{"openapi":"3.0.0","servers":[{"url":"https://api.snyk.io/v1"}],"x-hasEquivalentPaths":true,"info":{"description":"The Snyk API is available to customers on [Business and Enterprise plans](https://snyk.io/plans) and allows you to programatically integrate with Snyk.\n\n## REST API\n\nWe are in the process of building a new, improved API (`https://api.snyk.io/rest`) built using the OpenAPI and JSON API standards. We welcome you to try it out as we shape and release endpoints until it, ultimately, becomes a full replacement for our current API.\n\nLooking for our REST API docs? Please head over to [https://apidocs.snyk.io](https://apidocs.snyk.io)\n\n## API vs CLI vs Snyk integration\n\nThe API detailed below has the ability to test a package for issues, as they are defined by Snyk. It is important to note that for many package managers, using this API will be less accurate than running the [Snyk CLI](https://snyk.io/docs/using-snyk) as part of your build pipe, or just using it locally on your package. The reason for this is that more than one package version fit the requirements given in manifest files. Running the CLI locally tests the actual deployed code, and has an accurate snapshot of the dependency versions in use, while the API can only infer it, with inferior accuracy. It should be noted that the Snyk CLI has the ability to output machine-readable JSON output (with the `--json` flag to `snyk test`).\n\nA third option, is to allow Snyk access to your development flow via the existing [Snyk integrations](https://snyk.io/docs/). The advantage to this approach is having Snyk monitor every new pull request, and suggest fixes by opening new pull requests. This can be achieved either by integrating Snyk directly to your source code management (SCM) tool, or via a broker to allow greater security and auditability.\n\nIf those are not viable options, this API is your best choice.\n\n## API url\n\nThe base URL for all API endpoints is https://api.snyk.io/v1/\n\n## Authorization\n\nTo use this API, you must get your token from Snyk. It can be seen on https://snyk.io/account/ after you register with Snyk and login.\n\nThe token should be supplied in an `Authorization` header with the token, preceded by `token`:\n\n```http\nAuthorization: token API_KEY\n```\n\nOtherwise, a 401 \"Unauthorized\" response will be returned.\n\n```http\nHTTP/1.1 401 Unauthorized\n\n {\n \"code\": 401,\n \"error\": \"Not authorised\",\n \"message\": \"Not authorised\"\n }\n```\n\n## Overview and entities\n\nThe API is a REST API. It has the following entities:\n\n### Test result\n\nThe test result is the object returned from the API giving the results of testing a package for issues. It has the following fields:\n\n| Property | Type | Description | Example |\n|----------------:|---------|-------------------------------------------------------|-----------------------------------------------------------------|\n| ok | boolean | Does this package have one or more issues? | false |\n| issues | object | The issues found. See below for details. | See below |\n| dependencyCount | number | The number of dependencies the package has. | 9 |\n| org | object | The organization this test was carried out for. | {\"name\": \"anOrg\", \"id\": \"5d7013d9-2a57-4c89-993c-0304d960193c\"} |\n| licensesPolicy | object | The organization's licenses policy used for this test | See in the examples |\n| packageManager | string | The package manager for this package | \"maven\" |\n| | | | |\n\n### Issue\n\nAn issue is either a vulnerability or a license issue, according to the organization's policy. It has the following fields:\n\n| Property | Type | Description | Example |\n|---------------:|---------------|----------------------------------------------------------------------------------------------------------------------------|----------------------------------------|\n| id | string | The issue ID | \"SNYK-JS-BACKBONE-10054\" |\n| url | string | A link to the issue details on snyk.io | \"https://snyk.io/vuln/SNYK-JS-BACKBONE-10054 |\n| title | string | The issue title | \"Cross Site Scripting\" |\n| type | string | The issue type: \"license\" or \"vulnerability\". | \"license\" |\n| paths | array | The paths to the dependencies which have an issue, and their corresponding upgrade path (if an upgrade is available). [More information about from and upgrade paths](#introduction/overview-and-entities/from-and-upgrade-paths) | [
{
\"from\": [\"a@1.0.0\", \"b@4.8.1\"],
\"upgrade\": [false, \"b@4.8.2\"]
}
] |\n| package | string | The package identifier according to its package manager | \"backbone\", \"org.apache.flex.blazeds:blazeds\"|\n| version | string | The package version this issue is applicable to. | \"0.4.0\" |\n| severity | string | The Snyk defined severity level: \"critical\", \"high\", \"medium\" or \"low\". | \"high\" |\n| language | string | The package's programming language | \"js\" |\n| packageManager | string | The package manager | \"npm\" |\n| semver | array[string] OR map[string]array[string] | One or more [semver](https://semver.org) ranges this issue is applicable to. The format varies according to package manager. | [\"<0.5.0, >=0.4.0\", \"<0.3.8, >=0.3.6\"] OR { \"vulnerable\": [\"[2.0.0, 3.0.0)\"], \"unaffected\": [\"[1, 2)\", \"[3, )\"] } |\n\n### Vulnerability\n\nA vulnerability in a package. In addition to all the fields present in an issue, a vulnerability also has these fields:\n\nProperty | Type | Description | Example |\n----------------:|---------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------|\n publicationTime | Date | The vulnerability publication time | \"2016-02-11T07:16:18.857Z\" |\n disclosureTime | Date | The time this vulnerability was originally disclosed to the package maintainers | \"2016-02-11T07:16:18.857Z\" |\n isUpgradable | boolean | Is this vulnerability fixable by upgrading a dependency? | true |\n description | string | The detailed description of the vulnerability, why and how it is exploitable. Provided in markdown format. | \"## Overview\\n[`org.apache.logging.log4j:log4j-core`](http://search.maven.org/#search%7Cga%7C1%7Ca%3A%22log4j-core%22)\\nIn Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.\\n\\n# Details\\nSerialization is a process of converting an object into a sequence of bytes which can be persisted to a disk or database or can be sent through streams. The reverse process of creating object from sequence of bytes is called deserialization. Serialization is commonly used for communication (sharing objects between multiple hosts) and persistence (store the object state in a file or a database). It is an integral part of popular protocols like _Remote Method Invocation (RMI)_, _Java Management Extension (JMX)_, _Java Messaging System (JMS)_, _Action Message Format (AMF)_, _Java Server Faces (JSF) ViewState_, etc.\\n\\n_Deserialization of untrusted data_ ([CWE-502](https://cwe.mitre.org/data/definitions/502.html)), is when the application deserializes untrusted data without sufficiently verifying that the resulting data will be valid, letting the attacker to control the state or the flow of the execution. \\n\\nJava deserialization issues have been known for years. However, interest in the issue intensified greatly in 2015, when classes that could be abused to achieve remote code execution were found in a [popular library (Apache Commons Collection)](https://snyk.io/vuln/SNYK-JAVA-COMMONSCOLLECTIONS-30078). These classes were used in zero-days affecting IBM WebSphere, Oracle WebLogic and many other products.\\n\\nAn attacker just needs to identify a piece of software that has both a vulnerable class on its path, and performs deserialization on untrusted data. Then all they need to do is send the payload into the deserializer, getting the command executed.\\n\\n> Developers put too much trust in Java Object Serialization. Some even de-serialize objects pre-authentication. When deserializing an Object in Java you typically cast it to an expected type, and therefore Java's strict type system will ensure you only get valid object trees. Unfortunately, by the time the type checking happens, platform code has already created and executed significant logic. So, before the final type is checked a lot of code is executed from the readObject() methods of various objects, all of which is out of the developer's control. By combining the readObject() methods of various classes which are available on the classpath of the vulnerable application an attacker can execute functions (including calling Runtime.exec() to execute local OS commands).\\n- Apache Blog\\n\\n\\n## References\\n- [NVD](https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5645)\\n- [jira issue](https://issues.apache.org/jira/browse/LOG4J2-1863)\\n\" |\n isPatchable | boolean | Is this vulnerability fixable by using a Snyk supplied patch? | true |\n isPinnable | boolean | Is this vulnerability fixable by pinning a transitive dependency | true |\n identifiers | object | Additional vulnerability identifiers | {\"CWE\": [], \"CVE\": [\"CVE-2016-2402]} |\n credit | string | The reporter of the vulnerability | \"Snyk Security Team\" |\n CVSSv3 | string | Common Vulnerability Scoring System (CVSS) provides a way to capture the principal characteristics of a vulnerability, and produce a numerical score reflecting its severity, as well as a textual representation of that score. | \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\" |\n cvssScore | number | CVSS Score | 5.3 |\n patches | array | Patches to fix this issue, by snyk | see \"Patch\" below. |\n upgradePath | object | The path to upgrade this issue, if applicable | see below |\n isPatched | boolean | Is this vulnerability patched? | false |\n exploitMaturity | string | The snyk exploit maturity level\n\n#### Patch\n\nA patch is an object like this one:\n\n```json\n{\n \"urls\": [\n \"https://snyk-patches.s3.amazonaws.com/npm/backbone/20110701/backbone_20110701_0_0_0cdc525961d3fa98e810ffae6bcc8e3838e36d93.patch\"\n ],\n \"version\": \"<0.5.0 >=0.3.3\",\n \"modificationTime\": \"2015-11-06T02:09:36.180Z\",\n \"comments\": [\n \"https://github.com/jashkenas/backbone/commit/0cdc525961d3fa98e810ffae6bcc8e3838e36d93.patch\"\n ],\n \"id\": \"patch:npm:backbone:20110701:0\"\n}\n```\n\n### From and upgrade paths\n\nBoth from and upgrade paths are arrays, where each item within the array is a package `name@version`.\n\nTake the following `from` path:\n\n```\n[\n \"my-project@1.0.0\",\n \"actionpack@4.2.5\",\n \"rack@1.6.4\"\n]\n```\n\nAssuming this was returned as a result of a test, then we know:\n\n- The package that was tested was `my-project@1.0.0`\n\n- The dependency with an issue was included in the tested package via the direct dependency `actionpack@4.2.5`\n\n- The dependency with an issue was [rack@1.6.4](https://snyk.io/vuln/rubygems:rack@1.6.4)\n\nTake the following `upgrade` path:\n\n```\n[\n false,\n \"actionpack@5.0.0\",\n \"rack@2.0.1\"\n]\n```\n\nAssuming this was returned as a result of a test, then we know:\n\n- The package that was tested is not upgradable (`false`)\n\n- The direct dependency `actionpack` should be upgraded to at least version `5.0.0` in order to fix the issue\n\n- Upgrading `actionpack` to version `5.0.0` will cause `rack` to be installed at version `2.0.1`\n\nIf the `upgrade` path comes back as an empty array (`[]`) then this means that there is no upgrade path available which would fix the issue.\n\n### License issue\n\nA license issue has no additional fields other than the ones in \"Issue\".\n\n### Snyk organization\n\nThe organization in Snyk this request is applicable to. The organization determines the access rights, licenses policy and is the unit of billing for private projects.\n\nA Snyk organization has these fields:\n\nProperty | Type | Description | Example |\n-----------:| ------ | ----------------------------- | -------------------------------------- |\nname | string | The organization display name | \"deelmaker\" |\nid | string | The ID of the organization | \"3ab0f8d3-b17d-4953-ab6d-e1cbfe1df385\" |\n\n## Errors\n\nThis is a beta release of this API. Therefore, despite our efforts, errors might occur. In the unlikely event of such an error, it will have the following structure as JSON in the body:\n\nProperty | Type | Description | Example |\n-----------:| ------ | ----------------------------- | -------------------------------------- |\nmessage | string | Error message with reference | Error calling Snyk api (reference: 39db46b1-ad57-47e6-a87d-e34f6968030b) |\nerrorRef | V4 uuid | An error ref to contact Snyk with | 39db46b1-ad57-47e6-a87d-e34f6968030b |\n\nThe error reference will also be supplied in the `x-error-reference` header in the server reply.\n\nExample response:\n\n```http\nHTTP/1.1 500 Internal Server Error\nx-error-reference: a45ec9c1-065b-4f7b-baf8-dbd1552ffc9f\nContent-Type: application/json; charset=utf-8\nContent-Length: 1848\nVary: Accept-Encoding\nDate: Sun, 10 Sep 2017 06:48:40 GMT\n```\n\n## Rate Limiting\n\nTo ensure resilience against increasing request rates, we are starting to introduce rate-limiting.\nWe are monitoring the rate-limiting system to ensure minimal impact on users while ensuring system stability.\nThe limit is up to 2000 requests per minute, per user, subject to change. As such, we recommend calls to the API are throttled regardless of the current limit.\nAll requests above the limit will get a response with status code `429` - `Too many requests` until requests stop for the duration of the rate-limiting interval (currently a minute).\n\n## Consuming Webhooks\n\nWebhooks are delivered with a `Content-Type` of `application/json`, with the event payload as JSON in the request body. We also send the following headers:\n\n- `X-Snyk-Event` - the name of the event\n\n- `X-Snyk-Transport-ID` - a GUID to identify this delivery\n\n- `X-Snyk-Timestamp` - an ISO 8601 timestamp for when the event occurred, for example: `2020-09-25T15:27:53Z`\n\n- `X-Hub-Signature` - the HMAC hex digest of the request body, used to secure your webhooks and ensure the request did indeed come from Snyk\n\n- `User-Agent` - identifies the origin of the request, for example: `Snyk-Webhooks/XXX`\n\n---\n\nAfter your server is configured to receive payloads, it listens for any payload sent to the endpoint you configured. For security reasons, you should limit requests to those coming from Snyk.\n\n### Validating payloads\n\nAll transports sent to your webhooks have a `X-Hub-Signature` header, which contains the hash signature for the transport. The signature is a HMAC hexdigest of the request body, generated using sha256 and your `secret` as the HMAC key.\n\nYou could use a function in Node.JS such as the following to validate these signatures on incoming requests from Snyk:\n\n```javascript\nimport * as crypto from 'crypto';\n\nfunction verifySignature(request, secret) {\n const hmac = crypto.createHmac('sha256', secret);\n const buffer = JSON.stringify(request.body);\n hmac.update(buffer, 'utf8');\n\n const signature = `sha256=${hmac.digest('hex')}`;\n\n return signature === request.headers['x-hub-signature'];\n}\n```\n\n### Payload versioning\n\nPayloads may evolve over time, and so are versioned. Payload versions are supplied as a suffix to the `X-Snyk-Event` header. For example, `project_snapshot/v0` indicates that the payload is `v0` of the `project_snapshot` event.\n\nVersion numbers only increment when a breaking change is made; for example, removing a field that used to exist, or changing the name of a field. Version numbers do not increment when making an additive change, such as adding a new field that never existed before.\n\n**Note:** During the BETA phase, the structure of webhook payloads may change at any time, so we recommend you check the payload version.\n\n### Event types\n\nWhile consuming a webhook event, `X-Snyk-Event` header must be checked, as an end-point may receive multiple event types.\n\n#### ping\n\nThe ping event happens after a new webhook is created, and can also be manually triggered using the ping webhook API. This is useful to test that your webhook receives data from Snyk correctly.\n\nThe `ping` event makes the following request:\n\n```jsx\nPOST /webhook-handler/snyk123 HTTP/1.1\nHost: my.app.com\nX-Snyk-Event: ping/v0\nX-Snyk-Transport-ID: 998fe884-18a0-45db-8ae0-e379eea3bc0a\nX-Snyk-Timestamp: 2020-09-25T15:27:53Z\nX-Hub-Signature: sha256=7d38cdd689735b008b3c702edd92eea23791c5f6\nUser-Agent: Snyk-Webhooks/044aadd\nContent-Type: application/json\n{\n \"webhookId\": \"d3cf26b3-2d77-497b-bce2-23b33cc15362\"\n}\n```\n\n#### project_snapshot\n\nThis event is triggered every time an existing project is tested and a new snapshot is created. It is triggered on every test of a project, whether or not there are new issues. This event is not triggered when a new project is created or imported. Currently supported targets/scan types are Open Source and container.\n\n```jsx\nPOST /webhook-handler/snyk123 HTTP/1.1\nHost: my.app.com\nX-Snyk-Event: project_snapshot/v0\nX-Snyk-Transport-ID: 998fe884-18a0-45db-8ae0-e379eea3bc0a\nX-Snyk-Timestamp: 2020-09-25T15:27:53Z\nX-Hub-Signature: sha256=7d38cdd689735b008b3c702edd92eea23791c5f6\nUser-Agent: Snyk-Webhooks/044aadd\nContent-Type: application/json\n{\n \"project\": { ... }, // project object matching API responses\n \"org\": { ... }, // organization object matching API responses\n \"group\": { ... }, // group object matching API responses\n \"newIssues\": [], // array of issues object matching API responses\n \"removedIssues\": [], // array of issues object matching API responses\n}\n```\n\n#### Detailed example of a payload\n\n##### project\n\nsee: [https://snyk.docs.apiary.io/#reference/projects](https://snyk.docs.apiary.io/#reference/projects)\n\n```tsx\n\"project\": {\n \"name\": \"snyk/goof\",\n \"id\": \"af137b96-6966-46c1-826b-2e79ac49bbd9\",\n \"created\": \"2018-10-29T09:50:54.014Z\",\n \"origin\": \"github\",\n \"type\": \"maven\",\n \"readOnly\": false,\n \"testFrequency\": \"daily\",\n \"totalDependencies\": 42,\n \"issueCountsBySeverity\": {\n \"low\": 13,\n \"medium\": 8,\n \"high\": 4,\n \"critical\": 5\n },\n \"imageId\": \"sha256:caf27325b298a6730837023a8a342699c8b7b388b8d878966b064a1320043019\",\n \"imageTag\": \"latest\",\n \"imageBaseImage\": \"alpine:3\",\n \"imagePlatform\": \"linux/arm64\",\n \"imageCluster\": \"Production\",\n \"hostname\": null,\n \"remoteRepoUrl\": \"https://github.com/snyk/goof.git\",\n \"lastTestedDate\": \"2019-02-05T08:54:07.704Z\",\n \"browseUrl\": \"https://app.snyk.io/org/4a18d42f-0706-4ad0-b127-24078731fbed/project/af137b96-6966-46c1-826b-2e79ac49bbd9\",\n \"importingUser\": {\n \"id\": \"e713cf94-bb02-4ea0-89d9-613cce0caed2\",\n \"name\": \"example-user@snyk.io\",\n \"username\": \"exampleUser\",\n \"email\": \"example-user@snyk.io\"\n },\n \"isMonitored\": false,\n \"branch\": null,\n \"targetReference\": null,\n \"tags\": [\n {\n \"key\": \"example-tag-key\",\n \"value\": \"example-tag-value\"\n }\n ],\n \"attributes\": {\n \"criticality\": [\n \"high\"\n ],\n \"environment\": [\n \"backend\"\n ],\n \"lifecycle\": [\n \"development\"\n ]\n },\n \"remediation\": {\n \"upgrade\": {},\n \"patch\": {},\n \"pin\": {}\n }\n}\n```\n\n##### org\n\nsee: [https://snyk.docs.apiary.io/#reference/organizations](https://snyk.docs.apiary.io/#reference/organizations)\n\n```tsx\n\"org\": {\n \"name\": \"My Org\",\n \"id\": \"a04d9cbd-ae6e-44af-b573-0556b0ad4bd2\",\n \"slug\": \"my-org\",\n \"url\": \"https://api.snyk.io/org/my-org\",\n \"created\": \"2020-11-18T10:39:00.983Z\"\n}\n```\n\n##### group\n\nsee: [https://snyk.docs.apiary.io/#reference/groups](https://snyk.docs.apiary.io/#reference/groups)\n\n```tsx\n\"group\": {\n \"name\": \"ACME Inc.\",\n \"id\": \"a060a49f-636e-480f-9e14-38e773b2a97f\"\n}\n```\n\n##### issue\n\nsee: https://snyk.docs.apiary.io/#reference/users/user-organization-notification-settings/list-all-aggregated-issues\n\n```tsx\n{\n \"id\": \"npm:ms:20170412\",\n \"issueType\": \"vuln\",\n \"pkgName\": \"ms\",\n \"pkgVersions\": [\n \"1.0.0\"\n ],\n \"issueData\": {\n \"id\": \"npm:ms:20170412\",\n \"title\": \"Regular Expression Denial of Service (ReDoS)\",\n \"severity\": \"low\",\n \"url\": \"https://snyk.io/vuln/npm:ms:20170412\",\n \"description\": \"Lorem ipsum\",\n \"identifiers\": {\n \"CVE\": [],\n \"CWE\": [\n \"CWE-400\"\n ],\n \"ALTERNATIVE\": [\n \"SNYK-JS-MS-10509\"\n ]\n },\n \"credit\": [\n \"Snyk Security Research Team\"\n ],\n \"exploitMaturity\": \"no-known-exploit\",\n \"semver\": {\n \"vulnerable\": [\n \">=0.7.1 <2.0.0\"\n ]\n },\n \"publicationTime\": \"2017-05-15T06:02:45Z\",\n \"disclosureTime\": \"2017-04-11T21:00:00Z\",\n \"CVSSv3\": \"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L\",\n \"cvssScore\": 3.7,\n \"language\": \"js\",\n \"patches\": [\n {\n \"id\": \"patch:npm:ms:20170412:2\",\n \"urls\": [\n \"https://snyk-patches.s3.amazonaws.com/npm/ms/20170412/ms_071.patch\"\n ],\n \"version\": \"=0.7.1\",\n \"comments\": [],\n \"modificationTime\": \"2019-12-03T11:40:45.866206Z\"\n }\n ],\n \"nearestFixedInVersion\": \"2.0.0\"\n },\n \"isPatched\": false,\n \"isIgnored\": false,\n \"fixInfo\": {\n \"isUpgradable\": false,\n \"isPinnable\": false,\n \"isPatchable\": true,\n \"nearestFixedInVersion\": \"2.0.0\"\n },\n \"priority\": {\n \"score\": 399,\n \"factors\": [\n {\n \"name\": \"isFixable\",\n \"description\": \"Has a fix available\"\n },\n {\n \"name\": \"cvssScore\",\n \"description\": \"CVSS 3.7\"\n }\n ]\n }\n}\n```","title":"Snyk API","version":"1.0.0","x-apisguru-categories":["developer_tools"],"x-origin":[{"format":"swagger","url":"https://snyk.docs.apiary.io/api-description-document","version":"2.0"}],"x-providerName":"snyk.io"},"tags":[{"description":"For more information users and different user types see [Snyk docs](https://docs.snyk.io/introducing-snyk/snyks-core-concepts/groups-organizations-and-users#user-access-member-types).","name":"Users"},{"description":"Groups can contain multiple organizations, allowing you to collaborate with multiple teams. For more information on Groups, organizations, and users see [Snyk docs](https://docs.snyk.io/introducing-snyk/snyks-core-concepts/groups-organizations-and-users).","name":"Groups"},{"description":"For more information on organizations see [Snyk docs](https://docs.snyk.io/introducing-snyk/snyks-core-concepts/groups-organizations-and-users#snyk-organizations).","name":"Organizations"},{"description":"Integrations are connections to places where code lives. They can be configured from the [Integration page in the Settings area](https://app.snyk.io/manage/integrations) page.","name":"Integrations"},{"description":"Import projects into Snyk. Projects can be Git repositories, Docker images, containers, configuration files and much more. See the [Projects and Targets documentation](https://docs.snyk.io/getting-started/introduction-to-snyk-projects#targets) for more information. A typical import would start with requesting a target to be processed and then polling the Import Job API for further details on completion and resulting Snyk projects.","name":"Import Projects"},{"description":"A project is a package that is actively tracked by Snyk.","name":"Projects"},{"description":"Dependencies are packages/modules that your projects depend on.\n\nCurrent rate limit is up to 150 requests per minute, per user.