUM] CWE-78 CVE-2022-22984: The package snyk before 1.1064.0; the package snyk-mvn-plugin before 2.31.3; the package snyk-gradle
The package snyk before 1.1064.0; the package snyk-mvn-plugin before 2.31.3; the package snyk-gradle-plugin before 3.24.5; the package @snyk/snyk-cocoapods-plugin before 2.5.3; the package snyk-sbt-plugin before 2.16.2; the package snyk-python-plugin before 1.24.2; the package snyk-docker-plugin before 5.6.5; the package @snyk/snyk-hex-plugin before
ghsanvdosv
CVE-2022-40764HIGH≥ 0, < 1.996.02022-10-04
CVE-2022-40764 [HIGH] CWE-78 Snyk CLI affected by Command Injection vulnerability
Snyk CLI affected by Command Injection vulnerability
Snyk CLI before 1.996.0 allows arbitrary command execution, affecting Snyk IDE plugins and the snyk npm package. Exploitation could follow from the common practice of viewing untrusted files in the Visual Studio Code editor, for example. The original demonstration was with shell metacharacters in the vendor.json ignore field, affecting snyk-go-plugin before 1.19
ghsaosv