\nFor more information about rate-limiting see: [https://snyk.docs.apiary.io/#introduction/rate-limiting](https://snyk.docs.apiary.io/#introduction/rate-limiting)","name":"Dependencies"},{"description":"The licenses which the packages/modules in your projects use.","name":"Licenses"},{"description":"Entitlements are specific abilities an organization has enabled.","name":"Entitlements"},{"description":"Test a package for issues with Snyk.","name":"Test"},{"description":"Snyk constantly discloses new vulnerabilities. Monitor gives you a way to regularly test your project for\nnew vulnerabilities and be alerted when action is required in order to keep your project secure.","name":"Monitor"},{"description":"Note: The endpoints in this category only support Snyk legacy reporting, not the latest release.\n\nThe reporting API powers our reports section.\n\nWith it you can find answers to questions like how many issues your organisation has, or how many tests have been conducted in a given time frame.\n\nCurrent rate limit is up to 70 requests per minute, per user.\nAll requests above the limit will get a response with status code `429` - `Too many requests` until requests stop for the duration of the rate-limiting interval (currently a minute).\nFor more information about rate-limiting see: [https://snyk.docs.apiary.io/#introduction/rate-limiting](https://snyk.docs.apiary.io/#introduction/rate-limiting)","name":"Reporting API"},{"description":"Get audit logs of your group or organization. Logs are only available for past 3 months. Note that the API returns personally identifiable information and requires the use of either a personal Snyk API token or a Snyk service account token with Group Admin level permission.","name":"Audit logs"},{"description":"## Intro\n\n> Warning: the webhooks feature is currently in beta. While in this status, we may change the API and the structure of webhook payloads at any time, without notice.\n\nWebhooks allow you to be notified of events taking place in the Snyk system and react to changes in your projects.\n\nWebhooks associate an event type with a URL. When something triggers that event type, Snyk sends an HTTP POST request to the URL with a payload containing information about the event. Currently supported targets/scan types are Open Source and container.\n\n## Who can access this feature?\n\nOnly Business and Enterprise customers.\n\n## Configuring webhooks\n\nWebhooks can be configured using our API at organization level, by organization admins.","name":"Webhooks"}],"paths":{"/group/{groupId}/audit":{"post":{"description":"","operationId":"Get group level audit logs","parameters":[{"description":"The group ID. The `API_KEY` must have access to this group.","example":"4a18d42f-0706-4ad0-b127-24078731fbea","in":"path","name":"groupId","required":true,"schema":{"type":"string"}},{"description":"The date you wish to fetch results from, in the format YYYY-MM-DD. Default is 3 months ago. Please note that logs are only available for past 3 months.","example":"2025-08-15T13:51:54.386Z","in":"query","name":"from","required":false,"schema":{"type":"string"}},{"description":"The date you wish to fetch results until, in the format YYYY-MM-DD. Default is today. Please note that logs are only available for past 3 months.","example":"2025-08-15T13:51:54.386Z","in":"query","name":"to","required":false,"schema":{"type":"string"}},{"description":"The page of results to request. Audit logs are returned in page sizes of 100","example":"1","in":"query","name":"page","required":false,"schema":{"type":"number"}},{"description":"The sort order of the returned audit logs by date. Values: `ASC`, `DESC`. Default: `DESC`.","example":"ASC","in":"query","name":"sortOrder","required":false,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"example":{"filters":{"event":"api.access","excludeEvent":"api.access"}},"properties":{"filters":{"properties":{"email":{"description":"User email address. Will fetch only audit logs originated from this user's actions. Ignored if the userId filter is set.","type":"string"},"event":{"description":"Will return only logs for this specific event. Only one of event and excludeEvent may be specified in a request.","enum":["api.access","group.cloud_config.settings.edit","group.create","group.delete","group.edit","group.feature_flags.edit","group.notification_settings.edit","group.org.add","group.org.remove","group.policy.create","group.policy.delete","group.policy.edit","group.request_access_settings.edit","group.role.create","group.role.edit","group.service_account.create","group.service_account.delete","group.service_account.edit","group.settings.edit","group.settings.feature_flag.edit","group.sso.auth0_connection.create","group.sso.auth0_connection.edit","group.sso.add","group.sso.create","group.sso.delete","group.sso.edit","group.sso.membership.sync","group.sso.remove","group.tag.create","group.tag.delete","group.user.add","group.user.provision.accept","group.user.provision.create","group.user.provision.delete","group.user.remove","group.user.role.edit"],"type":"string"},"excludeEvent":{"description":"Will return logs except logs for this event. Only one of event and excludeEvent may be specified in a request.","enum":["api.access","group.cloud_config.settings.edit","group.create","group.delete","group.edit","group.feature_flags.edit","group.notification_settings.edit","group.org.add","group.org.remove","group.policy.create","group.policy.delete","group.policy.edit","group.request_access_settings.edit","group.role.create","group.role.edit","group.service_account.create","group.service_account.delete","group.service_account.edit","group.settings.edit","group.settings.feature_flag.edit","group.sso.auth0_connection.create","group.sso.auth0_connection.edit","group.sso.add","group.sso.create","group.sso.delete","group.sso.edit","group.sso.membership.sync","group.sso.remove","group.tag.create","group.tag.delete","group.user.add","group.user.provision.accept","group.user.provision.create","group.user.provision.delete","group.user.remove","group.user.role.edit"],"type":"string"},"projectId":{"description":"Will return only logs for this specific project.","type":"string"},"userId":{"description":"User public ID. Will fetch only audit logs originated from this user's actions.","type":"string"}},"type":"object"}},"type":"object"}}}},"responses":{"200":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":[{"content":{"after":{"name":"Group Current Name"},"before":{"name":"Group Previous Name"}},"created":"2025-08-15T13:51:54.386Z","event":"group.edit","groupId":"4a18d42f-0706-4ad0-b127-24078731fbea","orgId":"4a18d42f-0706-4ad0-b127-24078731fbea","projectId":null,"userId":"4a18d42f-0706-4ad0-b127-24078731fbea"}]}}}},"description":"OK","headers":{"Link":{"schema":{"type":"string"}}}}},"summary":"Get group level audit logs","tags":["Audit logs"]}},"/group/{groupId}/members":{"get":{"description":"","operationId":"List all members in a group","parameters":[{"description":"The group ID. The `API_KEY` must have access admin to this group.","example":"4a18d42f-0706-4ad0-b127-24078731fbed","in":"path","name":"groupId","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":[{"email":"","groupRole":"","id":"","name":"","orgs":[{"name":"","role":""}],"username":""}]}},"schema":{"items":{},"type":"array"}}},"description":"OK","headers":{}}},"summary":"List all members in a group","tags":["Groups"]}},"/group/{groupId}/org/{orgId}/members":{"post":{"description":"","operationId":"Add a member to an organization within a group","parameters":[{"description":"The group ID. The `API_KEY` must have access admin to this group.","example":"4a18d42f-0706-4ad0-b127-24078731fbed","in":"path","name":"groupId","required":true,"schema":{"type":"string"}},{"description":"The organization ID we want to add the member to. The `API_KEY` must have access to this organization.","example":"4a18d42f-0706-4ad0-b127-24078731fbed","in":"path","name":"orgId","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"example":{"role":"","userId":""},"properties":{"role":{"description":"The role of the user, \"admin\" or \"collaborator\".","type":"string"},"userId":{"description":"The id of the user.","type":"string"}},"type":"object"}}}},"responses":{"200":{"description":"OK","headers":{}}},"summary":"Add a member to an organization within a group","tags":["Groups"]}},"/group/{groupId}/orgs":{"get":{"description":"","operationId":"List all organizations in a group","parameters":[{"description":"The group ID. The `API_KEY` must have READ access to this group and LIST organizations access in this group.","example":"a060a49f-636e-480f-9e14-38e773b2a97f","in":"path","name":"groupId","required":true,"schema":{"type":"string"}},{"description":"The number of results to return (maximum is 100).","example":"100","in":"query","name":"perPage","required":false,"schema":{"default":100,"type":"number"}},{"description":"For pagination - offset (from which to start returning results).","example":"1","in":"query","name":"page","required":false,"schema":{"type":"number"}},{"description":"Only organizations that have a name that **starts with** this value (case insensitive) will be returned.","example":"my","in":"query","name":"name","required":false,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":{"created":"2025-08-15T13:51:54.386Z","id":"a060a49f-636e-480f-9e14-38e773b2a97f","name":"ACME Inc.","orgs":[{"created":"2025-08-15T13:51:54.386Z","id":"689ce7f9-7943-4a71-b704-2ba575f01089","name":"myDefaultOrg","slug":"my-default-org","url":"https://api.snyk.io/org/default-org"},{"created":"2025-08-15T13:51:54.386Z","id":"a04d9cbd-ae6e-44af-b573-0556b0ad4bd2","name":"My Other Org","slug":"my-other-org","url":"https://api.snyk.io/org/my-other-org"}],"url":"https://api.snyk.io/group/0dfc509a-e7a9-48ef-9d39-649d6468fc09"}}}}},"description":"OK","headers":{}}},"summary":"List all organizations in a group","tags":["Groups"]}},"/group/{groupId}/roles":{"get":{"description":"","operationId":"List all roles in a group","parameters":[{"description":"The group ID. The `API_KEY` must have READ access to this group.","example":"a060a49f-636e-480f-9e14-38e773b2a97f","in":"path","name":"groupId","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":[{"created":"2025-08-15T13:51:54.386Z","description":"Collaborator","modified":"2025-08-15T13:51:54.386Z","name":"Org Collaborator","publicId":"6525b356-a400-465f-b2e5-3eee1161e69f"},{"created":"2025-08-15T13:51:54.386Z","description":"Admin","modified":"2025-08-15T13:51:54.386Z","name":"Org Admin","publicId":"af047fef-69f3-4bd9-9760-8957ce0d2ece"}]}}}},"description":"OK","headers":{}}},"summary":"List all roles in a group","tags":["Groups"]}},"/group/{groupId}/settings":{"get":{"description":"","operationId":"View group settings","parameters":[{"description":"The group ID. The `API_KEY` must have admin access to this group.","example":"b61bc07c-27c6-42b3-8b04-0f228ed31a67","in":"path","name":"groupId","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"*/*":{"schema":{"properties":{"requestAccess":{"description":"Can only be updated if `API_KEY` has edit access to request access settings.","properties":{"enabled":{"description":"Choose whether a user may request access to Snyk orgs in this group that they are not a member of.","type":"boolean"}},"required":["enabled"],"type":"object"},"sessionLength":{"description":"The new session length for the group in minutes. This must be an integer between 1 and 43200 (30 days). Setting this value to null will result in this group inheriting from the global default of 30 days.","type":"number"}},"type":"object"}}},"description":"OK","headers":{}}},"summary":"View group settings","tags":["Groups"]},"put":{"description":"","operationId":"Update group settings","parameters":[{"description":"Automatically added","in":"path","name":"groupId","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"*/*":{"schema":{"properties":{"requestAccess":{"description":"Can only be updated if `API_KEY` has edit access to request access settings.","properties":{"enabled":{"description":"Choose whether a user may request access to Snyk orgs in this group that they are not a member of.","type":"boolean"}},"required":["enabled"],"type":"object"},"sessionLength":{"description":"The new session length for the group in minutes. This must be an integer between 1 and 43200 (30 days). Setting this value to null will result in this group inheriting from the global default of 30 days.","type":"number"}},"type":"object"}}},"description":"OK","headers":{}}},"summary":"Update group settings","tags":["Groups"]}},"/group/{groupId}/tags":{"get":{"description":"","operationId":"List all tags in a group","parameters":[{"description":"The group ID. The `API_KEY` must have access admin to this group.","example":"4a18d42f-0706-4ad0-b127-24078731fbed","in":"path","name":"groupId","required":true,"schema":{"type":"string"}},{"description":"The number of results to return (the default is 1000).","example":"10","in":"query","name":"perPage","required":false,"schema":{"type":"number"}},{"description":"The offset from which to start returning results from.","example":"1","in":"query","name":"page","required":false,"schema":{"type":"number"}}],"responses":{"200":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":{"tags":[{"key":"meta","value":"Alfa"},{"key":"meta","value":"Bravo"},{"key":"meta","value":"Charlie"},{"key":"meta","value":"Delta"},{"key":"meta","value":"Echo"},{"key":"meta","value":"Foxtrot"},{"key":"meta","value":"Golf"},{"key":"meta","value":"Hotel"},{"key":"meta","value":"India"},{"key":"meta","value":"Juliet"}]}}},"schema":{"properties":{"tags":{"items":{},"type":"array"}},"type":"object"}}},"description":"OK","headers":{"Link":{"schema":{"type":"string"}}}}},"summary":"List all tags in a group","tags":["Groups"]}},"/group/{groupId}/tags/delete":{"post":{"description":"","operationId":"Delete tag from group","parameters":[{"description":"The group ID. The `API_KEY` must have access admin to this group.","example":"4a18d42f-0706-4ad0-b127-24078731fbed","in":"path","name":"groupId","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"example":{"force":false,"key":"","value":""},"properties":{"force":{"description":"force delete tag that has entities (default is `false`).","type":"boolean"},"key":{"description":"Valid tag key.","type":"string"},"value":{"description":"Valid tag value.","type":"string"}},"type":"object"}}}},"responses":{"200":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":{"force":false,"key":"","value":""}}},"schema":{"properties":{"force":{"description":"force delete tag that has entities (default is `false`).","type":"boolean"},"key":{"description":"Valid tag key.","type":"string"},"value":{"description":"Valid tag value.","type":"string"}},"type":"object"}}},"description":"OK","headers":{}}},"summary":"Delete tag from group","tags":["Groups"]}},"/monitor/dep-graph":{"post":{"description":"Use this endpoint to monitor a [DepGraph data object](https://github.com/snyk/dep-graph#depgraphdata).","operationId":"Monitor Dep Graph","parameters":[{"description":"The organization to test the package with. See \"The Snyk organization for a request\" above.","example":"9695cbb1-3a87-4d6f-8ae1-61a1c37ee9f7","in":"query","name":"org","required":false,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"example":{"depGraph":{"graph":{"nodes":[{"deps":[{"nodeId":"ch.qos.logback:logback-core@1.0.13"}],"nodeId":"root-node","pkgId":"my-maven-app@1.0.0"},{"deps":[],"nodeId":"ch.qos.logback:logback-core@1.0.13","pkgId":"ch.qos.logback:logback-core@1.0.13"}],"rootNodeId":"root-node"},"pkgManager":{"name":"maven"},"pkgs":[{"id":"my-maven-app@1.0.0","info":{"name":"my-maven-app","version":"1.0.0"}},{"id":"ch.qos.logback:logback-core@1.0.13","info":{"name":"ch.qos.logback:logback-core","version":"1.0.13"}}],"schemaVersion":"1.2.0"}},"properties":{"depGraph":{"description":"A [DepGraph data object](https://github.com/snyk/dep-graph#depgraphdata) defining all packages and their relationships.","properties":{"graph":{"description":"Graph object references each pkg and how they depend on each other through the deps property.","properties":{"nodes":{"description":"Array of node objects.","items":{},"type":"array"},"rootNodeId":{"description":"Root node id. Note the root node name is used as your project name.","type":"string"}},"required":["rootNodeId","nodes"],"type":"object"},"pkgManager":{"description":"Package manager information.","properties":{"name":{"description":"Package manager name.","type":"string"},"repositories":{"description":"A list of package repositories (i.e. maven-central, or npm) that defaults to the canonical package registry for the given package manager.","items":{},"type":"array"}},"required":["name"],"type":"object"},"pkgs":{"description":"Array of package dependencies.","items":{},"type":"array"},"schemaVersion":{"description":"Snyk DepGraph library schema version.","type":"string"}},"required":["schemaVersion","pkgManager","pkgs","graph"],"type":"object"},"meta":{"description":"Project metadata","properties":{"targetFramework":{"description":"Required for a NuGet or Paket DepGraph only. Specify the target framework in your project file using Target Framework Monikers (TFMs). For example, netstandard1.0, netcoreapp1.0 or net452. Test each framework separately if you have multiple defined.","type":"string"}},"type":"object"}},"required":["depGraph"],"type":"object"}}}},"responses":{"200":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":{"id":"f7c065cd-5850-462d-a0ca-9719d07e3e38","ok":true,"uri":"https://app.snyk.io/org/my-org/project/f7c065cd-5850-462d-a0ca-9719d07e3e38/history/39d14036-31f3-4f22-8037-1d979e0516ef"}}}}},"description":"OK","headers":{}}},"summary":"Monitor Dep Graph","tags":["Monitor"]}},"/org":{"post":{"description":"","operationId":"Create a new organization","requestBody":{"content":{"application/json":{"schema":{"example":{"groupId":"4a18d42f-0706-4ad0-b127-24078731fbed","name":"new-org","sourceOrgId":"6b4a3261-b68f-43a0-9218-1f082e77f879"},"properties":{"groupId":{"description":"The group ID. The `API_KEY` must have access to this group.","type":"string"},"name":{"description":"The name of the new organization","type":"string"},"sourceOrgId":{"description":"The id of an organization to copy settings from.\n\nIf provided, this organization must be associated with the same group.\n\nThe items that will be copied are: \nSource control integrations (GitHub, GitLab, BitBucket)\n\\+ Container registries integrations (ACR, Docker Hub, ECR, GCR)\n\\+ Container orchestrators integrations (Kubernetes)\n\\+ PaaS and Serverless Integrations (Heroku, AWS Lambda)\n\\+ Notification integrations (Slack, Jira)\n\\+ Policies\n\\+ Ignore settings\n\\+ Language settings\n\\+ Infrastructure as Code settings\n\\+ Snyk Code settings\n\nThe following will not be copied across:\nService accounts\n\\+ Members\n\\+ Projects\n\\+ Notification preferences","type":"string"}},"required":["name"],"type":"object"}}}},"responses":{"201":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":{"created":"2025-08-15T13:51:54.387Z","group":{"id":"4a18d42f-0706-4ad0-b127-24078731fbed","name":"test-group"},"id":"0356f641-c55c-488f-af05-c2122590f369","name":"new-org","slug":"new-org","url":"https://snyk.io/org/new-org"}}}}},"description":"Created","headers":{}},"400":{"content":{"application/json, charset=utf-8":{"examples":{"response":{"value":{"errorRef":"49f168a0-a084-4cd8-93ff-63f3a0f06bc6","message":"Unexpected error whilst deleting org"}}},"schema":{"properties":{"errorRef":{"description":"[UUID] An error ref to contact Snyk with","type":"string"},"message":{"description":"The error message","type":"string"}},"type":"object"}},"application/json; charset=utf-8":{"schema":{"properties":{"errorRef":{"description":"[UUID] An error ref to contact Snyk with","type":"string"},"message":{"description":"The error message","type":"string"}},"type":"object"}}},"description":"A group of errors that happened in the process of creating a new organization and were unexpected","headers":{}},"401":{"content":{"application/json, charset=utf-8":{"examples":{"response":{"value":{"errorRef":"49f168a0-a084-4cd8-93ff-63f3a0f06bc6","message":"You must have the required permissions to add an org"}}},"schema":{"properties":{"errorRef":{"description":"[UUID] An error ref to contact Snyk with","type":"string"},"message":{"description":"The error message","type":"string"}},"type":"object"}},"application/json; charset=utf-8":{"schema":{"properties":{"errorRef":{"description":"[UUID] An error ref to contact Snyk with","type":"string"},"message":{"description":"The error message","type":"string"}},"type":"object"}}},"description":"Authorization errors.","headers":{}},"422":{"content":{"application/json, charset=utf-8":{"examples":{"response":{"value":{"errorRef":"49f168a0-a084-4cd8-93ff-63f3a0f06bc6","message":"Please provide a new organization name in the body of the request"}}},"schema":{"properties":{"errorRef":{"description":"[UUID] An error ref to contact Snyk with","type":"string"},"message":{"description":"The error message","type":"string"}},"type":"object"}},"application/json; charset=utf-8":{"schema":{"properties":{"errorRef":{"description":"[UUID] An error ref to contact Snyk with","type":"string"},"message":{"description":"The error message","type":"string"}},"type":"object"}}},"description":"A group of errors that show input errors about the parameters provided in the request.","headers":{}}},"summary":"Create a new organization","tags":["Organizations"]}},"/org/{orgId}":{"delete":{"description":"","operationId":"Remove organization","parameters":[{"description":"The organization ID. The `API_KEY` must have permission to delete the provided organization. Currently this operation is only supported for organizations without any projects.","example":"4a18d42f-0706-4ad0-b127-24078731fbed","in":"path","name":"orgId","required":true,"schema":{"type":"string"}}],"responses":{"204":{"description":"No Content","headers":{}}},"summary":"Remove organization","tags":["Organizations"]}},"/org/{orgId}/audit":{"post":{"description":"","operationId":"Get organization level audit logs","parameters":[{"description":"The organization ID. The `API_KEY` must have access to this organization.","example":"4a18d42f-0706-4ad0-b127-24078731fbea","in":"path","name":"orgId","required":true,"schema":{"type":"string"}},{"description":"The date you wish to fetch results from, in the format YYYY-MM-DD. Default is 3 months ago. Please note that logs are only available for past 3 months.","example":"2025-08-15T13:51:54.387Z","in":"query","name":"from","required":false,"schema":{"type":"string"}},{"description":"The date you wish to fetch results until, in the format YYYY-MM-DD. Default is today. Please note that logs are only available for past 3 months.","example":"2025-08-15T13:51:54.387Z","in":"query","name":"to","required":false,"schema":{"type":"string"}},{"description":"The page of results to request. Audit logs are returned in page sizes of 100.","example":"1","in":"query","name":"page","required":false,"schema":{"type":"number"}},{"description":"The sort order of the returned audit logs by date. Values: `ASC`, `DESC`. Default: `DESC`.","example":"ASC","in":"query","name":"sortOrder","required":false,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"example":{"filters":{"event":"api.access","excludeEvent":"api.access"}},"properties":{"filters":{"properties":{"email":{"description":"User email address. Will fetch only audit logs originated from this user's actions. Ignored if the userId filter is set.","type":"string"},"event":{"description":"Will return only logs for this specific event. Only one of event and excludeEvent may be specified in a request.","enum":["api.access","org.cloud_config.settings.edit","org.create","org.delete","org.edit","org.ignore_policy.edit","org.integration.create","org.integration.delete","org.integration.edit","org.integration.settings.edit","org.language_settings.edit","org.license_rule.create","org.license_rule.delete","org.license_rule.edit","org.notification_settings.edit","org.org_source.create","org.org_source.delete","org.org_source.edit","org.policy.edit","org.project.add","org.project.attributes.edit","org.project.delete","org.project.edit","org.project.fix_pr.auto_open","org.project.fix_pr.manual_open","org.project.ignore.create","org.project.ignore.delete","org.project.ignore.edit","org.project.monitor","org.project.pr_check.edit","org.project.remove","org.project.settings.delete","org.project.settings.edit","org.project.stop_monitor","org.project.tag.add","org.project.tag.remove","org.project.test","org.request_access_settings.edit","org.sast_settings.edit","org.service_account.create","org.service_account.delete","org.service_account.edit","org.service_account.membership.upsert","org.settings.feature_flag.edit","org.target.create","org.target.delete","org.user.add","org.user.invite","org.user.invite.accept","org.user.invite.revoke","org.user.invite_link.accept","org.user.invite_link.create","org.user.invite_link.revoke","org.user.leave","org.user.provision.accept","org.user.provision.create","org.user.provision.delete","org.user.remove","org.user.role.create","org.user.role.delete","org.user.role.details.edit","org.user.role.edit","org.user.role.permissions.edit","org.webhook.add","org.webhook.delete"],"type":"string"},"excludeEvent":{"description":"Will return logs except logs for this event. Only one of event and excludeEvent may be specified in a request.","enum":["api.access","org.cloud_config.settings.edit","org.create","org.delete","org.edit","org.ignore_policy.edit","org.integration.create","org.integration.delete","org.integration.edit","org.integration.settings.edit","org.language_settings.edit","org.license_rule.create","org.license_rule.delete","org.license_rule.edit","org.notification_settings.edit","org.org_source.create","org.org_source.delete","org.org_source.edit","org.policy.edit","org.project.add","org.project.attributes.edit","org.project.delete","org.project.edit","org.project.fix_pr.auto_open","org.project.fix_pr.manual_open","org.project.ignore.create","org.project.ignore.delete","org.project.ignore.edit","org.project.monitor","org.project.pr_check.edit","org.project.remove","org.project.settings.delete","org.project.settings.edit","org.project.stop_monitor","org.project.tag.add","org.project.tag.remove","org.project.test","org.request_access_settings.edit","org.sast_settings.edit","org.service_account.create","org.service_account.delete","org.service_account.edit","org.service_account.membership.upsert","org.settings.feature_flag.edit","org.target.create","org.target.delete","org.user.add","org.user.invite","org.user.invite.accept","org.user.invite.revoke","org.user.invite_link.accept","org.user.invite_link.create","org.user.invite_link.revoke","org.user.leave","org.user.provision.accept","org.user.provision.create","org.user.provision.delete","org.user.remove","org.user.role.create","org.user.role.delete","org.user.role.details.edit","org.user.role.edit","org.user.role.permissions.edit","org.webhook.add","org.webhook.delete"],"type":"string"},"projectId":{"description":"Will return only logs for this specific project.","type":"string"},"userId":{"description":"User public ID. Will fetch only audit logs originated from this user's actions.","type":"string"}},"type":"object"}},"type":"object"}}}},"responses":{"200":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":[{"content":{"email":"someone@snyk.io","isAdmin":false},"created":"2025-08-15T13:51:54.387Z","event":"org.user.invite","groupId":"4a18d42f-0706-4ad0-b127-24078731fbea","orgId":"4a18d42f-0706-4ad0-b127-24078731fbea","projectId":null,"userId":"4a18d42f-0706-4ad0-b127-24078731fbea"},{"content":{"after":"ADMIN","before":"COLLABORATOR","userPublicId":"4a18d42f-0706-4ad0-b127-24078731fbea"},"created":"2025-08-15T13:51:54.387Z","event":"org.user.role.edit","groupId":"4a18d42f-0706-4ad0-b127-24078731fbea","orgId":"4a18d42f-0706-4ad0-b127-24078731fbea","projectId":null,"userId":"4a18d42f-0706-4ad0-b127-24078731fbea"}]}}}},"description":"OK","headers":{"Link":{"schema":{"type":"string"}}}}},"summary":"Get organization level audit logs","tags":["Audit logs"]}},"/org/{orgId}/dependencies":{"post":{"description":"","operationId":"List all dependencies","parameters":[{"description":"The organization ID to list projects for. The `API_KEY` must have access to this organization.","example":"4a18d42f-0706-4ad0-b127-24078731fbed","in":"path","name":"orgId","required":true,"schema":{"type":"string"}},{"description":"The field to sort results by.","example":"dependency","in":"query","name":"sortBy","required":false,"schema":{"default":"dependency","enum":["projects","dependency","severity","dependenciesWithIssues"],"type":"string"}},{"description":"The direction to sort results by.","in":"query","name":"order","required":false,"schema":{"default":"asc","enum":["asc","desc"],"type":"string"}},{"description":"The page of results to fetch.","in":"query","name":"page","required":false,"schema":{"default":1,"type":"number"}},{"description":"The number of results to fetch per page (maximum is 1000).","in":"query","name":"perPage","required":false,"schema":{"default":20,"type":"number"}}],"requestBody":{"content":{"application/json":{"schema":{"example":{"filters":{"depStatus":"","dependencies":[],"languages":["cpp","dockerfile","dotnet","elixir","golang","helm","java","javascript","kubernetes","linux","php","python","ruby","scala","swift","terraform"],"licenses":[],"projects":[],"severity":["critical","high","medium","low"]}},"properties":{"filters":{"properties":{"depStatus":{"description":"Status of the dependency. Requires reporting entitlement. Options: `deprecated` - Include only deprecated packages; `notDeprecated` - Include all packages that are not marked as deprecated; `any` - Include all packages (default)","type":"string"},"dependencies":{"description":"The list of dependency IDs to filter the results by (i.e amdefine@1.0.1 or org.javassist:javassist@3.18.1-GA)"},"languages":{"description":"The type of languages to filter the results by","items":{},"type":"array"},"licenses":{"description":"The list of license IDs to filter the results by"},"projects":{"description":"The list of project IDs to filter the results by"},"severity":{"description":"The severities to filter the results by","items":{},"type":"array"}},"type":"object"}},"type":"object"}}}},"responses":{"200":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":{"results":[{"copyright":["Copyright (c) 2013-2018 Blaine Bublitz ","Copyright (c) Eric Schoffstall and other contributors"],"dependenciesWithIssues":["minimatch@2.0.10","minimatch@0.2.14"],"deprecatedVersions":["0.0.1","0.0.2","0.0.3"],"firstPublishedDate":"2025-08-15T13:51:54.387Z","id":"gulp@3.9.1","isDeprecated":false,"latestVersion":"4.0.0","latestVersionPublishedDate":"2025-08-15T13:51:54.387Z","licenses":[{"id":"snyk:lic:npm:gulp:MIT","license":"MIT","title":"MIT license"}],"name":"gulp","projects":[{"id":"6d5813be-7e6d-4ab8-80c2-1e3e2a454545","name":"atokeneduser/goof"}],"type":"npm","version":"3.9.1"}],"total":1}}},"schema":{"properties":{"results":{"description":"A list of issues","items":{"properties":{"copyright":{"description":"The copyright notices for the package","items":{},"type":"array"},"dependenciesWithIssues":{"description":"The identifiers of dependencies with issues that are depended upon as a result of this dependency","items":{},"type":"array"},"deprecatedVersions":{"description":"The numbers for those versions that are marked as deprecated","items":{},"type":"array"},"firstPublishedDate":{"description":"The timestamp for when the specified package was first published.","type":"string"},"id":{"description":"The identifier of the package","type":"string"},"isDeprecated":{"description":"True if the latest version of the package is marked as deprecated; False otherwise.","type":"boolean"},"issuesCritical":{"description":"The number of critical severity issues in this dependency","type":"number"},"issuesHigh":{"description":"The number of high severity issues in this dependency","type":"number"},"issuesLow":{"description":"The number of low severity issues in this dependency","type":"number"},"issuesMedium":{"description":"The number of medium severity issues in this dependency","type":"number"},"latestVersion":{"description":"The latest version available for the specified package","type":"string"},"latestVersionPublishedDate":{"description":"The timestamp for when the latest version of the specified package was published.","type":"string"},"licenses":{"description":"The licenses of the dependency","items":{"properties":{"id":{"description":"The identifier of the license","type":"string"},"license":{"description":"The type of the license","type":"string"},"title":{"description":"The title of the license","type":"string"}},"required":["id","title","license"],"type":"object"},"type":"array"},"name":{"description":"The name of the package","type":"string"},"projects":{"description":"The projects which depend on the dependency","items":{"properties":{"id":{"description":"The identifier of the project","type":"string"},"name":{"description":"The name of the project","type":"string"}},"required":["id","name"],"type":"object"},"type":"array"},"type":{"description":"The package type of the dependency","type":"string"},"version":{"description":"The version of the package","type":"string"}},"required":["id","name","version","type","licenses","projects"],"type":"object"},"type":"array"},"total":{"description":"The number of results returned","type":"number"}},"required":["results"],"type":"object"}}},"description":"OK","headers":{"Link":{"schema":{"type":"string"}}}}},"summary":"List all dependencies","tags":["Dependencies"]}},"/org/{orgId}/entitlement/{entitlementKey}":{"get":{"description":"","operationId":"Get an organization's entitlement value","parameters":[{"description":"The organization ID to query the entitlement for. The `API_KEY` must have access to this organization.","example":"4a18d42f-0706-4ad0-b127-24078731fbed","in":"path","name":"orgId","required":true,"schema":{"type":"string"}},{"description":"The entitlement to query.","example":"reports","in":"path","name":"entitlementKey","required":true,"schema":{"enum":["licenses","reports","fullVulnDB"],"type":"string"}}],"responses":{"200":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":true}}}},"description":"OK","headers":{}}},"summary":"Get an organization's entitlement value","tags":["Entitlements"]}},"/org/{orgId}/entitlements":{"get":{"description":"","operationId":"List all entitlements","parameters":[{"description":"The organization ID to list entitlements for. The `API_KEY` must have access to this organization.","example":"4a18d42f-0706-4ad0-b127-24078731fbed","in":"path","name":"orgId","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":{"fullVulnDB":false,"licenses":true,"reports":true}}}}},"description":"OK","headers":{}}},"summary":"List all entitlements","tags":["Entitlements"]}},"/org/{orgId}/integrations":{"get":{"description":"","operationId":"List","parameters":[{"description":"The organization public ID. The `API_KEY` must have admin access to this organization.","example":"4a18d42f-0706-4ad0-b127-24078731fbed","in":"path","name":"orgId","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":{"bitbucket-cloud":"6jje4c92-e7rn-t59a-f456-8n5675432fe9","github":"9a3e5d90-b782-468a-a042-9a2073736f0b","gitlab":"1b3e3d90-c678-347a-n232-6a3453738h1e"}}},"schema":{"properties":{},"type":"object"}}},"description":"OK","headers":{}}},"summary":"List","tags":["Integrations"]},"post":{"description":"Add new integration for given organization.","operationId":"Add new integration","parameters":[{"description":"The organization ID. The `API_KEY` must have admin access to this organization.","example":"4a18d42f-0706-4ad0-b127-24078731fbed","in":"path","name":"orgId","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"anyOf":[{"example":{"credentials":{"token":"GITHUB_TOKEN"},"type":"github"},"properties":{"credentials":{"description":"credentials for given integration","oneOf":[{"properties":{"AcrCredentials":{"properties":{"password":{"type":"string"},"registryBase":{"description":"e.g.: `name.azurecr.io`","type":"string"},"username":{"type":"string"}},"required":["username","password","registryBase"],"type":"object"}}},{"properties":{"ArtifactoryCrCredentials":{"properties":{"password":{"type":"string"},"registryBase":{"description":"e.g.: `name.jfrog.io`","type":"string"},"username":{"type":"string"}},"required":["username","password","registryBase"],"type":"object"}}},{"properties":{"AzureReposCredentials":{"properties":{"url":{"type":"string"},"username":{"type":"string"}},"required":["username","url"],"type":"object"}}},{"properties":{"BitbucketCloudCredentials":{"properties":{"password":{"type":"string"},"username":{"type":"string"}},"required":["username","password"],"type":"object"}}},{"properties":{"BitbucketServerCredentials":{"properties":{"password":{"type":"string"},"url":{"type":"string"},"username":{"type":"string"}},"required":["username","password","url"],"type":"object"}}},{"properties":{"DigitalOceanCrCredentials":{"properties":{"token":{"description":"Personal Access Token","type":"string"}},"required":["token"],"type":"object"}}},{"properties":{"DockerHubCredentials":{"properties":{"password":{"description":"Access Token","type":"string"},"username":{"type":"string"}},"required":["username","password"],"type":"object"}}},{"properties":{"EcrCredentials":{"properties":{"region":{"description":"e.g.: `eu-west-3`","type":"string"},"roleArn":{"description":"e.g.: `arn:aws:iam:::role/`","type":"string"}},"required":["region","roleArn"],"type":"object"}}},{"properties":{"GcrCredentials":{"properties":{"password":{"description":"JSON key file","type":"string"},"registryBase":{"description":"e.g.: `gcr.io`, `us.gcr.io`, `eu.gcr.io`, `asia.gcr.io`","type":"string"}},"required":["password","registryBase"],"type":"object"}}},{"properties":{"GitHubCredentials":{"properties":{"token":{"type":"string"}},"required":["token"],"type":"object"}}},{"properties":{"GitHubCrCredentials":{"properties":{"password":{"type":"string"},"registryBase":{"description":"e.g.: `ghcr.io`","type":"string"},"username":{"type":"string"}},"required":["username","password","registryBase"],"type":"object"}}},{"properties":{"GitHubEnterpriseCredentials":{"properties":{"token":{"type":"string"},"url":{"type":"string"}},"required":["token","url"],"type":"object"}}},{"properties":{"GitLabCredentials":{"properties":{"token":{"type":"string"},"url":{"description":"for self-hosted GitLab only","type":"string"}},"required":["token"],"type":"object"}}},{"properties":{"GitLabCrCredentials":{"properties":{"password":{"type":"string"},"registryBase":{"description":"e.g.: `your.gitlab.host`","type":"string"},"username":{"type":"string"}},"required":["username","password","registryBase"],"type":"object"}}},{"properties":{"GoogleArtifactCrCredentials":{"properties":{"password":{"description":"JSON key file","type":"string"},"registryBase":{"description":"e.g.: `us-east1-docker.pkg.dev`, `europe-west1-docker.pkg.dev`","type":"string"}},"required":["password","registryBase"],"type":"object"}}},{"properties":{"HarborCrCredentials":{"properties":{"password":{"type":"string"},"registryBase":{"description":"e.g.: `your.harbor.host`","type":"string"},"username":{"type":"string"}},"required":["username","password","registryBase"],"type":"object"}}},{"properties":{"NexusCrCredentials":{"properties":{"password":{"type":"string"},"registryBase":{"description":"e.g.: `your.nexus.host`","type":"string"},"username":{"type":"string"}},"required":["username","password","registryBase"],"type":"object"}}},{"properties":{"QuayCrCredentials":{"properties":{"password":{"type":"string"},"registryBase":{"description":"e.g.: `quay.io`, `your.quay.host`","type":"string"},"username":{"type":"string"}},"required":["username","password","registryBase"],"type":"object"}}}],"properties":{},"type":"object"},"type":{"description":"integration type","enum":["acr","artifactory-cr","azure-repos","bitbucket-cloud","bitbucket-server","digitalocean-cr","docker-hub","ecr","gcr","github","github-cr","github-enterprise","gitlab","gitlab-cr","google-artifact-cr","harbor-cr","nexus-cr","quay-cr"],"type":"string"}},"required":["type","credentials"],"type":"object"},{"example":{"broker":{"enabled":true},"type":"bitbucket-server"},"properties":{"broker":{"description":"brokered integration settings","properties":{"enabled":{"type":"boolean"}},"type":"object"},"type":{"description":"integration type","enum":["acr","artifactory-cr","azure-repos","bitbucket-cloud","bitbucket-server","digitalocean-cr","docker-hub","ecr","gcr","github","github-cr","github-enterprise","gitlab","gitlab-cr","google-artifact-cr","harbor-cr","nexus-cr","quay-cr"],"type":"string"}},"required":["type","broker"],"type":"object"}]}}}},"responses":{"200":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":{"brokerToken":"4a18d42f-0706-4ad0-b127-24078731fbed","id":"9a3e5d90-b782-468a-a042-9a2073736f0b"}}}}},"description":"OK","headers":{}}},"summary":"Add new integration","tags":["Integrations"]}},"/org/{orgId}/integrations/{integrationId}":{"put":{"description":"+ Update integration's credentials for given organization. Integration must be **not brokered**\n\n+ Enable or disable brokered integration for given organization. *Credentials required for disabling brokered integration*\n\nExamples in right section:\n\n1. Set up a broker for an existing integration\n\n2. Update credentials for an existing non-brokered integration\n\n3. Disable broker for an existing integration","operationId":"Update existing integration","parameters":[{"description":"The organization ID. The `API_KEY` must have admin access to this organization.","example":"4a18d42f-0706-4ad0-b127-24078731fbed","in":"path","name":"orgId","required":true,"schema":{"type":"string"}},{"description":"The unique identifier for the configured integration. This can be found on the [Integration page in the Settings area](https://app.snyk.io/manage/integrations) for all integrations that have been configured.","example":"9a3e5d90-b782-468a-a042-9a2073736f0b","in":"path","name":"integrationId","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"anyOf":[{"example":{"broker":{"enabled":true},"type":"github"},"properties":{"broker":{"description":"brokered integration settings","properties":{"enabled":{"type":"boolean"}},"type":"object"},"type":{"description":"integration type","enum":["acr","artifactory-cr","azure-repos","bitbucket-cloud","bitbucket-server","digitalocean-cr","docker-hub","ecr","gcr","github","github-cr","github-enterprise","gitlab","gitlab-cr","google-artifact-cr","harbor-cr","nexus-cr","quay-cr"],"type":"string"}},"required":["type","broker"],"type":"object"},{"example":{"credentials":{"token":"GITLAB_TOKEN"},"type":"gitlab"},"properties":{"credentials":{"description":"credentials for given integration","oneOf":[{"properties":{"AcrCredentials":{"properties":{"password":{"type":"string"},"registryBase":{"description":"e.g.: `name.azurecr.io`","type":"string"},"username":{"type":"string"}},"required":["username","password","registryBase"],"type":"object"}}},{"properties":{"ArtifactoryCrCredentials":{"properties":{"password":{"type":"string"},"registryBase":{"description":"e.g.: `name.jfrog.io`","type":"string"},"username":{"type":"string"}},"required":["username","password","registryBase"],"type":"object"}}},{"properties":{"AzureReposCredentials":{"properties":{"url":{"type":"string"},"username":{"type":"string"}},"required":["username","url"],"type":"object"}}},{"properties":{"BitbucketCloudCredentials":{"properties":{"password":{"type":"string"},"username":{"type":"string"}},"required":["username","password"],"type":"object"}}},{"properties":{"BitbucketServerCredentials":{"properties":{"password":{"type":"string"},"url":{"type":"string"},"username":{"type":"string"}},"required":["username","password","url"],"type":"object"}}},{"properties":{"DigitalOceanCrCredentials":{"properties":{"token":{"description":"Personal Access Token","type":"string"}},"required":["token"],"type":"object"}}},{"properties":{"DockerHubCredentials":{"properties":{"password":{"description":"Access Token","type":"string"},"username":{"type":"string"}},"required":["username","password"],"type":"object"}}},{"properties":{"EcrCredentials":{"properties":{"region":{"description":"e.g.: `eu-west-3`","type":"string"},"roleArn":{"description":"e.g.: `arn:aws:iam:::role/`","type":"string"}},"required":["region","roleArn"],"type":"object"}}},{"properties":{"GcrCredentials":{"properties":{"password":{"description":"JSON key file","type":"string"},"registryBase":{"description":"e.g.: `gcr.io`, `us.gcr.io`, `eu.gcr.io`, `asia.gcr.io`","type":"string"}},"required":["password","registryBase"],"type":"object"}}},{"properties":{"GitHubCredentials":{"properties":{"token":{"type":"string"}},"required":["token"],"type":"object"}}},{"properties":{"GitHubCrCredentials":{"properties":{"password":{"type":"string"},"registryBase":{"description":"e.g.: `ghcr.io`","type":"string"},"username":{"type":"string"}},"required":["username","password","registryBase"],"type":"object"}}},{"properties":{"GitHubEnterpriseCredentials":{"properties":{"token":{"type":"string"},"url":{"type":"string"}},"required":["token","url"],"type":"object"}}},{"properties":{"GitLabCredentials":{"properties":{"token":{"type":"string"},"url":{"description":"for self-hosted GitLab only","type":"string"}},"required":["token"],"type":"object"}}},{"properties":{"GitLabCrCredentials":{"properties":{"password":{"type":"string"},"registryBase":{"description":"e.g.: `your.gitlab.host`","type":"string"},"username":{"type":"string"}},"required":["username","password","registryBase"],"type":"object"}}},{"properties":{"GoogleArtifactCrCredentials":{"properties":{"password":{"description":"JSON key file","type":"string"},"registryBase":{"description":"e.g.: `us-east1-docker.pkg.dev`, `europe-west1-docker.pkg.dev`","type":"string"}},"required":["password","registryBase"],"type":"object"}}},{"properties":{"HarborCrCredentials":{"properties":{"password":{"type":"string"},"registryBase":{"description":"e.g.: `your.harbor.host`","type":"string"},"username":{"type":"string"}},"required":["username","password","registryBase"],"type":"object"}}},{"properties":{"NexusCrCredentials":{"properties":{"password":{"type":"string"},"registryBase":{"description":"e.g.: `your.nexus.host`","type":"string"},"username":{"type":"string"}},"required":["username","password","registryBase"],"type":"object"}}},{"properties":{"QuayCrCredentials":{"properties":{"password":{"type":"string"},"registryBase":{"description":"e.g.: `quay.io`, `your.quay.host`","type":"string"},"username":{"type":"string"}},"required":["username","password","registryBase"],"type":"object"}}}],"properties":{},"type":"object"},"type":{"description":"integration type","enum":["acr","artifactory-cr","azure-repos","bitbucket-cloud","bitbucket-server","digitalocean-cr","docker-hub","ecr","gcr","github","github-cr","github-enterprise","gitlab","gitlab-cr","google-artifact-cr","harbor-cr","nexus-cr","quay-cr"],"type":"string"}},"required":["type","credentials"],"type":"object"},{"example":{"broker":{"enabled":false},"credentials":{"token":"GITHUB_TOKEN"},"type":"github"},"properties":{"broker":{"description":"brokered integration settings","properties":{"enabled":{"type":"boolean"}},"type":"object"},"credentials":{"description":"credentials for given integration","oneOf":[{"properties":{"AcrCredentials":{"properties":{"password":{"type":"string"},"registryBase":{"description":"e.g.: `name.azurecr.io`","type":"string"},"username":{"type":"string"}},"required":["username","password","registryBase"],"type":"object"}}},{"properties":{"ArtifactoryCrCredentials":{"properties":{"password":{"type":"string"},"registryBase":{"description":"e.g.: `name.jfrog.io`","type":"string"},"username":{"type":"string"}},"required":["username","password","registryBase"],"type":"object"}}},{"properties":{"AzureReposCredentials":{"properties":{"url":{"type":"string"},"username":{"type":"string"}},"required":["username","url"],"type":"object"}}},{"properties":{"BitbucketCloudCredentials":{"properties":{"password":{"type":"string"},"username":{"type":"string"}},"required":["username","password"],"type":"object"}}},{"properties":{"BitbucketServerCredentials":{"properties":{"password":{"type":"string"},"url":{"type":"string"},"username":{"type":"string"}},"required":["username","password","url"],"type":"object"}}},{"properties":{"DigitalOceanCrCredentials":{"properties":{"token":{"description":"Personal Access Token","type":"string"}},"required":["token"],"type":"object"}}},{"properties":{"DockerHubCredentials":{"properties":{"password":{"description":"Access Token","type":"string"},"username":{"type":"string"}},"required":["username","password"],"type":"object"}}},{"properties":{"EcrCredentials":{"properties":{"region":{"description":"e.g.: `eu-west-3`","type":"string"},"roleArn":{"description":"e.g.: `arn:aws:iam:::role/`","type":"string"}},"required":["region","roleArn"],"type":"object"}}},{"properties":{"GcrCredentials":{"properties":{"password":{"description":"JSON key file","type":"string"},"registryBase":{"description":"e.g.: `gcr.io`, `us.gcr.io`, `eu.gcr.io`, `asia.gcr.io`","type":"string"}},"required":["password","registryBase"],"type":"object"}}},{"properties":{"GitHubCredentials":{"properties":{"token":{"type":"string"}},"required":["token"],"type":"object"}}},{"properties":{"GitHubCrCredentials":{"properties":{"password":{"type":"string"},"registryBase":{"description":"e.g.: `ghcr.io`","type":"string"},"username":{"type":"string"}},"required":["username","password","registryBase"],"type":"object"}}},{"properties":{"GitHubEnterpriseCredentials":{"properties":{"token":{"type":"string"},"url":{"type":"string"}},"required":["token","url"],"type":"object"}}},{"properties":{"GitLabCredentials":{"properties":{"token":{"type":"string"},"url":{"description":"for self-hosted GitLab only","type":"string"}},"required":["token"],"type":"object"}}},{"properties":{"GitLabCrCredentials":{"properties":{"password":{"type":"string"},"registryBase":{"description":"e.g.: `your.gitlab.host`","type":"string"},"username":{"type":"string"}},"required":["username","password","registryBase"],"type":"object"}}},{"properties":{"GoogleArtifactCrCredentials":{"properties":{"password":{"description":"JSON key file","type":"string"},"registryBase":{"description":"e.g.: `us-east1-docker.pkg.dev`, `europe-west1-docker.pkg.dev`","type":"string"}},"required":["password","registryBase"],"type":"object"}}},{"properties":{"HarborCrCredentials":{"properties":{"password":{"type":"string"},"registryBase":{"description":"e.g.: `your.harbor.host`","type":"string"},"username":{"type":"string"}},"required":["username","password","registryBase"],"type":"object"}}},{"properties":{"NexusCrCredentials":{"properties":{"password":{"type":"string"},"registryBase":{"description":"e.g.: `your.nexus.host`","type":"string"},"username":{"type":"string"}},"required":["username","password","registryBase"],"type":"object"}}},{"properties":{"QuayCrCredentials":{"properties":{"password":{"type":"string"},"registryBase":{"description":"e.g.: `quay.io`, `your.quay.host`","type":"string"},"username":{"type":"string"}},"required":["username","password","registryBase"],"type":"object"}}}],"properties":{},"type":"object"},"type":{"description":"integration type","enum":["acr","artifactory-cr","azure-repos","bitbucket-cloud","bitbucket-server","digitalocean-cr","docker-hub","ecr","gcr","github","github-cr","github-enterprise","gitlab","gitlab-cr","google-artifact-cr","harbor-cr","nexus-cr","quay-cr"],"type":"string"}},"required":["type","broker","credentials"],"type":"object"}]}}}},"responses":{"200":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":{"id":"9a3e5d90-b782-468a-a042-9a2073736f0b"}}}}},"description":"OK","headers":{}}},"summary":"Update existing integration","tags":["Integrations"]}},"/org/{orgId}/integrations/{integrationId}/authentication":{"delete":{"description":"Removes any credentials set for this integration. If this is a brokered connection the operation will have no effect.","operationId":"Delete credentials","parameters":[{"description":"The organization ID. The `API_KEY` must have access to this organization.","example":"4a18d42f-0706-4ad0-b127-24078731fbed","in":"path","name":"orgId","required":true,"schema":{"type":"string"}},{"description":"The integration ID.","example":"4a18d42f-0706-4ad0-b127-24078731fbed","in":"path","name":"integrationId","required":true,"schema":{"type":"string"}}],"responses":{"200":{"description":"OK","headers":{}}},"summary":"Delete credentials","tags":["Integrations"]}},"/org/{orgId}/integrations/{integrationId}/authentication/provision-token":{"post":{"description":"Issue a new and unique provisional broker token for the brokered integration.\n\nUsed for zero down-time token rotation with the Snyk Broker. Once provisioned, the token can be used to initialize a new broker client before using the switch API to update the token in use by the integration.\n\nThe new provisional token will fail to be created if the integration, or any other integration in the same group, already has one provisioned.","operationId":"Provision new broker token","parameters":[{"description":"The `API_KEY` must have access to this organization.","example":"4a18d42f-0706-4ad0-b127-24078731fbed","in":"path","name":"orgId","required":true,"schema":{"type":"string"}},{"description":"","example":"4a18d42f-0706-4ad0-b127-24078731fbed","in":"path","name":"integrationId","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":{"id":"9a3e5d90-b782-468a-a042-9a2073736f0b","provisionalBrokerToken":"4a18d42f-0706-4ad0-b127-24078731fbed"}}}}},"description":"OK","headers":{}}},"summary":"Provision new broker token","tags":["Integrations"]}},"/org/{orgId}/integrations/{integrationId}/authentication/switch-token":{"post":{"description":"Switch the existing broker token with the provisioned token for this integration and any other in the same group.\nOnly perform this action when you have a Broker client running with the provisioned token.\nThis action will fail if there is no token provisioned for this integration or any integration in the same group.","operationId":"Switch between broker tokens","parameters":[{"description":"The `API_KEY` must have access to this organization.","example":"4a18d42f-0706-4ad0-b127-24078731fbed","in":"path","name":"orgId","required":true,"schema":{"type":"string"}},{"description":"","example":"4a18d42f-0706-4ad0-b127-24078731fbed","in":"path","name":"integrationId","required":true,"schema":{"type":"string"}}],"responses":{"200":{"description":"OK","headers":{}}},"summary":"Switch between broker tokens","tags":["Integrations"]}},"/org/{orgId}/integrations/{integrationId}/clone":{"post":{"description":"Clone an integration, including all of its settings and credentials from one organization to another organization in the same group.\nThis API supports both brokered and non-brokered integrations.\n\nUse this API for when you want to share a Broker token between several Snyk organizations (integrations).","operationId":"Clone an integration (with settings and credentials)","parameters":[{"description":"Source organization public ID to clone integration settings from. The `API_KEY` must have access to this organization.","example":"4a18d42f-0706-4ad0-b127-24078731fbed","in":"path","name":"orgId","required":true,"schema":{"type":"string"}},{"description":"Source integration public ID to clone.","example":"4a18d42f-0706-4ad0-b127-24078731fbed","in":"path","name":"integrationId","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"example":{"destinationOrgPublicId":"9a3e5d90-b782-468a-a042-9a2073736f0b1"},"properties":{"destinationOrgPublicId":{"description":"The organization public ID. The `API_KEY` must have access to this organization.","type":"string"}},"required":["destinationOrgPublicId"],"type":"object"}}}},"responses":{"200":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":{"newIntegrationId":"9a3e5d90-b782-468a-a042-9a2073736f0b"}}}}},"description":"OK","headers":{}}},"summary":"Clone an integration (with settings and credentials)","tags":["Integrations"]}},"/org/{orgId}/integrations/{integrationId}/import":{"post":{"description":"","operationId":"Import targets","parameters":[{"description":"The organization ID. The `API_KEY` must have admin access to this organization.","example":"4a18d42f-0706-4ad0-b127-24078731fbed","in":"path","name":"orgId","required":true,"schema":{"type":"string"}},{"description":"The unique identifier for the configured integration. This can be found on the [Integration page in the Settings area](https://app.snyk.io/manage/integrations) for all integrations that have been configured.","example":"9a3e5d90-b782-468a-a042-9a2073736f0b","in":"path","name":"integrationId","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"anyOf":[{"example":{"files":[{"path":"example/package.json"}],"target":{"branch":"main","name":"goof","owner":"org-security"}},"properties":{"exclusionGlobs":{"description":"a comma-separated list of up to 10 folder names to exclude from scanning (each folder name must not exceed 100 characters). If not specified, it will default to \"fixtures, tests, \\_\\_tests\\_\\_, node_modules\". If an empty string is provided - no folders will be excluded. This attribute is only respected with Open Source and Container scan targets.","type":"string"},"files":{"description":"an array of file objects","items":{},"type":"array"},"target":{"properties":{"branch":{"description":"default branch of the repo (Please contact support if you want to import a non default repo branch)","type":"string"},"name":{"description":"name of the repo","type":"string"},"owner":{"description":"for Github: account owner of the repository; for Azure Repos, this is `Project ID`","type":"string"}},"required":["owner","name","branch"],"type":"object"}},"type":"object"},{"example":{"files":[{"path":"example/package.json"}],"target":{"branch":"develop","id":11}},"properties":{"exclusionGlobs":{"description":"a comma-separated list of up to 10 folder names to exclude from scanning. If not specified, it will default to \"fixtures, tests, \\_\\_tests\\_\\_, node_modules\". If an empty string is provided - no folders will be excluded. This attribute is only respected with Open Source and Container scan targets.","type":"string"},"files":{"description":"an array of file objects","items":{},"type":"array"},"target":{"properties":{"branch":{"description":"repo branch","type":"string"},"id":{"description":"id of the repo","type":"number"}},"required":["id","branch"],"type":"object"}},"type":"object"},{"example":{"files":[{"path":"example/package.json"}],"target":{"name":"goof","owner":"org-security"}},"properties":{"exclusionGlobs":{"description":"a comma-separated list of up to 10 folder names to exclude from scanning (each folder name must not exceed 100 characters). If not specified, it will default to \"fixtures, tests, \\_\\_tests\\_\\_, node_modules\". If an empty string is provided - no folders will be excluded. This attribute is only respected with Open Source and Container scan targets.","type":"string"},"files":{"description":"an array of file objects","items":{},"type":"array"},"target":{"properties":{"name":{"description":"name of the repo","type":"string"},"owner":{"description":"this is the `Workspace ID`","type":"string"}},"required":["owner","name"],"type":"object"}},"type":"object"},{"example":{"files":[{"path":"example/package.json"}],"target":{"projectKey":"SNYK_REPOS","repoSlug":"test"}},"properties":{"exclusionGlobs":{"description":"a comma-separated list of up to 10 folder names to exclude from scanning. If not specified, it will default to \"fixtures, tests, \\_\\_tests\\_\\_, node_modules\". If an empty string is provided - no folders will be excluded. This attribute is only respected with Open Source and Container scan targets.","type":"string"},"files":{"description":"an array of file objects","items":{},"type":"array"},"target":{"properties":{"branch":{"description":"target branch name","type":"string"},"name":{"description":"custom name for the project","type":"string"},"projectKey":{"description":"project key","type":"string"},"repoSlug":{"description":"slug of the repo","type":"string"}},"required":["projectKey","repoSlug"],"type":"object"}},"type":"object"},{"example":{"files":[{"path":""}],"target":{"appId":"","slugId":""}},"properties":{"files":{"description":"an array of file objects","items":{},"type":"array"},"target":{"properties":{"appId":{"description":"ID of the app","type":"string"},"slugId":{"description":"ID of the slug","type":"string"}},"required":["appId","slugId"],"type":"object"}},"type":"object"},{"example":{"files":[{"path":""}],"target":{"functionId":""}},"properties":{"files":{"description":"an array of file objects","items":{},"type":"array"},"target":{"properties":{"functionId":{"description":"ID of the app","type":"string"}},"required":["functionId"],"type":"object"}},"type":"object"},{"example":{"files":[{"path":""}],"target":{"appId":""}},"properties":{"files":{"description":"an array of file objects","items":{},"type":"array"},"target":{"properties":{"appId":{"description":"ID of the app","type":"string"}},"required":["appId"],"type":"object"}},"type":"object"},{"example":{"target":{"name":"organization/repository:tag"}},"properties":{"target":{"properties":{"name":{"description":"image name including tag prefixed by organization name","type":"string"}},"required":["name"],"type":"object"}},"type":"object"},{"example":{"target":{"name":"repository:tag"}},"properties":{"target":{"properties":{"name":{"description":"image name including tag","type":"string"}},"required":["name"],"type":"object"}},"type":"object"},{"example":{"target":{"name":"project/repository:tag"}},"properties":{"target":{"properties":{"name":{"description":"image name including tag prefixed by project id or project name","type":"string"}},"required":["name"],"type":"object"}},"type":"object"}]}}}},"responses":{"201":{"description":"Created","headers":{"Location":{"schema":{"type":"string"}}}}},"summary":"Import targets","tags":["Import Projects"]}},"/org/{orgId}/integrations/{integrationId}/import/{jobId}":{"get":{"description":"","operationId":"Get import job details","parameters":[{"description":"The organization ID. The `API_KEY` must have admin access to this organization.","example":"4a18d42f-0706-4ad0-b127-24078731fbed","in":"path","name":"orgId","required":true,"schema":{"type":"string"}},{"description":"The unique identifier for the configured integration. This can be found on the [Integration page in the Settings area](https://app.snyk.io/manage/integrations) for all integrations that have been configured.","example":"9a3e5d90-b782-468a-a042-9a2073736f0b","in":"path","name":"integrationId","required":true,"schema":{"type":"string"}},{"description":"The ID of the job. This can be found in the Location response header from the corresponding POST request that triggered the import job.","example":"1a325d9d-b782-468a-a242-9a2073734f0b","in":"path","name":"jobId","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":{"created":"2025-08-15T13:51:54.388Z","id":"dce061f7-ce0f-4ccf-b49b-4335d1205bd9","logs":[{"created":"2025-08-15T13:51:54.388Z","name":"org1/repo1","projects":[],"status":"failed"},{"created":"2025-08-15T13:51:54.388Z","name":"org2/repo2","projects":[{"projectUrl":"https://snyk.io/org/org-name/project/7eeaee25-5f9b-4d05-8818-4cca2c9d9adc","success":true,"targetFile":"package.json"}],"status":"complete"},{"created":"2025-08-15T13:51:54.388Z","name":"org3/repo3","projects":[{"projectUrl":"https://snyk.io/org/org-name/project/0382897c-0617-4429-86df-51187dfd42f6","success":true,"targetFile":"package.json"}],"status":"pending"}],"status":"pending"}}},"schema":{"properties":{"created":{"description":"the time when an import job was created represented as a [UTC (ISO-8601)](https://tools.ietf.org/html/rfc3339) string","type":"string"},"id":{"description":"A uuid representing the job's id","type":"string"},"logs":{"description":"all organizations imported by the job","items":{},"type":"array"},"status":{"description":"a string representing the status of a job.\n\nOne of: pending, failed, aborted or complete.","type":"string"}},"type":"object"}}},"description":"OK","headers":{}}},"summary":"Get import job details","tags":["Import Projects"]}},"/org/{orgId}/integrations/{integrationId}/settings":{"get":{"description":"","operationId":"Retrieve","parameters":[{"description":"The organization ID. The `API_KEY` must have admin access to this organization.","example":"4a18d42f-0706-4ad0-b127-24078731fbed","in":"path","name":"orgId","required":true,"schema":{"type":"string"}},{"description":"The unique identifier for the configured integration. This can be found on the [Integration page in the Settings area](https://app.snyk.io/manage/integrations) for all integrations that have been configured.","example":"9a3e5d90-b782-468a-a042-9a2073736f0b","in":"path","name":"integrationId","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"*/*":{"schema":{"properties":{"autoDepUpgradeEnabled":{"description":"Defines if the functionality is enabled","type":"boolean"},"autoDepUpgradeIgnoredDependencies":{"description":"A list of strings defining what dependencies should be ignored","items":{},"type":"array"},"autoDepUpgradeLimit":{"description":"A limit on how many automatic dependency upgrade PRs can be opened simultaneously","type":"number"},"autoDepUpgradeMinAge":{"description":"The age (in days) that an automatic dependency check is valid for","type":"number"},"autoRemediationPrs":{"description":"Defines automatic remediation policies","properties":{"backlogPrsEnabled":{"description":"If true, allows automatic remediation of prioritized backlog issues","type":"boolean"},"freshPrsEnabled":{"description":"If true, allows automatic remediation of newly identified issues, or older issues where a fix has been identified","type":"boolean"},"usePatchRemediation":{"description":"If true, allows using patched remediation","type":"boolean"}},"type":"object"},"dockerfileSCMEnabled":{"description":"If true, will automatically detect and scan Dockerfiles in your Git repositories, surface base image vulnerabilities and recommend possible fixes","type":"boolean"},"manualRemediationPrs":{"description":"Defines manual remediation policies","properties":{"usePatchRemediation":{"description":"If true, allows using patched remediation","type":"boolean"}},"type":"object"},"pullRequestAssignment":{"description":"assign Snyk pull requests","properties":{"assignees":{"description":"an array of usernames that have contributed to the organization's project(s).","items":{},"type":"array"},"enabled":{"description":"if the organization's project(s) will assign Snyk pull requests.","type":"boolean"},"type":{"description":"a string representing the type of assignment your projects require.","enum":["auto","manual"],"type":"string"}},"type":"object"},"pullRequestFailOnAnyVulns":{"description":"If an opened PR should fail to be validated if any vulnerable dependencies have been detected","type":"boolean"},"pullRequestFailOnlyForHighSeverity":{"description":"If an opened PR only should fail its validation if any dependencies are marked as being of high severity","type":"boolean"},"pullRequestTestEnabled":{"description":"If opened PRs should be tested","type":"boolean"}},"type":"object"}}},"description":"OK","headers":{}}},"summary":"Retrieve","tags":["Integrations"]},"put":{"description":"","operationId":"Update","parameters":[{"description":"The organization ID. The `API_KEY` must have admin access to this organization.","example":"4a18d42f-0706-4ad0-b127-24078731fbed","in":"path","name":"orgId","required":true,"schema":{"type":"string"}},{"description":"The unique identifier for the configured integration. This can be found on the [Integration page in the Settings area](https://app.snyk.io/manage/integrations) for all integrations that have been configured.","example":"9a3e5d90-b782-468a-a042-9a2073736f0b","in":"path","name":"integrationId","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"example":{"autoDepUpgradeEnabled":false,"autoDepUpgradeIgnoredDependencies":[],"autoDepUpgradeLimit":2,"autoDepUpgradeMinAge":21,"autoRemediationPrs":{"backlogPrsEnabled":false,"freshPrsEnabled":true,"usePatchRemediation":false},"dockerfileSCMEnabled":true,"manualRemediationPrs":{"useManualPatchRemediation":false},"pullRequestAssignment":{"assignees":["username"],"enabled":true,"type":"manual"},"pullRequestFailOnAnyVulns":false,"pullRequestFailOnlyForHighSeverity":true,"pullRequestTestEnabled":true},"properties":{"autoDepUpgradeEnabled":{"description":"Defines if the functionality is enabled","type":"boolean"},"autoDepUpgradeIgnoredDependencies":{"description":"A list of strings defining what dependencies should be ignored","items":{},"type":"array"},"autoDepUpgradeLimit":{"description":"A limit on how many automatic dependency upgrade PRs can be opened simultaneously","type":"number"},"autoDepUpgradeMinAge":{"description":"The age (in days) that an automatic dependency check is valid for","type":"number"},"autoRemediationPrs":{"description":"Defines automatic remediation policies","properties":{"backlogPrsEnabled":{"description":"If true, allows automatic remediation of prioritized backlog issues","type":"boolean"},"freshPrsEnabled":{"description":"If true, allows automatic remediation of newly identified issues, or older issues where a fix has been identified","type":"boolean"},"usePatchRemediation":{"description":"If true, allows using patched remediation","type":"boolean"}},"type":"object"},"dockerfileSCMEnabled":{"description":"If true, will automatically detect and scan Dockerfiles in your Git repositories, surface base image vulnerabilities and recommend possible fixes","type":"boolean"},"manualRemediationPrs":{"description":"Defines manual remediation policies","properties":{"usePatchRemediation":{"description":"If true, allows using patched remediation","type":"boolean"}},"type":"object"},"pullRequestAssignment":{"description":"assign Snyk pull requests","properties":{"assignees":{"description":"an array of usernames that have contributed to the organization's project(s).","items":{},"type":"array"},"enabled":{"description":"if the organization's project(s) will assign Snyk pull requests.","type":"boolean"},"type":{"description":"a string representing the type of assignment your projects require.","enum":["auto","manual"],"type":"string"}},"type":"object"},"pullRequestFailOnAnyVulns":{"description":"If an opened PR should fail to be validated if any vulnerable dependencies have been detected","type":"boolean"},"pullRequestFailOnlyForHighSeverity":{"description":"If an opened PR only should fail its validation if any dependencies are marked as being of high severity","type":"boolean"},"pullRequestTestEnabled":{"description":"If opened PRs should be tested","type":"boolean"}},"type":"object"}}}},"responses":{"200":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":{"autoDepUpgradeEnabled":false,"autoDepUpgradeIgnoredDependencies":[],"autoDepUpgradeLimit":2,"autoDepUpgradeMinAge":21,"autoRemediationPrs":{"backlogPrsEnabled":false,"freshPrsEnabled":true,"usePatchRemediation":false},"dockerfileSCMEnabled":true,"manualRemediationPrs":{"useManualPatchRemediation":false},"pullRequestAssignment":{"assignees":["username"],"enabled":true,"type":"manual"},"pullRequestFailOnAnyVulns":false,"pullRequestFailOnlyForHighSeverity":true,"pullRequestTestEnabled":true}}},"schema":{"properties":{"autoDepUpgradeEnabled":{"description":"Defines if the functionality is enabled","type":"boolean"},"autoDepUpgradeIgnoredDependencies":{"description":"A list of strings defining what dependencies should be ignored","items":{},"type":"array"},"autoDepUpgradeLimit":{"description":"A limit on how many automatic dependency upgrade PRs can be opened simultaneously","type":"number"},"autoDepUpgradeMinAge":{"description":"The age (in days) that an automatic dependency check is valid for","type":"number"},"autoRemediationPrs":{"description":"Defines automatic remediation policies","properties":{"backlogPrsEnabled":{"description":"If true, allows automatic remediation of prioritized backlog issues","type":"boolean"},"freshPrsEnabled":{"description":"If true, allows automatic remediation of newly identified issues, or older issues where a fix has been identified","type":"boolean"},"usePatchRemediation":{"description":"If true, allows using patched remediation","type":"boolean"}},"type":"object"},"dockerfileSCMEnabled":{"description":"If true, will automatically detect and scan Dockerfiles in your Git repositories, surface base image vulnerabilities and recommend possible fixes","type":"boolean"},"manualRemediationPrs":{"description":"Defines manual remediation policies","properties":{"usePatchRemediation":{"description":"If true, allows using patched remediation","type":"boolean"}},"type":"object"},"pullRequestAssignment":{"description":"assign Snyk pull requests","properties":{"assignees":{"description":"an array of usernames that have contributed to the organization's project(s).","items":{},"type":"array"},"enabled":{"description":"if the organization's project(s) will assign Snyk pull requests.","type":"boolean"},"type":{"description":"a string representing the type of assignment your projects require.","enum":["auto","manual"],"type":"string"}},"type":"object"},"pullRequestFailOnAnyVulns":{"description":"If an opened PR should fail to be validated if any vulnerable dependencies have been detected","type":"boolean"},"pullRequestFailOnlyForHighSeverity":{"description":"If an opened PR only should fail its validation if any dependencies are marked as being of high severity","type":"boolean"},"pullRequestTestEnabled":{"description":"If opened PRs should be tested","type":"boolean"}},"type":"object"}}},"description":"OK","headers":{}}},"summary":"Update","tags":["Integrations"]}},"/org/{orgId}/integrations/{type}":{"get":{"description":"","operationId":"Get existing integration by type","parameters":[{"description":"The `API_KEY` must have admin access to this organization.","example":"4a18d42f-0706-4ad0-b127-24078731fbed","in":"path","name":"orgId","required":true,"schema":{"type":"string"}},{"description":"Integration type.","example":"github","in":"path","name":"type","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":{"id":"9a3e5d90-b782-468a-a042-9a2073736f0b"}}},"schema":{"properties":{"id":{"description":"Alphanumeric UUID including - with a limit of 36 characters","type":"string"}},"type":"object"}}},"description":"OK","headers":{}}},"summary":"Get existing integration by type","tags":["Integrations"]}},"/org/{orgId}/invite":{"post":{"description":"","operationId":"Invite users","parameters":[{"description":"The organization ID. The `API_KEY` must have admin access to this organization.","example":"4a18d42f-0706-4ad0-b127-24078731fbed","in":"path","name":"orgId","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"example":{"email":""},"properties":{"email":{"description":"The email of the user.","type":"string"},"isAdmin":{"description":"(optional) Set the role as admin.","type":"boolean"}},"type":"object"}}}},"responses":{"200":{"description":"OK","headers":{}}},"summary":"Invite users","tags":["Organizations"]}},"/org/{orgId}/licenses":{"post":{"description":"","operationId":"List all licenses","parameters":[{"description":"The organization ID to list projects for. The `API_KEY` must have access to this organization.","example":"4a18d42f-0706-4ad0-b127-24078731fbed","in":"path","name":"orgId","required":true,"schema":{"type":"string"}},{"description":"The field to sort results by.","example":"license","in":"query","name":"sortBy","required":false,"schema":{"default":"license","enum":["license","dependencies","projects","severity"],"type":"string"}},{"description":"The direction to sort results by.","in":"query","name":"order","required":false,"schema":{"default":"asc","enum":["asc","desc"],"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"example":{"filters":{"dependencies":[],"languages":["node","ruby","java"],"licenses":[],"projects":[],"severity":["none","high","medium","low"]}},"properties":{"filters":{"properties":{"dependencies":{"description":"The list of dependency IDs to filter the results by"},"languages":{"description":"The type of languages to filter the results by","items":{},"type":"array"},"licenses":{"description":"The list of license IDs to filter the results by"},"projects":{"description":"The list of project IDs to filter the results by"},"severity":{"description":"The severities to filter the results by","items":{},"type":"array"}},"type":"object"}},"type":"object"}}}},"responses":{"200":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":{"results":[{"dependencies":[{"id":"accepts@1.0.0","name":"accepts","packageManager":"npm","version":"1.0.0"}],"id":"MIT","instructions":"","projects":[{"id":"6d5813be-7e6d-4ab8-80c2-1e3e2a454545","name":"atokeneduser/goof"}],"severity":"none"}],"total":1}}},"schema":{"properties":{"results":{"description":"A list of licenses","items":{"properties":{"dependencies":{"description":"The dependencies of projects in the organization which have the license","items":{"properties":{"id":{"description":"The identifier of the package","type":"string"},"name":{"description":"The name of the package","type":"string"},"packageManager":{"description":"The package manager of the dependency","type":"string"},"version":{"description":"The version of the package","type":"string"}},"required":["id","name","version","packageManager"],"type":"object"},"type":"array"},"id":{"description":"The identifier of the license","type":"string"},"instructions":{"description":"Custom instructions assigned to this license","type":"string"},"projects":{"description":"The projects which contain the license","items":{"properties":{"id":{"description":"The identifier of the project","type":"string"},"name":{"description":"The name of the project","type":"string"}},"required":["id","name"],"type":"object"},"type":"array"},"severity":{"description":"The severity assigned to this license","enum":["none","high","medium","low"],"type":"string"}},"required":["id","dependencies","projects"],"type":"object"},"type":"array"},"total":{"description":"The number of results returned","type":"number"}},"required":["results"],"type":"object"}}},"description":"OK","headers":{}}},"summary":"List all licenses","tags":["Licenses"]}},"/org/{orgId}/members":{"get":{"description":"","operationId":"List Members","parameters":[{"description":"The organization ID.","example":"4a18d42f-0706-4ad0-b127-24078731fbed","in":"path","name":"orgId","required":true,"schema":{"type":"string"}},{"description":"Include group administrators who also have access to this organization.","example":"true","in":"query","name":"includeGroupAdmins","required":false,"schema":{"default":"false","type":"boolean"}}],"responses":{"200":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":[{"email":"","id":"","name":"","role":"","username":""}]}},"schema":{"items":{},"type":"array"}}},"description":"OK","headers":{}}},"summary":"List Members","tags":["Organizations"]}},"/org/{orgId}/members/update/{userId}":{"put":{"description":"","operationId":"Update a member's role in the organization","parameters":[{"description":"The organization ID. The `API_KEY` must have admin access to this organization.","example":"4a18d42f-0706-4ad0-b127-24078731fbed","in":"path","name":"orgId","required":true,"schema":{"type":"string"}},{"description":"The user ID.","example":"4a18d42f-0706-4ad0-b127-24078731fbed","in":"path","name":"userId","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"example":{"rolePublicId":""},"properties":{"rolePublicId":{"description":"The new role public ID to update the user to.","type":"string"}},"type":"object"}}}},"responses":{"200":{"description":"OK","headers":{}}},"summary":"Update a member's role in the organization","tags":["Organizations"]}},"/org/{orgId}/members/{userId}":{"delete":{"description":"","operationId":"Remove a member from the organization","parameters":[{"description":"The organization ID. The `API_KEY` must admin have access to this organization.","example":"4a18d42f-0706-4ad0-b127-24078731fbed","in":"path","name":"orgId","required":true,"schema":{"type":"string"}},{"description":"The user ID we want to remove.","example":"4a18d42f-0706-4ad0-b127-24078731fbed","in":"path","name":"userId","required":true,"schema":{"type":"string"}}],"responses":{"200":{"description":"OK","headers":{}}},"summary":"Remove a member from the organization","tags":["Organizations"]},"put":{"description":"","operationId":"Update a member in the organization","parameters":[{"description":"The organization ID. The `API_KEY` must have admin access to this organization.","example":"4a18d42f-0706-4ad0-b127-24078731fbed","in":"path","name":"orgId","required":true,"schema":{"type":"string"}},{"description":"The user ID.","example":"4a18d42f-0706-4ad0-b127-24078731fbed","in":"path","name":"userId","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"example":{"role":""},"properties":{"role":{"description":"The new role of the user, \"admin\" or \"collaborator\".","type":"string"}},"type":"object"}}}},"responses":{"200":{"description":"OK","headers":{}}},"summary":"Update a member in the organization","tags":["Organizations"]}},"/org/{orgId}/notification-settings":{"get":{"description":"","parameters":[{"description":"The organization ID. The `API_KEY` must have access to this organization.","example":"4a18d42f-0706-4ad0-b127-24078731fbed","in":"path","name":"orgId","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":{"new-issues-remediations":{"enabled":true,"inherited":false,"issueSeverity":"high","issueType":"vuln"},"project-imported":{"enabled":true,"inherited":false},"test-limit":{"enabled":true,"inherited":false},"weekly-report":{"enabled":true,"inherited":false}}}},"schema":{"properties":{"new-issues-remediations":{"properties":{"enabled":{"description":"Whether notifications should be sent","type":"boolean"},"inherited":{"description":"Whether the setting was found on the requested context directly or inherited from a parent","type":"boolean"},"issueSeverity":{"description":"The severity levels of issues to send notifications for (only applicable for `new-remediations-vulnerabilities` notificationType)","enum":["all","high"],"type":"string"},"issueType":{"description":"Filter the types of issue to include in notifications (only applicable for `new-remediations-vulnerabilities` notificationType)","enum":["all","vuln","license","none"],"type":"string"}},"required":["enabled","issueSeverity","issueType"],"type":"object"},"project-imported":{"properties":{"enabled":{"description":"Whether notifications should be sent","type":"boolean"},"inherited":{"description":"Whether the setting was found on the requested context directly or inherited from a parent","type":"boolean"}},"required":["enabled"],"type":"object"},"test-limit":{"properties":{"enabled":{"description":"Whether notifications should be sent","type":"boolean"},"inherited":{"description":"Whether the setting was found on the requested context directly or inherited from a parent","type":"boolean"}},"required":["enabled"],"type":"object"},"weekly-report":{"properties":{"enabled":{"description":"Whether notifications should be sent","type":"boolean"},"inherited":{"description":"Whether the setting was found on the requested context directly or inherited from a parent","type":"boolean"}},"required":["enabled"],"type":"object"}},"type":"object"}}},"description":"OK","headers":{}}},"summary":"Get organization notification settings","tags":["Organizations"]},"put":{"description":"","operationId":"Set notification settings","parameters":[{"description":"Automatically added","in":"path","name":"orgId","required":true,"schema":{"type":"string"}}],"requestBody":{"$ref":"#/components/requestBodies/Modify_organization_notification_settingsBody"},"responses":{"200":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":{"new-issues-remediations":{"enabled":true,"inherited":false,"issueSeverity":"high","issueType":"vuln"},"project-imported":{"enabled":true,"inherited":false},"test-limit":{"enabled":true,"inherited":false},"weekly-report":{"enabled":true,"inherited":false}}}},"schema":{"properties":{"new-issues-remediations":{"properties":{"enabled":{"description":"Whether notifications should be sent","type":"boolean"},"inherited":{"description":"Whether the setting was found on the requested context directly or inherited from a parent","type":"boolean"},"issueSeverity":{"description":"The severity levels of issues to send notifications for (only applicable for `new-remediations-vulnerabilities` notificationType)","enum":["all","high"],"type":"string"},"issueType":{"description":"Filter the types of issue to include in notifications (only applicable for `new-remediations-vulnerabilities` notificationType)","enum":["all","vuln","license","none"],"type":"string"}},"required":["enabled","issueSeverity","issueType"],"type":"object"},"project-imported":{"properties":{"enabled":{"description":"Whether notifications should be sent","type":"boolean"},"inherited":{"description":"Whether the setting was found on the requested context directly or inherited from a parent","type":"boolean"}},"required":["enabled"],"type":"object"},"test-limit":{"properties":{"enabled":{"description":"Whether notifications should be sent","type":"boolean"},"inherited":{"description":"Whether the setting was found on the requested context directly or inherited from a parent","type":"boolean"}},"required":["enabled"],"type":"object"},"weekly-report":{"properties":{"enabled":{"description":"Whether notifications should be sent","type":"boolean"},"inherited":{"description":"Whether the setting was found on the requested context directly or inherited from a parent","type":"boolean"}},"required":["enabled"],"type":"object"}},"type":"object"}}},"description":"OK","headers":{}}},"summary":"Set notification settings","tags":["Organizations"]}},"/org/{orgId}/project/{projectId}":{"delete":{"description":"","operationId":"Delete a project","parameters":[{"description":"Automatically added","in":"path","name":"orgId","required":true,"schema":{"type":"string"}},{"description":"Automatically added","in":"path","name":"projectId","required":true,"schema":{"type":"string"}}],"responses":{"200":{"description":"OK","headers":{}}},"summary":"Delete a project","tags":["Projects"]},"get":{"description":"","operationId":"Retrieve a single project","parameters":[{"description":"The organization ID the project belongs to. The `API_KEY` must have access to this organization.","example":"4a18d42f-0706-4ad0-b127-24078731fbed","in":"path","name":"orgId","required":true,"schema":{"type":"string"}},{"description":"The project ID.","example":"463c1ee5-31bc-428c-b451-b79a3270db08","in":"path","name":"projectId","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":{"attributes":{"criticality":["high"],"environment":["backend"],"lifecycle":["development"]},"branch":null,"browseUrl":"https://app.snyk.io/org/4a18d42f-0706-4ad0-b127-24078731fbed/project/af137b96-6966-46c1-826b-2e79ac49bbd9","created":"2025-08-15T13:51:54.389Z","hostname":null,"id":"af137b96-6966-46c1-826b-2e79ac49bbd9","imageBaseImage":"alpine:3","imageCluster":"Production","imageId":"sha256:caf27325b298a6730837023a8a342699c8b7b388b8d878966b064a1320043019","imagePlatform":"linux/arm64","imageTag":"latest","importingUser":{"email":"example-user@snyk.io","id":"e713cf94-bb02-4ea0-89d9-613cce0caed2","name":"example-user@snyk.io","username":"exampleUser"},"isMonitored":false,"issueCountsBySeverity":{"critical":3,"high":1,"low":13,"medium":8},"lastTestedDate":"2025-08-15T13:51:54.389Z","name":"snyk/goof","origin":"github","owner":null,"readOnly":false,"remediation":{"patch":{},"pin":{},"upgrade":{}},"remoteRepoUrl":"https://github.com/snyk/goof.git","tags":[{"key":"example-tag-key","value":"example-tag-value"}],"targetReference":null,"testFrequency":"daily","totalDependencies":42,"type":"maven"}}},"schema":{"properties":{"attributes":{"description":"Applied project attributes","properties":{"criticality":{"items":{},"type":"array"},"environment":{"items":{},"type":"array"},"lifecycle":{"items":{},"type":"array"}},"type":"object"},"branch":{"description":"The monitored branch (if available)","nullable":true,"type":"string"},"browseUrl":{"description":"URL with project overview","type":"string"},"created":{"description":"The date that the project was created on","type":"string"},"hostname":{"description":"The hostname for a CLI project, null if not set","nullable":true,"type":"string"},"id":{"description":"The project identifier","type":"string"},"imageBaseImage":{"description":"For docker projects shows the base image","type":"string"},"imageCluster":{"description":"For Kubernetes projects shows the origin cluster name","type":"string"},"imageId":{"description":"For docker projects shows the ID of the image","type":"string"},"imagePlatform":{"description":"For docker projects shows the platform of the image","type":"string"},"imageTag":{"description":"For docker projects shows the tag of the image","type":"string"},"importingUser":{"description":"The user who imported the project","properties":{"email":{"description":"The email of the user.","type":"string"},"id":{"description":"The ID of the user.","type":"string"},"name":{"description":"The name of the user.","type":"string"},"username":{"description":"The username of the user.","type":"string"}},"type":"object"},"isMonitored":{"description":"Describes if a project is currently monitored or it is de-activated","type":"boolean"},"issueCountsBySeverity":{"description":"Number of known vulnerabilities in the project, not including ignored issues","properties":{"critical":{"description":"Number of critical severity vulnerabilities","type":"number"},"high":{"description":"Number of high severity vulnerabilities","type":"number"},"low":{"description":"Number of low severity vulnerabilities","type":"number"},"medium":{"description":"Number of medium severity vulnerabilities","type":"number"}},"type":"object"},"lastTestedDate":{"description":"The date on which the most recent test was conducted for this project","type":"string"},"name":{"type":"string"},"origin":{"description":"The origin the project was added from","type":"string"},"owner":{"description":"The user who owns the project, null if not set\n\n{\n \"id\": \"e713cf94-bb02-4ea0-89d9-613cce0caed2\",\n \"name\": \"example-user@snyk.io\",\n \"username\": \"exampleUser\",\n \"email\": \"example-user@snyk.io\"\n}","nullable":true,"properties":{},"type":"object"},"readOnly":{"description":"Whether the project is read-only","type":"boolean"},"remediation":{"description":"Remediation data (if available)","properties":{"patch":{"description":"Recommended patches to apply to the project\n\n(object)\n paths (array) - List of paths to the vulnerable dependency that can be patched","properties":{},"type":"object"},"pin":{"description":"Recommended pins to apply to the project (Python only)\n\n(object)\n + upgradeTo (string, required) - `package@version` to upgrade to\n + vulns (array[string], required) - List of vulnerability ids that will be fixed as part of this upgrade\n + isTransitive (boolean) - Describes if the dependency to be pinned is a transitive dependency","properties":{},"type":"object"},"upgrade":{"description":"Recommended upgrades to apply to the project\n\n(object)\n + upgradeTo (string, required) - `package@version` to upgrade to\n + upgrades (array[string], required) - List of `package@version` that will be upgraded as part of this upgrade\n + vulns (array[string], required) - List of vulnerability ids that will be fixed as part of this upgrade","properties":{},"type":"object"}},"type":"object"},"remoteRepoUrl":{"description":"The project remote repository url. Only set for projects imported via the Snyk CLI tool.","type":"string"},"tags":{"description":"List of applied tags","items":{},"type":"array"},"targetReference":{"description":"The identifier for which revision of the resource is scanned by Snyk. For example this may be a branch for SCM project, or a tag for a container image","nullable":true,"type":"string"},"testFrequency":{"description":"The frequency of automated Snyk re-test. Can be 'daily', 'weekly or 'never'","type":"string"},"totalDependencies":{"description":"Number of dependencies of the project","type":"number"},"type":{"description":"The package manager of the project","type":"string"}},"type":"object"}}},"description":"OK","headers":{}}},"summary":"Retrieve a single project","tags":["Projects"]},"put":{"description":"","operationId":"Update a project","parameters":[{"description":"Automatically added","in":"path","name":"orgId","required":true,"schema":{"type":"string"}},{"description":"Automatically added","in":"path","name":"projectId","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"example":{"branch":"main","owner":{"id":"1acd4d09-5602-4d04-9640-045fe928aaea"}},"properties":{"branch":{"description":"The branch that this project should be monitoring","type":"string"},"owner":{"description":"Set to `null` to remove all ownership. User must be a member of the same organization as the project.","properties":{"id":{"description":"A user to assign as the project owner.","type":"string"}},"type":"object"}},"type":"object"}}}},"responses":{"200":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":{"attributes":{"criticality":["high"],"environment":["backend"],"lifecycle":["development"]},"branch":null,"browseUrl":"https://app.snyk.io/org/4a18d42f-0706-4ad0-b127-24078731fbed/project/af137b96-6966-46c1-826b-2e79ac49bbd9","created":"2025-08-15T13:51:54.389Z","hostname":null,"id":"af137b96-6966-46c1-826b-2e79ac49bbd9","imageBaseImage":"alpine:3","imageCluster":"Production","imageId":"sha256:caf27325b298a6730837023a8a342699c8b7b388b8d878966b064a1320043019","imagePlatform":"linux/arm64","imageTag":"latest","importingUser":{"email":"example-user@snyk.io","id":"e713cf94-bb02-4ea0-89d9-613cce0caed2","name":"example-user@snyk.io","username":"exampleUser"},"isMonitored":false,"issueCountsBySeverity":{"critical":3,"high":1,"low":13,"medium":8},"lastTestedDate":"2025-08-15T13:51:54.389Z","name":"snyk/goof","origin":"github","owner":null,"readOnly":false,"remediation":{"patch":{},"pin":{},"upgrade":{}},"remoteRepoUrl":"https://github.com/snyk/goof.git","tags":[{"key":"example-tag-key","value":"example-tag-value"}],"targetReference":null,"testFrequency":"daily","totalDependencies":42,"type":"maven"}}},"schema":{"properties":{"attributes":{"description":"Applied project attributes","properties":{"criticality":{"items":{},"type":"array"},"environment":{"items":{},"type":"array"},"lifecycle":{"items":{},"type":"array"}},"type":"object"},"branch":{"description":"The monitored branch (if available)","nullable":true,"type":"string"},"browseUrl":{"description":"URL with project overview","type":"string"},"created":{"description":"The date that the project was created on","type":"string"},"hostname":{"description":"The hostname for a CLI project, null if not set","nullable":true,"type":"string"},"id":{"description":"The project identifier","type":"string"},"imageBaseImage":{"description":"For docker projects shows the base image","type":"string"},"imageCluster":{"description":"For Kubernetes projects shows the origin cluster name","type":"string"},"imageId":{"description":"For docker projects shows the ID of the image","type":"string"},"imagePlatform":{"description":"For docker projects shows the platform of the image","type":"string"},"imageTag":{"description":"For docker projects shows the tag of the image","type":"string"},"importingUser":{"description":"The user who imported the project","properties":{"email":{"description":"The email of the user.","type":"string"},"id":{"description":"The ID of the user.","type":"string"},"name":{"description":"The name of the user.","type":"string"},"username":{"description":"The username of the user.","type":"string"}},"type":"object"},"isMonitored":{"description":"Describes if a project is currently monitored or it is de-activated","type":"boolean"},"issueCountsBySeverity":{"description":"Number of known vulnerabilities in the project, not including ignored issues","properties":{"critical":{"description":"Number of critical severity vulnerabilities","type":"number"},"high":{"description":"Number of high severity vulnerabilities","type":"number"},"low":{"description":"Number of low severity vulnerabilities","type":"number"},"medium":{"description":"Number of medium severity vulnerabilities","type":"number"}},"type":"object"},"lastTestedDate":{"description":"The date on which the most recent test was conducted for this project","type":"string"},"name":{"type":"string"},"origin":{"description":"The origin the project was added from","type":"string"},"owner":{"description":"The user who owns the project, null if not set\n\n{\n \"id\": \"e713cf94-bb02-4ea0-89d9-613cce0caed2\",\n \"name\": \"example-user@snyk.io\",\n \"username\": \"exampleUser\",\n \"email\": \"example-user@snyk.io\"\n}","nullable":true,"properties":{},"type":"object"},"readOnly":{"description":"Whether the project is read-only","type":"boolean"},"remediation":{"description":"Remediation data (if available)","properties":{"patch":{"description":"Recommended patches to apply to the project\n\n(object)\n paths (array) - List of paths to the vulnerable dependency that can be patched","properties":{},"type":"object"},"pin":{"description":"Recommended pins to apply to the project (Python only)\n\n(object)\n + upgradeTo (string, required) - `package@version` to upgrade to\n + vulns (array[string], required) - List of vulnerability ids that will be fixed as part of this upgrade\n + isTransitive (boolean) - Describes if the dependency to be pinned is a transitive dependency","properties":{},"type":"object"},"upgrade":{"description":"Recommended upgrades to apply to the project\n\n(object)\n + upgradeTo (string, required) - `package@version` to upgrade to\n + upgrades (array[string], required) - List of `package@version` that will be upgraded as part of this upgrade\n + vulns (array[string], required) - List of vulnerability ids that will be fixed as part of this upgrade","properties":{},"type":"object"}},"type":"object"},"remoteRepoUrl":{"description":"The project remote repository url. Only set for projects imported via the Snyk CLI tool.","type":"string"},"tags":{"description":"List of applied tags","items":{},"type":"array"},"targetReference":{"description":"The identifier for which revision of the resource is scanned by Snyk. For example this may be a branch for SCM project, or a tag for a container image","nullable":true,"type":"string"},"testFrequency":{"description":"The frequency of automated Snyk re-test. Can be 'daily', 'weekly or 'never'","type":"string"},"totalDependencies":{"description":"Number of dependencies of the project","type":"number"},"type":{"description":"The package manager of the project","type":"string"}},"type":"object"}}},"description":"OK","headers":{}}},"summary":"Update a project","tags":["Projects"]}},"/org/{orgId}/project/{projectId}/activate":{"post":{"description":"Activating a project will:\n\n- Add a repository webhook for supported integrations.\n\n- Enable pull request tests for new vulnerabilities.\n\n- Open Fix pull request for newly disclosed vulnerabilities.\n\n- Enable recurring tests, sending email alerts about newly disclosed vulnerabilities.","operationId":"Activate","parameters":[{"description":"The organization ID the project belongs to. The `API_KEY` must have access to this organization.","example":"4a18d42f-0706-4ad0-b127-24078731fbed","in":"path","name":"orgId","required":true,"schema":{"type":"string"}},{"description":"The project ID.","example":"463c1ee5-31bc-428c-b451-b79a3270db08","in":"path","name":"projectId","required":true,"schema":{"type":"string"}}],"responses":{"200":{"description":"OK","headers":{}}},"summary":"Activate","tags":["Projects"]}},"/org/{orgId}/project/{projectId}/aggregated-issues":{"post":{"description":"","operationId":"List all Aggregated issues","parameters":[{"description":"The organization ID. The `API_KEY` must have access to this organization.","example":"4a18d42f-0706-4ad0-b127-24078731fbed","in":"path","name":"orgId","required":true,"schema":{"type":"string"}},{"description":"The project ID to return issues for.","example":"6d5813be-7e6d-4ab8-80c2-1e3e2a454545","in":"path","name":"projectId","required":true,"schema":{"type":"string"}}],"requestBody":{"$ref":"#/components/requestBodies/List_all_Aggregated_issuesBody"},"responses":{"200":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":{"issues":[{"fixInfo":{"fixedIn":["2.0.0"],"isFixable":false,"isPartiallyFixable":false,"isPatchable":false,"isPinnable":false,"isUpgradable":false,"nearestFixedInVersion":"2.0.0"},"id":"npm:ms:20170412","ignoreReasons":[{"expires":"","reason":"","source":"cli"}],"introducedThrough":[{"data":{},"kind":"imageLayer"}],"isIgnored":false,"isPatched":false,"issueData":{"CVSSv3":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L","credit":["Snyk Security Research Team"],"cvssScore":3.7,"description":"`## Overview\\r\\n[`ms`](https://www.npmjs.com/package/ms) is a tiny millisecond conversion utility.\\r\\n\\r\\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) due to an incomplete fix for previously reported vulnerability [npm:ms:20151024](https://snyk.io/vuln/npm:ms:20151024). The fix limited the length of accepted input string to 10,000 characters, and turned to be insufficient making it possible to block the event loop for 0.3 seconds (on a typical laptop) with a specially crafted string passed to `ms","disclosureTime":"2025-08-15T13:51:54.389Z","exploitMaturity":"no-known-exploit","id":"npm:ms:20170412","identifiers":{"CVE":[],"CWE":["CWE-400"],"OSVDB":[]},"isMaliciousPackage":true,"language":"js","nearestFixedInVersion":"2.0.0","originalSeverity":"high","patches":[{"comments":[],"id":"patch:npm:ms:20170412:0","modificationTime":"2025-08-15T13:51:54.389Z","urls":["https://snyk-patches.s3.amazonaws.com/npm/ms/20170412/ms_100.patch"],"version":"=1.0.0"}],"path":"[DocId: 1].input.spec.template.spec.containers[snyk2].securityContext.privileged","publicationTime":"2025-08-15T13:51:54.389Z","semver":{"unaffected":"","vulnerable":[">=0.7.1 <2.0.0"]},"severity":"low","title":"Regular Expression Denial of Service (ReDoS)","url":"https://snyk.io/vuln/npm:ms:20170412","violatedPolicyPublicId":"SNYK-CC-K8S-1"},"issueType":"vuln","links":{"paths":""},"pkgName":"ms","pkgVersions":["1.0.0"],"priority":{"factors":["name: `isFixable`","description: `Has a fix available`"],"score":399}}]}}},"schema":{"properties":{"issues":{"description":"An array of identified issues","items":{"properties":{"fixInfo":{"description":"Information about fix/upgrade/pinnable options for the issue (Non-IaC projects only)","properties":{"fixedIn":{"description":"The set of versions in which this issue has been fixed. If the issue spanned multiple versions (i.e. `1.x` and `2.x`) then there will be multiple `fixedIn` entries","items":{},"type":"array"},"isFixable":{"description":"Whether all of the issue's paths are fixable. Paths that are already patched are not considered fixable unless they have an alternative remediation (e.g. pinning or upgrading). An upgrade path where the only changes are in transitive dependencies is only considered fixable if the package manager supports it.","type":"boolean"},"isPartiallyFixable":{"description":"Whether any of the issue's paths can be fixed. Paths that are already patched are not considered fixable unless they have an alternative remediation (e.g. pinning or upgrading). An upgrade path where the only changes are in transitive dependencies is only considered fixable if the package manager supports it.","type":"boolean"},"isPatchable":{"description":"Whether all the of issue's paths are patchable","type":"boolean"},"isPinnable":{"description":"Whether the issue can be fixed by pinning a transitive","type":"boolean"},"isUpgradable":{"description":"Whether all of the issue's paths are upgradable","type":"boolean"},"nearestFixedInVersion":{"description":"Nearest version which includes a fix for the issue. This is populated for container projects only.","type":"string"}},"type":"object"},"id":{"description":"The identifier of the issue","type":"string"},"ignoreReasons":{"description":"The list of reasons why the issue was ignored","items":{},"type":"array"},"introducedThrough":{"description":"The list of what introduced the issue (it is available only for container project with Dockerfile)","items":{},"type":"array"},"isIgnored":{"description":"Whether the issue has been ignored","type":"boolean"},"isPatched":{"description":"Whether the issue has been patched (Non-IaC projects only)","type":"boolean"},"issueData":{"additionalProperties":false,"description":"The details of the issue","properties":{"CVSSv3":{"description":"The CVSS v3 string that signifies how the CVSS score was calculated (Non-IaC projects only)","type":"string"},"credit":{"description":"The list of people responsible for first uncovering or reporting the issue (Non-IaC projects only)","items":{},"type":"array"},"cvssScore":{"description":"The CVSS score that results from running the CVSSv3 string (Non-IaC projects only)","type":"number"},"description":{"type":"string"},"disclosureTime":{"description":"The date that the vulnerability was first disclosed","type":"string"},"exploitMaturity":{"description":"The exploit maturity of the issue","type":"string"},"id":{"description":"The identifier of the issue","type":"string"},"identifiers":{"description":"External identifiers assigned to the issue (Non-IaC projects only)","properties":{"CVE":{"description":"Common Vulnerability Enumeration identifiers","items":{},"type":"array"},"CWE":{"description":"Common Weakness Enumeration identifiers","items":{},"type":"array"},"OSVDB":{"description":"Identifiers assigned by the Open Source Vulnerability Database (OSVDB)","items":{},"type":"array"}},"type":"object"},"isMaliciousPackage":{"description":"Whether the issue is intentional, indicating a malicious package","type":"boolean"},"language":{"description":"The language of the issue (Non-IaC projects only)","type":"string"},"nearestFixedInVersion":{"description":"Nearest version which includes a fix for the issue. This is populated for container projects only. (Non-IaC projects only)","type":"string"},"originalSeverity":{"description":"The original severity status of the issue, as retrieved from Snyk Vulnerability database, before policies are applied","type":"string"},"patches":{"description":"A list of patches available for the given issue (Non-IaC projects only)","items":{},"type":"array"},"path":{"description":"Path to the resource property violating the policy within the scanned project. (IaC projects only)","type":"string"},"publicationTime":{"description":"The date that the vulnerability was first published by Snyk (Non-IaC projects only)","type":"string"},"semver":{"description":"The ranges that are vulnerable and unaffected by the issue (Non-IaC projects only)","properties":{"unaffected":{"description":"The ranges that are unaffected by the issue","type":"string"},"vulnerable":{"description":"The ranges that are vulnerable to the issue. May be an array or a string.","items":{},"type":"array"}},"type":"object"},"severity":{"description":"The severity status of the issue, after policies are applied","type":"string"},"title":{"description":"The issue title","type":"string"},"url":{"description":"URL to a page containing information about the issue","type":"string"},"violatedPolicyPublicId":{"description":"The ID of the violated policy in the issue (IaC projects only)","type":"string"}},"required":["id","title","severity","originalSeverity","url","description","identifiers","credit","exploitMaturity","semver","publicationTime","disclosureTime","CVSSv3","cvssScore","language","patches","nearestFixedInVersion","path","violatedPolicyPublicId","isMaliciousPackage"],"type":"object"},"issueType":{"description":"type of the issue ('vuln', 'license' or 'configuration')","type":"string"},"links":{"description":"Onward links from this record (Non-IaC projects only)","properties":{"paths":{"description":"The URL for the dependency paths that introduce this issue","type":"string"}},"type":"object"},"pkgName":{"description":"The package name (Non-IaC projects only)","type":"string"},"pkgVersions":{"description":"List of affected package versions (Non-IaC projects only)","items":{"type":"string"},"type":"array"},"priority":{"description":"Information about the priority of the issue (Non-IaC projects only)","properties":{"factors":{"description":"The list of factors that contributed to the priority of the issue","items":{},"type":"array"},"score":{"description":"The priority score of the issue","type":"number"}},"type":"object"}},"required":["id","issueType","pkgName","pkgVersions","issueData","isPatched","isIgnored"],"type":"object"},"type":"array"}},"type":"object"}}},"description":"OK","headers":{}}},"summary":"List all Aggregated issues","tags":["Projects"]}},"/org/{orgId}/project/{projectId}/attributes":{"post":{"description":"Applies an attribute to the provided project.\nIt is possible to assign multiple values to each attribute, but you can only assign values to one of the predefined attribute categories, using the predefined options for this category.\nAssigning an attribute requires the caller to be either an Organization Administrator or a Group Administrator.\nAssigning an attribute will override any existing values that the specific attribute already has set.\nIn order to clear out an attribute value, an empty array can be set.","operationId":"Applying attributes","parameters":[{"description":"The organization ID. The `API_KEY` must have access to this organization.","example":"4a18d42f-0706-4ad0-b127-24078731fbed","in":"path","name":"orgId","required":true,"schema":{"type":"string"}},{"description":"The project ID to remove a tag from","example":"6d5813be-7e6d-4ab8-80c2-1e3e2a454545","in":"path","name":"projectId","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"example":{"criticality":["high"],"environment":["backend"],"lifecycle":["development"]},"properties":{"criticality":{"items":{},"type":"array"},"environment":{"items":{},"type":"array"},"lifecycle":{"items":{},"type":"array"}},"type":"object"}}}},"responses":{"200":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":{"attributes":{"criticality":["high"],"environment":["backend"],"lifecycle":["development"]}}}},"schema":{"properties":{"attributes":{"description":"Attributes now applied to the project","properties":{"criticality":{"items":{},"type":"array"},"environment":{"items":{},"type":"array"},"lifecycle":{"items":{},"type":"array"}},"type":"object"}},"type":"object"}}},"description":"OK","headers":{}}},"summary":"Applying attributes","tags":["Projects"]}},"/org/{orgId}/project/{projectId}/deactivate":{"post":{"description":"Deactivating a project will:\n\n- Disable pull request tests for new vulnerabilities.\n\n- Disable Fix pull request from being opened for newly disclosed vulnerabilities.\n\n- Disable recurring tests - email alerts about newly disclosed vulnerabilities will be turned off.\n\n- If the repository has no other active projects, then remove any webhooks related to the project.","operationId":"Deactivate","parameters":[{"description":"The organization ID the project belongs to. The `API_KEY` must have access to this organization.","example":"4a18d42f-0706-4ad0-b127-24078731fbed","in":"path","name":"orgId","required":true,"schema":{"type":"string"}},{"description":"The project ID.","example":"463c1ee5-31bc-428c-b451-b79a3270db08","in":"path","name":"projectId","required":true,"schema":{"type":"string"}}],"responses":{"200":{"description":"OK","headers":{}}},"summary":"Deactivate","tags":["Projects"]}},"/org/{orgId}/project/{projectId}/dep-graph":{"get":{"description":"","operationId":"Get Project dependency graph","parameters":[{"description":"The organization ID. The `API_KEY` must have access to this organization.","example":"4a18d42f-0706-4ad0-b127-24078731fbed","in":"path","name":"orgId","required":true,"schema":{"type":"string"}},{"description":"The project ID to return issues for.","example":"6d5813be-7e6d-4ab8-80c2-1e3e2a454545","in":"path","name":"projectId","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":{"depGraph":{"graph":{"nodes":[{"deps":[{"nodeId":"express@4.4.0"},{"nodeId":"ws@1.0.0"}],"nodeId":"root-node","pkgId":"demo-app-for-test@1.1.1"},{"deps":[],"nodeId":"express@4.4.0","pkgId":"express@4.4.0"},{"deps":[],"nodeId":"ws@1.0.0","pkgId":"ws@1.0.0"}],"rootNodeId":"root-node"},"pkgManager":{"name":"npm"},"pkgs":[{"id":"demo-app-for-test@1.1.1","info":{"name":"demo-app-for-test","version":"1.1.1"}},{"id":"express@4.4.0","info":{"name":"express","version":"4.4.0"}},{"id":"ws@1.0.0","info":{"name":"ws","version":"1.0.0"}}],"schemaVersion":"1.1.0"}}}},"schema":{"properties":{"depGraph":{"description":"The dependency-graph object","properties":{"graph":{"description":"A directional graph of the packages in the project","properties":{"nodes":{"description":"A list of the first-level packages","items":{"properties":{"deps":{"description":"A list of the direct dependencies of the package","items":{"properties":{"nodeId":{"description":"The id of the node","type":"string"}},"required":["nodeId"],"type":"object"},"type":"array"},"nodeId":{"description":"The internal id of the node","type":"string"},"pkgId":{"description":"The id of the package","type":"string"}},"required":["nodeId","pkgId","deps"],"type":"object"},"type":"array"},"rootNodeId":{"description":"The internal id of the root node","type":"string"}},"required":["rootNodeId"],"type":"object"},"pkgManager":{"description":"The package manager of the project","properties":{"name":{"description":"The name of the package manager","type":"string"},"repositories":{"items":{"properties":{"alias":{"type":"string"}},"required":["alias"],"type":"object"},"type":"array"},"version":{"description":"The version of the package manager","type":"string"}},"required":["name"],"type":"object"},"pkgs":{"description":"A list of dependencies in the project","items":{"properties":{"id":{"description":"The internal id of the package","type":"string"},"info":{"properties":{"name":{"description":"The name of the package","type":"string"},"version":{"description":"The version of the package","type":"string"}},"required":["name"],"type":"object"}},"required":["id","info"],"type":"object"},"type":"array"},"schemaVersion":{"description":"The scheme version of the depGraph object","type":"string"}},"required":["schemaVersion","pkgManager","pkgs","graph"],"type":"object"}},"required":["depGraph"],"type":"object"}}},"description":"* A reference implementation of the graph, as well as conversion functions to/from legacy tree format, can be found at: https://github.com/snyk/dep-graph.\n\n* The object might contain additional fields in the future, in a backward-compatible way (`schemaVersion` will change accordingly).","headers":{}}},"summary":"Get Project dependency graph","tags":["Projects"]}},"/org/{orgId}/project/{projectId}/history":{"post":{"description":"","operationId":"List all project snapshots","parameters":[{"description":"The organization ID. The `API_KEY` must have access to this organization.","example":"4a18d42f-0706-4ad0-b127-24078731fbed","in":"path","name":"orgId","required":true,"schema":{"type":"string"}},{"description":"The project ID to return snapshots for.","example":"6d5813be-7e6d-4ab8-80c2-1e3e2a454545","in":"path","name":"projectId","required":true,"schema":{"type":"string"}},{"description":"The number of results to return (the default is 10, the maximum is 100).","example":"10","in":"query","name":"perPage","required":false,"schema":{"type":"number"}},{"description":"The offset from which to start returning results from.","example":"1","in":"query","name":"page","required":false,"schema":{"type":"number"}}],"requestBody":{"content":{"application/json":{"schema":{"example":{"filters":{"imageId":"sha256:a368cbcfa6789bc347345f6d78902afe138b62ff5373d2aa5f37120277c90a67"}},"properties":{"filters":{"properties":{"imageId":{"description":"For container projects, filter by the ID of the image","type":"string"}},"type":"object"}},"type":"object"}}}},"responses":{"200":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":{"snapshots":[{"baseImageName":"fedora:32","created":"2025-08-15T13:51:54.389Z","id":"6d5813be-7e6d-4ab8-80c2-1e3e2a454545","imageId":"sha256:a368cbcfa6789bc347345f6d78902afe138b62ff5373d2aa5f37120277c90a67","imagePlatform":"linux/amd64","imageTag":"latest","issueCounts":{"license":{"critical":0,"high":13,"low":8,"medium":15},"vuln":{"critical":0,"high":13,"low":8,"medium":15}},"method":"web-test","totalDependencies":438},{"baseImageName":"fedora:32","created":"2025-08-15T13:51:54.389Z","id":"6d5813be-7e6d-4ab8-80c2-1e3e2a454553","imageId":"sha256:a368cbcfa6789bc347345f6d78902afe138b62ff5373d2aa5f37120277c90a67","imagePlatform":"linux/amd64","imageTag":"latest","issueCounts":{"license":{"critical":0,"high":13,"low":8,"medium":15},"vuln":{"critical":0,"high":13,"low":8,"medium":15}},"method":"web-test","totalDependencies":438}],"total":2}}},"schema":{"properties":{"snapshots":{"description":"A list of the project's snapshots, ordered according to date (latest first).","items":{"properties":{"created":{"description":"The date that the snapshot was taken","type":"string"},"id":{"description":"The snapshot identifier","type":"string"},"imageBaseImage":{"type":"string"},"imageId":{"type":"string"},"imagePlatform":{"type":"string"},"imageTag":{"type":"string"},"issueCounts":{"description":"Number of known vulnerabilities in the project, not including ignored issues","properties":{"license":{"properties":{"critical":{"description":"Number of critical severity vulnerabilities","type":"number"},"high":{"description":"Number of high severity vulnerabilities","type":"number"},"low":{"description":"Number of low severity vulnerabilities","type":"number"},"medium":{"description":"Number of medium severity vulnerabilities","type":"number"}},"required":["low","medium","high","critical"],"type":"object"},"sast":{"properties":{"critical":{"description":"Number of critical severity vulnerabilities","type":"number"},"high":{"description":"Number of high severity vulnerabilities","type":"number"},"low":{"description":"Number of low severity vulnerabilities","type":"number"},"medium":{"description":"Number of medium severity vulnerabilities","type":"number"}},"required":["low","medium","high","critical"],"type":"object"},"vuln":{"properties":{"critical":{"description":"Number of critical severity vulnerabilities","type":"number"},"high":{"description":"Number of high severity vulnerabilities","type":"number"},"low":{"description":"Number of low severity vulnerabilities","type":"number"},"medium":{"description":"Number of medium severity vulnerabilities","type":"number"}},"required":["low","medium","high","critical"],"type":"object"}},"type":"object"},"method":{"description":"The method by which this snapshot was created.","enum":["api","cli","recurring","web","web-test","wizard"],"type":"string"},"totalDependencies":{"description":"Number of dependencies of the project","type":"number"}},"required":["id","created","totalDependencies","issueCounts"],"type":"object"},"type":"array"},"total":{"description":"The total number of results","type":"number"}},"type":"object"}}},"description":"OK","headers":{"Link":{"schema":{"type":"string"}}}}},"summary":"List all project snapshots","tags":["Projects"]}},"/org/{orgId}/project/{projectId}/history/{snapshotId}/aggregated-issues":{"post":{"description":"","operationId":"List all project snapshot aggregated issues","parameters":[{"description":"The organization ID. The `API_KEY` must have access to this organization.","example":"2d5c4d0c-c6d6-4658-a703-c2721c135b26","in":"path","name":"orgId","required":true,"schema":{"type":"string"}},{"description":"The project ID.","example":"6d5813be-7e6d-4ab8-80c2-1e3e2a454545","in":"path","name":"projectId","required":true,"schema":{"type":"string"}},{"description":"The snapshot ID. If set to latest, the most recent snapshot will be used.","example":"6d5813be-7e6d-4ab8-80c2-1e3e2a454553","in":"path","name":"snapshotId","required":true,"schema":{"type":"string"}}],"requestBody":{"$ref":"#/components/requestBodies/List_all_Aggregated_issuesBody"},"responses":{"200":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":{"issues":[{"fixInfo":{"fixedIn":["2.0.0"],"isFixable":false,"isPartiallyFixable":false,"isPatchable":false,"isPinnable":false,"isUpgradable":false,"nearestFixedInVersion":"2.0.0"},"id":"npm:ms:20170412","ignoreReasons":[{"expires":"","reason":"","source":"cli"}],"introducedThrough":[{"data":{},"kind":"imageLayer"}],"isIgnored":false,"isPatched":false,"issueData":{"CVSSv3":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L","credit":["Snyk Security Research Team"],"cvssScore":3.7,"description":"`## Overview\\r\\n[`ms`](https://www.npmjs.com/package/ms) is a tiny millisecond conversion utility.\\r\\n\\r\\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) due to an incomplete fix for previously reported vulnerability [npm:ms:20151024](https://snyk.io/vuln/npm:ms:20151024). The fix limited the length of accepted input string to 10,000 characters, and turned to be insufficient making it possible to block the event loop for 0.3 seconds (on a typical laptop) with a specially crafted string passed to `ms","disclosureTime":"2025-08-15T13:51:54.390Z","exploitMaturity":"no-known-exploit","id":"npm:ms:20170412","identifiers":{"CVE":[],"CWE":["CWE-400"],"OSVDB":[]},"isMaliciousPackage":true,"language":"js","nearestFixedInVersion":"2.0.0","originalSeverity":"high","patches":[{"comments":[],"id":"patch:npm:ms:20170412:0","modificationTime":"2025-08-15T13:51:54.390Z","urls":["https://snyk-patches.s3.amazonaws.com/npm/ms/20170412/ms_100.patch"],"version":"=1.0.0"}],"path":"[DocId: 1].input.spec.template.spec.containers[snyk2].securityContext.privileged","publicationTime":"2025-08-15T13:51:54.390Z","semver":{"unaffected":"","vulnerable":[">=0.7.1 <2.0.0"]},"severity":"low","title":"Regular Expression Denial of Service (ReDoS)","url":"https://snyk.io/vuln/npm:ms:20170412","violatedPolicyPublicId":"SNYK-CC-K8S-1"},"issueType":"vuln","links":{"paths":""},"pkgName":"ms","pkgVersions":["1.0.0"],"priority":{"factors":["name: `isFixable`","description: `Has a fix available`"],"score":399}}]}}},"schema":{"properties":{"issues":{"description":"An array of identified issues","items":{"properties":{"fixInfo":{"description":"Information about fix/upgrade/pinnable options for the issue (Non-IaC projects only)","properties":{"fixedIn":{"description":"The set of versions in which this issue has been fixed. If the issue spanned multiple versions (i.e. `1.x` and `2.x`) then there will be multiple `fixedIn` entries","items":{},"type":"array"},"isFixable":{"description":"Whether all of the issue's paths are fixable. Paths that are already patched are not considered fixable unless they have an alternative remediation (e.g. pinning or upgrading). An upgrade path where the only changes are in transitive dependencies is only considered fixable if the package manager supports it.","type":"boolean"},"isPartiallyFixable":{"description":"Whether any of the issue's paths can be fixed. Paths that are already patched are not considered fixable unless they have an alternative remediation (e.g. pinning or upgrading). An upgrade path where the only changes are in transitive dependencies is only considered fixable if the package manager supports it.","type":"boolean"},"isPatchable":{"description":"Whether all the of issue's paths are patchable","type":"boolean"},"isPinnable":{"description":"Whether the issue can be fixed by pinning a transitive","type":"boolean"},"isUpgradable":{"description":"Whether all of the issue's paths are upgradable","type":"boolean"},"nearestFixedInVersion":{"description":"Nearest version which includes a fix for the issue. This is populated for container projects only.","type":"string"}},"type":"object"},"id":{"description":"The identifier of the issue","type":"string"},"ignoreReasons":{"description":"The list of reasons why the issue was ignored","items":{},"type":"array"},"introducedThrough":{"description":"The list of what introduced the issue (it is available only for container project with Dockerfile)","items":{},"type":"array"},"isIgnored":{"description":"Whether the issue has been ignored","type":"boolean"},"isPatched":{"description":"Whether the issue has been patched (Non-IaC projects only)","type":"boolean"},"issueData":{"additionalProperties":false,"description":"The details of the issue","properties":{"CVSSv3":{"description":"The CVSS v3 string that signifies how the CVSS score was calculated (Non-IaC projects only)","type":"string"},"credit":{"description":"The list of people responsible for first uncovering or reporting the issue (Non-IaC projects only)","items":{},"type":"array"},"cvssScore":{"description":"The CVSS score that results from running the CVSSv3 string (Non-IaC projects only)","type":"number"},"description":{"type":"string"},"disclosureTime":{"description":"The date that the vulnerability was first disclosed","type":"string"},"exploitMaturity":{"description":"The exploit maturity of the issue","type":"string"},"id":{"description":"The identifier of the issue","type":"string"},"identifiers":{"description":"External identifiers assigned to the issue (Non-IaC projects only)","properties":{"CVE":{"description":"Common Vulnerability Enumeration identifiers","items":{},"type":"array"},"CWE":{"description":"Common Weakness Enumeration identifiers","items":{},"type":"array"},"OSVDB":{"description":"Identifiers assigned by the Open Source Vulnerability Database (OSVDB)","items":{},"type":"array"}},"type":"object"},"isMaliciousPackage":{"description":"Whether the issue is intentional, indicating a malicious package","type":"boolean"},"language":{"description":"The language of the issue (Non-IaC projects only)","type":"string"},"nearestFixedInVersion":{"description":"Nearest version which includes a fix for the issue. This is populated for container projects only. (Non-IaC projects only)","type":"string"},"originalSeverity":{"description":"The original severity status of the issue, as retrieved from Snyk Vulnerability database, before policies are applied","type":"string"},"patches":{"description":"A list of patches available for the given issue (Non-IaC projects only)","items":{},"type":"array"},"path":{"description":"Path to the resource property violating the policy within the scanned project. (IaC projects only)","type":"string"},"publicationTime":{"description":"The date that the vulnerability was first published by Snyk (Non-IaC projects only)","type":"string"},"semver":{"description":"The ranges that are vulnerable and unaffected by the issue (Non-IaC projects only)","properties":{"unaffected":{"description":"The ranges that are unaffected by the issue","type":"string"},"vulnerable":{"description":"The ranges that are vulnerable to the issue. May be an array or a string.","items":{},"type":"array"}},"type":"object"},"severity":{"description":"The severity status of the issue, after policies are applied","type":"string"},"title":{"description":"The issue title","type":"string"},"url":{"description":"URL to a page containing information about the issue","type":"string"},"violatedPolicyPublicId":{"description":"The ID of the violated policy in the issue (IaC projects only)","type":"string"}},"required":["id","title","severity","originalSeverity","url","description","identifiers","credit","exploitMaturity","semver","publicationTime","disclosureTime","CVSSv3","cvssScore","language","patches","nearestFixedInVersion","path","violatedPolicyPublicId","isMaliciousPackage"],"type":"object"},"issueType":{"description":"type of the issue ('vuln', 'license' or 'configuration')","type":"string"},"links":{"description":"Onward links from this record (Non-IaC projects only)","properties":{"paths":{"description":"The URL for the dependency paths that introduce this issue","type":"string"}},"type":"object"},"pkgName":{"description":"The package name (Non-IaC projects only)","type":"string"},"pkgVersions":{"description":"List of affected package versions (Non-IaC projects only)","items":{"type":"string"},"type":"array"},"priority":{"description":"Information about the priority of the issue (Non-IaC projects only)","properties":{"factors":{"description":"The list of factors that contributed to the priority of the issue","items":{},"type":"array"},"score":{"description":"The priority score of the issue","type":"number"}},"type":"object"}},"required":["id","issueType","pkgName","pkgVersions","issueData","isPatched","isIgnored"],"type":"object"},"type":"array"}},"type":"object"}}},"description":"OK","headers":{}}},"summary":"List all project snapshot aggregated issues","tags":["Projects"]}},"/org/{orgId}/project/{projectId}/history/{snapshotId}/issue/{issueId}/paths":{"get":{"description":"","operationId":"List all project snapshot issue paths","parameters":[{"description":"The organization ID. The `API_KEY` must have access to this organization.","example":"4a18d42f-0706-4ad0-b127-24078731fbed","in":"path","name":"orgId","required":true,"schema":{"type":"string"}},{"description":"The project ID for which to return issue paths.","example":"6d5813be-7e6d-4ab8-80c2-1e3e2a454545","in":"path","name":"projectId","required":true,"schema":{"type":"string"}},{"description":"The project snapshot ID for which to return issue paths. If set to `latest`, the most recent snapshot will be used. Use the \"List all project snapshots\" endpoint to find suitable values for this.","example":"6d5813be-7e6d-4ab8-80c2-1e3e2a454553","in":"path","name":"snapshotId","required":true,"schema":{"type":"string"}},{"description":"The issue ID for which to return issue paths.","example":"SNYK-JS-LODASH-590103","in":"path","name":"issueId","required":true,"schema":{"type":"string"}},{"description":"The number of results to return per page (1 - 1000, inclusive).","example":"3","in":"query","name":"perPage","required":false,"schema":{"default":100,"type":"number"}},{"description":"The page of results to return.","example":"2","in":"query","name":"page","required":false,"schema":{"default":1,"type":"number"}}],"responses":{"200":{"content":{"*/*":{"schema":{"properties":{"links":{"description":"Onward links from this record","properties":{"last":{"description":"The URL of the last page of paths for the issue","type":"string"},"next":{"description":"The URL of the next page of paths for the issue, if not on the last page","type":"string"},"prev":{"description":"The URL of the previous page of paths for the issue, if not on the first page","type":"string"}},"type":"object"},"paths":{"description":"A list of the dependency paths that introduce the issue","items":{"items":{"properties":{"fixVersion":{"description":"The version to upgrade the package to in order to resolve the issue. This will only appear on the first element of the path, and only if the issue can be fixed by upgrading packages. Note that if the fix requires upgrading transitive dependencies, `fixVersion` will be the same as `version`.","type":"string"},"name":{"description":"The package name","type":"string"},"version":{"description":"The package version","type":"string"}},"type":"object"},"type":"array"},"type":"array"},"snapshotId":{"description":"The identifier of the snapshot for which the paths have been found","type":"string"},"total":{"description":"The total number of results","type":"number"}},"type":"object"}}},"description":"OK","headers":{"Link":{"schema":{"type":"string"}}}}},"summary":"List all project snapshot issue paths","tags":["Projects"]}},"/org/{orgId}/project/{projectId}/ignore/{issueId}":{"delete":{"description":"","operationId":"Delete ignores","parameters":[{"description":"Automatically added","in":"path","name":"orgId","required":true,"schema":{"type":"string"}},{"description":"Automatically added","in":"path","name":"projectId","required":true,"schema":{"type":"string"}},{"description":"Automatically added","in":"path","name":"issueId","required":true,"schema":{"type":"string"}}],"responses":{"200":{"description":"OK","headers":{}}},"summary":"Delete ignores","tags":["Projects"]},"get":{"description":"","operationId":"Retrieve ignore","parameters":[{"description":"The organization ID to modify ignores for. The `API_KEY` must have access to this organization.","example":"4a18d42f-0706-4ad0-b127-24078731fbed","in":"path","name":"orgId","required":true,"schema":{"type":"string"}},{"description":"The project ID to modify ignores for.","example":"463c1ee5-31bc-428c-b451-b79a3270db08","in":"path","name":"projectId","required":true,"schema":{"type":"string"}},{"description":"The issue ID to modify ignores for. Can be a vulnerability or a license Issue.","example":"npm:qs:20140806-1","in":"path","name":"issueId","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":[{"*":{"created":"2025-08-15T13:51:54.390Z","disregardIfFixable":true,"ignoredBy":{"email":"jbloggs@gmail.com","id":"a3952187-0d8e-45d8-9aa2-036642857b4f","name":"Joe Bloggs"},"reason":"No fix available","reasonType":"temporary-ignore"}}]}},"schema":{"$ref":"#/components/schemas/ignorePath"}}},"description":"OK","headers":{}}},"summary":"Retrieve ignore","tags":["Projects"]},"post":{"description":"","operationId":"Add ignore","parameters":[{"description":"Automatically added","in":"path","name":"orgId","required":true,"schema":{"type":"string"}},{"description":"Automatically added","in":"path","name":"projectId","required":true,"schema":{"type":"string"}},{"description":"Automatically added","in":"path","name":"issueId","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"example":{"disregardIfFixable":false,"expires":"","ignorePath":"","reason":"","reasonType":"not-vulnerable"},"properties":{"disregardIfFixable":{"description":"Only ignore the issue if no upgrade or patch is available.","type":"boolean"},"expires":{"description":"The timestamp that the issue will no longer be ignored.","type":"string"},"ignorePath":{"description":"The path to ignore (default is `*` which represents all paths).","type":"string"},"reason":{"description":"The reason that the issue was ignored.","type":"string"},"reasonType":{"description":"The classification of the ignore.","enum":["not-vulnerable","wont-fix","temporary-ignore"],"type":"string"}},"required":["reasonType","disregardIfFixable"],"type":"object"}}}},"responses":{"200":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":{"*":{"created":"2025-08-15T13:51:54.390Z","disregardIfFixable":true,"ignoredBy":{"email":"jbloggs@gmail.com","id":"a3952187-0d8e-45d8-9aa2-036642857b4f","name":"Joe Bloggs"},"reason":"No fix available","reasonType":"temporary-ignore"}}}},"schema":{"$ref":"#/components/schemas/ignorePath"}}},"description":"OK","headers":{}}},"summary":"Add ignore","tags":["Projects"]},"put":{"description":"","operationId":"Replace ignores","parameters":[{"description":"Automatically added","in":"path","name":"orgId","required":true,"schema":{"type":"string"}},{"description":"Automatically added","in":"path","name":"projectId","required":true,"schema":{"type":"string"}},{"description":"Automatically added","in":"path","name":"issueId","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":[{"*":{"created":"2025-08-15T13:51:54.390Z","disregardIfFixable":true,"ignoredBy":{"email":"jbloggs@gmail.com","id":"a3952187-0d8e-45d8-9aa2-036642857b4f","name":"Joe Bloggs"},"reason":"No fix available","reasonType":"temporary-ignore"}}]}},"schema":{"items":{},"type":"array"}}},"description":"OK","headers":{}}},"summary":"Replace ignores","tags":["Projects"]}},"/org/{orgId}/project/{projectId}/ignores":{"get":{"description":"Temporary ignores include an `expires` attribute, while permanent ignores do not.","operationId":"List all ignores","parameters":[{"description":"The organization ID to list ignores for. The `API_KEY` must have access to this organization.","example":"4a18d42f-0706-4ad0-b127-24078731fbed","in":"path","name":"orgId","required":true,"schema":{"type":"string"}},{"description":"The project ID to list ignores for.","example":"463c1ee5-31bc-428c-b451-b79a3270db08","in":"path","name":"projectId","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":{"npm:electron:20170426":[{"*":{"created":"2025-08-15T13:51:54.390Z","disregardIfFixable":false,"ignoredBy":{"email":"jbloggs@gmail.com","id":"a3952187-0d8e-45d8-9aa2-036642857b4f","name":"Joe Bloggs"},"reason":"Low impact","reasonType":"wont-fix"}}],"npm:negotiator:20160616":[{"*":{"created":"2025-08-15T13:51:54.390Z","disregardIfFixable":false,"ignoredBy":{"email":"jbloggs@gmail.com","id":"a3952187-0d8e-45d8-9aa2-036642857b4f","name":"Joe Bloggs"},"reason":"Not vulnerable via this path","reasonType":"not-vulnerable"}}],"npm:qs:20140806-1":[{"*":{"created":"2025-08-15T13:51:54.390Z","disregardIfFixable":true,"expires":"2025-08-15T13:51:54.390Z","ignoredBy":{"email":"jbloggs@gmail.com","id":"a3952187-0d8e-45d8-9aa2-036642857b4f","name":"Joe Bloggs"},"reason":"No fix available","reasonType":"temporary-ignore"}}]}}},"schema":{"$ref":"#/components/schemas/issueId"}}},"description":"OK","headers":{}}},"summary":"List all ignores","tags":["Projects"]}},"/org/{orgId}/project/{projectId}/issue/{issueId}/jira-issue":{"post":{"description":"","operationId":"Create jira issue","parameters":[{"description":"The issue ID to create Jira issue for.","example":"npm:qs:20140806-1","in":"path","name":"issueId","required":true,"schema":{"type":"string"}},{"description":"Automatically added","in":"path","name":"orgId","required":true,"schema":{"type":"string"}},{"description":"Automatically added","in":"path","name":"projectId","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"example":{"fields":{"issuetype":{},"project":{},"summary":""}},"properties":{"fields":{"properties":{"issuetype":{"description":"See https://developer.atlassian.com/cloud/jira/platform/rest/v3/api-group-issues/#api-rest-api-3-issue-post for details of what to send as fields.","properties":{},"type":"object"},"project":{"description":"See https://developer.atlassian.com/cloud/jira/platform/rest/v3/api-group-issues/#api-rest-api-3-issue-post for details of what to send as fields.","properties":{},"type":"object"},"summary":{"description":"See https://developer.atlassian.com/cloud/jira/platform/rest/v3/api-group-issues/#api-rest-api-3-issue-post for details of what to send as fields.","type":"string"}},"type":"object"}},"type":"object"}}}},"responses":{"200":{"content":{"*/*":{"schema":{"properties":{"jiraIssue":{"description":"The details about the jira issue.","properties":{"id":{"description":"The id of the issue in Jira.","type":"string"},"key":{"description":"The key of the issue in Jira.","type":"string"}},"type":"object"}},"type":"object"}}},"description":"OK","headers":{}}},"summary":"Create jira issue","tags":["Projects"]}},"/org/{orgId}/project/{projectId}/issue/{issueId}/paths":{"get":{"description":"","operationId":"List all project issue paths","parameters":[{"description":"The organization ID. The `API_KEY` must have access to this organization.","example":"4a18d42f-0706-4ad0-b127-24078731fbed","in":"path","name":"orgId","required":true,"schema":{"type":"string"}},{"description":"The project ID for which to return issue paths.","example":"6d5813be-7e6d-4ab8-80c2-1e3e2a454545","in":"path","name":"projectId","required":true,"schema":{"type":"string"}},{"description":"The issue ID for which to return issue paths.","example":"SNYK-JS-LODASH-590103","in":"path","name":"issueId","required":true,"schema":{"type":"string"}},{"description":"The project snapshot ID for which to return issue paths. If set to `latest`, the most recent snapshot will be used. Use the \"List all project snapshots\" endpoint to find suitable values for this.","example":"6d5813be-7e6d-4ab8-80c2-1e3e2a454553","in":"query","name":"snapshotId","required":false,"schema":{"default":"latest","type":"string"}},{"description":"The number of results to return per page (1 - 1000, inclusive).","example":"3","in":"query","name":"perPage","required":false,"schema":{"default":100,"type":"number"}},{"description":"The page of results to return.","example":"2","in":"query","name":"page","required":false,"schema":{"default":1,"type":"number"}}],"responses":{"200":{"content":{"*/*":{"schema":{"properties":{"links":{"description":"Onward links from this record","properties":{"last":{"description":"The URL of the last page of paths for the issue","type":"string"},"next":{"description":"The URL of the next page of paths for the issue, if not on the last page","type":"string"},"prev":{"description":"The URL of the previous page of paths for the issue, if not on the first page","type":"string"}},"type":"object"},"paths":{"description":"A list of the dependency paths that introduce the issue","items":{"items":{"properties":{"fixVersion":{"description":"The version to upgrade the package to in order to resolve the issue. This will only appear on the first element of the path, and only if the issue can be fixed by upgrading packages. Note that if the fix requires upgrading transitive dependencies, `fixVersion` will be the same as `version`.","type":"string"},"name":{"description":"The package name","type":"string"},"version":{"description":"The package version","type":"string"}},"type":"object"},"type":"array"},"type":"array"},"snapshotId":{"description":"The identifier of the snapshot for which the paths have been found","type":"string"},"total":{"description":"The total number of results","type":"number"}},"type":"object"}}},"description":"OK","headers":{"Link":{"schema":{"type":"string"}}}}},"summary":"List all project issue paths","tags":["Projects"]}},"/org/{orgId}/project/{projectId}/jira-issues":{"get":{"description":"","operationId":"List all jira issues","parameters":[{"description":"The organization ID to list Jira issues for. The `API_KEY` must have access to this organization.","example":"4a18d42f-0706-4ad0-b127-24078731fbed","in":"path","name":"orgId","required":true,"schema":{"type":"string"}},{"description":"The project ID to list Jira issues for.","example":"463c1ee5-31bc-428c-b451-b79a3270db08","in":"path","name":"projectId","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"*/*":{"schema":{"$ref":"#/components/schemas/issueId"}}},"description":"OK","headers":{}}},"summary":"List all jira issues","tags":["Projects"]}},"/org/{orgId}/project/{projectId}/move":{"put":{"description":"Note: when moving a project to a new organization, the historical data used for reporting does not move with it.","operationId":"Move project to a different organization","parameters":[{"description":"The organization ID to which the project belongs. The API_KEY must have group admin permissions. If the project is moved to a new group, a personal level API key is needed.","example":"4a18d42f-0706-4ad0-b127-24078731fbed","in":"path","name":"orgId","required":true,"schema":{"type":"string"}},{"description":"The project ID.","example":"463c1ee5-31bc-428c-b451-b79a3270db08","in":"path","name":"projectId","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"example":{"targetOrgId":"4a18d42f-0706-4ad0-b127-24078731fbed"},"properties":{"targetOrgId":{"description":"The ID of the organization that the project should be moved to. The API_KEY must have group admin permissions. If the project is moved to a new group, a personal level API key is needed.","type":"string"}},"type":"object"}}}},"responses":{"200":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":{"destinationOrg":"4a18d42f-0706-4ad0-b127-24078731fbed","movedProject":"463c1ee5-31bc-428c-b451-b79a3270db08","originOrg":"4a18d42f-0706-4ad0-b127-24078731fbed"}}}}},"description":"OK","headers":{}}},"summary":"Move project to a different organization","tags":["Projects"]}},"/org/{orgId}/project/{projectId}/settings":{"delete":{"description":"Deleting project settings will set the project to inherit default settings from its integration.","operationId":"Delete project settings","parameters":[{"description":"Automatically added","in":"path","name":"orgId","required":true,"schema":{"type":"string"}},{"description":"Automatically added","in":"path","name":"projectId","required":true,"schema":{"type":"string"}}],"responses":{"204":{"description":"No Content","headers":{}}},"summary":"Delete project settings","tags":["Projects"]},"get":{"description":"","operationId":"List project settings","parameters":[{"description":"The organization ID to which the project belongs. The API_KEY must have access to this organization.","example":"4a18d42f-0706-4ad0-b127-24078731fbed","in":"path","name":"orgId","required":true,"schema":{"type":"string"}},{"description":"The project ID","example":"463c1ee5-31bc-428c-b451-b79a3270db08","in":"path","name":"projectId","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":{"autoDepUpgradeEnabled":false,"autoDepUpgradeIgnoredDependencies":["tap","ava"],"autoDepUpgradeLimit":2,"autoDepUpgradeMinAge":21,"autoRemediationPrs":{"backlogPrsEnabled":false,"freshPrsEnabled":true,"usePatchRemediation":true},"pullRequestAssignment":{"assignees":["username"],"enabled":true,"type":"manual"},"pullRequestFailOnAnyVulns":false,"pullRequestFailOnlyForHighSeverity":true,"pullRequestTestEnabled":true}}},"schema":{"properties":{"autoDepUpgradeEnabled":{"description":"If set to `true`, Snyk will raise dependency upgrade PRs automatically.","type":"boolean"},"autoDepUpgradeIgnoredDependencies":{"description":"An array of comma-separated strings with names of dependencies you wish Snyk to ignore to upgrade.","items":{},"type":"array"},"autoDepUpgradeLimit":{"description":"The limit on auto dependency upgrade PRs.","type":"number"},"autoDepUpgradeMinAge":{"description":"The age (in days) that an automatic dependency check is valid for","type":"number"},"autoRemediationPrs":{"description":"Defines automatic remediation policies","properties":{"backlogPrsEnabled":{"description":"If true, allows automatic remediation of newly identified issues, or older issues where a fix has been identified","type":"boolean"},"freshPrsEnabled":{"description":"If true, allows automatic remediation of prioritized backlog issues","type":"boolean"},"usePatchRemediation":{"description":"If true, allows using patched remediation","type":"boolean"}},"type":"object"},"pullRequestAssignment":{"description":"assign Snyk pull requests","properties":{"assignees":{"description":"an array of usernames that have contributed to the organization's project(s).","items":{},"type":"array"},"enabled":{"description":"if the organization's project(s) will assign Snyk pull requests.","type":"boolean"},"type":{"description":"a string representing the type of assignment your projects require.","enum":["auto","manual"],"type":"string"}},"type":"object"},"pullRequestFailOnAnyVulns":{"description":"If set to `true`, fail Snyk Test if the repo has any vulnerabilities. Otherwise, fail only when the PR is adding a vulnerable dependency.","type":"boolean"},"pullRequestFailOnlyForHighSeverity":{"description":"If set to `true`, fail Snyk Test only for high and critical severity vulnerabilities","type":"boolean"},"pullRequestTestEnabled":{"description":"If set to `true`, Snyk Test checks PRs for vulnerabilities.:cq","type":"boolean"}},"type":"object"}}},"description":"The response will contain only attributes that can be updated (see `ATTRIBUTES` section in `Update project settings`) and that have been previously set.","headers":{}}},"summary":"List project settings","tags":["Projects"]},"put":{"description":"","operationId":"Update project settings","parameters":[{"description":"Automatically added","in":"path","name":"orgId","required":true,"schema":{"type":"string"}},{"description":"Automatically added","in":"path","name":"projectId","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"example":{"autoDepUpgradeEnabled":false,"autoDepUpgradeIgnoredDependencies":["tap","ava"],"autoDepUpgradeLimit":2,"autoDepUpgradeMinAge":21,"autoRemediationPrs":{"backlogPrsEnabled":false,"freshPrsEnabled":true,"usePatchRemediation":false},"pullRequestAssignment":{"assignees":["username"],"enabled":true,"type":"manual"},"pullRequestFailOnAnyVulns":false,"pullRequestFailOnlyForHighSeverity":true,"pullRequestTestEnabled":true},"properties":{"autoDepUpgradeEnabled":{"description":"If set to `true`, Snyk will raise dependency upgrade PRs automatically.","type":"boolean"},"autoDepUpgradeIgnoredDependencies":{"description":"An array of comma-separated strings with names of dependencies you wish Snyk to ignore to upgrade.","items":{},"type":"array"},"autoDepUpgradeLimit":{"description":"The limit on auto dependency upgrade PRs.","type":"number"},"autoDepUpgradeMinAge":{"description":"The age (in days) that an automatic dependency check is valid for","type":"number"},"autoRemediationPrs":{"description":"Defines automatic remediation policies","properties":{"backlogPrsEnabled":{"description":"If true, allows automatic remediation of newly identified issues, or older issues where a fix has been identified","type":"boolean"},"freshPrsEnabled":{"description":"If true, allows automatic remediation of prioritized backlog issues","type":"boolean"},"usePatchRemediation":{"description":"If true, allows using patched remediation","type":"boolean"}},"type":"object"},"pullRequestAssignment":{"description":"assign Snyk pull requests","properties":{"assignees":{"description":"an array of usernames that have contributed to the organization's project(s).","items":{},"type":"array"},"enabled":{"description":"if the organization's project(s) will assign Snyk pull requests.","type":"boolean"},"type":{"description":"a string representing the type of assignment your projects require.","enum":["auto","manual"],"type":"string"}},"type":"object"},"pullRequestFailOnAnyVulns":{"description":"If set to `true`, fail Snyk Test if the repo has any vulnerabilities. Otherwise, fail only when the PR is adding a vulnerable dependency.","type":"boolean"},"pullRequestFailOnlyForHighSeverity":{"description":"If set to `true`, fail Snyk Test only for high and critical severity vulnerabilities","type":"boolean"},"pullRequestTestEnabled":{"description":"If set to `true`, Snyk Test checks PRs for vulnerabilities.:cq","type":"boolean"}},"type":"object"}}}},"responses":{"200":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":{"autoDepUpgradeEnabled":false,"autoDepUpgradeIgnoredDependencies":["tap","ava"],"autoDepUpgradeLimit":2,"autoDepUpgradeMinAge":21,"autoRemediationPrs":{"backlogPrsEnabled":false,"freshPrsEnabled":true,"usePatchRemediation":false},"pullRequestAssignment":{"assignees":["username"],"enabled":true,"type":"manual"},"pullRequestFailOnAnyVulns":false,"pullRequestFailOnlyForHighSeverity":true,"pullRequestTestEnabled":true}}},"schema":{"properties":{"autoDepUpgradeEnabled":{"description":"If set to `true`, Snyk will raise dependency upgrade PRs automatically.","type":"boolean"},"autoDepUpgradeIgnoredDependencies":{"description":"An array of comma-separated strings with names of dependencies you wish Snyk to ignore to upgrade.","items":{},"type":"array"},"autoDepUpgradeLimit":{"description":"The limit on auto dependency upgrade PRs.","type":"number"},"autoDepUpgradeMinAge":{"description":"The age (in days) that an automatic dependency check is valid for","type":"number"},"autoRemediationPrs":{"description":"Defines automatic remediation policies","properties":{"backlogPrsEnabled":{"description":"If true, allows automatic remediation of newly identified issues, or older issues where a fix has been identified","type":"boolean"},"freshPrsEnabled":{"description":"If true, allows automatic remediation of prioritized backlog issues","type":"boolean"},"usePatchRemediation":{"description":"If true, allows using patched remediation","type":"boolean"}},"type":"object"},"pullRequestAssignment":{"description":"assign Snyk pull requests","properties":{"assignees":{"description":"an array of usernames that have contributed to the organization's project(s).","items":{},"type":"array"},"enabled":{"description":"if the organization's project(s) will assign Snyk pull requests.","type":"boolean"},"type":{"description":"a string representing the type of assignment your projects require.","enum":["auto","manual"],"type":"string"}},"type":"object"},"pullRequestFailOnAnyVulns":{"description":"If set to `true`, fail Snyk Test if the repo has any vulnerabilities. Otherwise, fail only when the PR is adding a vulnerable dependency.","type":"boolean"},"pullRequestFailOnlyForHighSeverity":{"description":"If set to `true`, fail Snyk Test only for high and critical severity vulnerabilities","type":"boolean"},"pullRequestTestEnabled":{"description":"If set to `true`, Snyk Test checks PRs for vulnerabilities.:cq","type":"boolean"}},"type":"object"}}},"description":"The response will contain the attributes and values that have been sent in the request and successfully updated.","headers":{}}},"summary":"Update project settings","tags":["Projects"]}},"/org/{orgId}/project/{projectId}/tags":{"post":{"description":"","operationId":"Add a tag to a project","parameters":[{"description":"The organization ID. The `API_KEY` must have access to this organization.","example":"4a18d42f-0706-4ad0-b127-24078731fbed","in":"path","name":"orgId","required":true,"schema":{"type":"string"}},{"description":"The project ID to apply the tag to","example":"6d5813be-7e6d-4ab8-80c2-1e3e2a454545","in":"path","name":"projectId","required":true,"schema":{"type":"string"}}],"requestBody":{"$ref":"#/components/requestBodies/Add_a_tag_to_a_projectBody"},"responses":{"200":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":{"tags":[{"key":"example-tag-key","value":"example-tag-value"}]}}},"schema":{"properties":{"tags":{"description":"Tags now applied to the project","items":{},"type":"array"}},"type":"object"}}},"description":"OK","headers":{}}},"summary":"Add a tag to a project","tags":["Projects"]}},"/org/{orgId}/project/{projectId}/tags/remove":{"post":{"description":"","operationId":"Remove a tag from a project","parameters":[{"description":"The organization ID. The `API_KEY` must have access to this organization.","example":"4a18d42f-0706-4ad0-b127-24078731fbed","in":"path","name":"orgId","required":true,"schema":{"type":"string"}},{"description":"The project ID to remove a tag from","example":"6d5813be-7e6d-4ab8-80c2-1e3e2a454545","in":"path","name":"projectId","required":true,"schema":{"type":"string"}}],"requestBody":{"$ref":"#/components/requestBodies/Add_a_tag_to_a_projectBody"},"responses":{"200":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":{"tags":[{"key":"example-tag-key","value":"example-tag-value"}]}}},"schema":{"properties":{"tags":{"description":"Tags now applied to the project","items":{},"type":"array"}},"type":"object"}}},"description":"OK","headers":{}}},"summary":"Remove a tag from a project","tags":["Projects"]}},"/org/{orgId}/projects":{"post":{"description":"","operationId":"List all projects","parameters":[{"description":"The organization ID to list projects for. The `API_KEY` must have access to this organization.","example":"4a18d42f-0706-4ad0-b127-24078731fbed","in":"path","name":"orgId","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"example":{"filters":{"attributes":{"criticality":["high"],"environment":["backend"],"lifecycle":["development"]},"name":"snyk/goof","origin":"github","tags":{"includes":[{"key":"example-tag-key","value":"example-tag-value"}]},"type":"maven"}},"properties":{"filters":{"properties":{"attributes":{"description":"When you filter by multiple values on a single attribute, you will return projects that have been assigned one or more of the values in the filter.\n\nWhen you filter by multiple attributes, you will return projects which have been assigned values of both attributes in the filter.","properties":{"criticality":{"items":{},"type":"array"},"environment":{"items":{},"type":"array"},"lifecycle":{"items":{},"type":"array"}},"type":"object"},"isMonitored":{"description":"If set to `true`, only include projects which are monitored, if set to `false`, only include projects which are not monitored","type":"boolean"},"name":{"description":"If supplied, only projects that have a name that **starts with** this value will be returned","type":"string"},"origin":{"description":"If supplied, only projects that exactly match this origin will be returned","type":"string"},"tags":{"properties":{"includes":{"description":"A project must have all provided tags in order to be included in the response. A maximum of 3 tags can be supplied.","items":{},"type":"array"}},"type":"object"},"type":{"description":"If supplied, only projects that exactly match this type will be returned","type":"string"}},"type":"object"}},"type":"object"}}}},"responses":{"200":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":{"org":{"id":"689ce7f9-7943-4a71-b704-2ba575f01089","name":"defaultOrg"},"projects":[{"branch":"master","created":"2025-08-15T13:51:54.395Z","id":"6d5813be-7e6d-4ab8-80c2-1e3e2a454545","importingUser":{"email":"example-user@snyk.io","id":"e713cf94-bb02-4ea0-89d9-613cce0caed2","name":"example-user@snyk.io","username":"exampleUser"},"isMonitored":true,"issueCountsBySeverity":{"critical":3,"high":10,"low":8,"medium":15},"lastTestedDate":"2025-08-15T13:51:54.395Z","name":"atokeneduser/goof","origin":"cli","owner":{"email":"example-user@snyk.io","id":"e713cf94-bb02-4ea0-89d9-613cce0caed2","name":"example-user@snyk.io","username":"exampleUser"},"readOnly":false,"remoteRepoUrl":"https://github.com/snyk/goof.git","tags":[{"key":"example-tag-key","value":"example-tag-value"}],"targetReference":"master","testFrequency":"daily","totalDependencies":438,"type":"npm"},{"branch":"master","created":"2025-08-15T13:51:54.395Z","id":"af127b96-6966-46c1-826b-2e79ac49bbd9","importingUser":{"email":"example-user@snyk.io","id":"e713cf94-bb02-4ea0-89d9-613cce0caed2","name":"example-user@snyk.io","username":"exampleUser"},"isMonitored":false,"issueCountsBySeverity":{"critical":10,"high":3,"low":8,"medium":21},"lastTestedDate":"2025-08-15T13:51:54.395Z","name":"atokeneduser/clojure","origin":"github","owner":{"email":"example-user2@snyk.io","id":"42ce0e0f-6288-4874-9266-ef799e7f31bb","name":"example-user2@snyk.io","username":"exampleUser2"},"readOnly":false,"remoteRepoUrl":"https://github.com/clojure/clojure.git","tags":[{"key":"example-tag-key","value":"example-tag-value"}],"targetReference":"master","testFrequency":"daily","totalDependencies":42,"type":"maven"},{"branch":"master","created":"2025-08-15T13:51:54.395Z","id":"f6c8339d-57e1-4d64-90c1-81af0e811f7e","imageId":"sha256:caf27325b298a6730837023a8a342699c8b7b388b8d878966b064a1320043019","imageTag":"latest","importingUser":null,"isMonitored":false,"issueCountsBySeverity":{"critical":0,"high":0,"low":0,"medium":0},"lastTestedDate":"2025-08-15T13:51:54.395Z","name":"docker-image|alpine","origin":"cli","owner":null,"readOnly":false,"tags":[{"key":"example-tag-key","value":"example-tag-value"}],"targetReference":"master","testFrequency":"daily","totalDependencies":14,"type":"apk"}]}}},"schema":{"properties":{"org":{"properties":{"id":{"description":"The identifier of the org","type":"string"},"name":{"type":"string"}},"type":"object"},"projects":{"description":"A list of org's projects","items":{"properties":{"attributes":{"description":"Applied project attributes","properties":{"criticality":{"items":{},"type":"array"},"environment":{"items":{},"type":"array"},"lifecycle":{"items":{},"type":"array"}},"type":"object"},"branch":{"description":"The monitored branch (if available)","nullable":true,"type":"string"},"browseUrl":{"description":"URL with project overview","type":"string"},"created":{"description":"The date that the project was created on","type":"string"},"id":{"description":"The project identifier","type":"string"},"imageBaseImage":{"description":"For docker projects shows the base image","type":"string"},"imageCluster":{"description":"For Kubernetes projects shows the origin cluster name","type":"string"},"imageId":{"description":"For docker projects shows the ID of the image","type":"string"},"imagePlatform":{"description":"For docker projects shows the platform of the image","type":"string"},"imageTag":{"description":"For docker projects shows the tag of the image","type":"string"},"importingUser":{"description":"The user who imported the project","properties":{"email":{"description":"The email of the user.","type":"string"},"id":{"description":"The ID of the user.","type":"string"},"name":{"description":"The name of the user.","type":"string"},"username":{"description":"The username of the user.","type":"string"}},"type":"object"},"isMonitored":{"description":"Describes if a project is currently monitored or it is de-activated","type":"boolean"},"issueCountsBySeverity":{"description":"Number of known vulnerabilities in the project, not including ignored issues","properties":{"critical":{"description":"Number of critical severity vulnerabilities","type":"number"},"high":{"description":"Number of high severity vulnerabilities","type":"number"},"low":{"description":"Number of low severity vulnerabilities","type":"number"},"medium":{"description":"Number of medium severity vulnerabilities","type":"number"}},"type":"object"},"lastTestedDate":{"description":"The date on which the most recent test was conducted for this project","type":"string"},"name":{"type":"string"},"origin":{"description":"The origin the project was added from","type":"string"},"owner":{"description":"The user who owns the project, null if not set\n\n{\n \"id\": \"e713cf94-bb02-4ea0-89d9-613cce0caed2\",\n \"name\": \"example-user@snyk.io\",\n \"username\": \"exampleUser\",\n \"email\": \"example-user@snyk.io\"\n}","nullable":true,"properties":{},"type":"object"},"readOnly":{"description":"Whether the project is read-only","type":"boolean"},"remoteRepoUrl":{"description":"The project remote repository url. Only set for projects imported via the Snyk CLI tool.","type":"string"},"tags":{"description":"List of applied tags","items":{},"type":"array"},"targetReference":{"description":"The identifier for which revision of the resource is scanned by Snyk. For example this may be a branch for SCM project, or a tag for a container image","nullable":true,"type":"string"},"testFrequency":{"description":"The frequency of automated Snyk re-test. Can be 'daily', 'weekly or 'never'","type":"string"},"totalDependencies":{"description":"Number of dependencies of the project","type":"number"},"type":{"description":"The package manager of the project","type":"string"}},"type":"object"},"type":"array"}},"type":"object"}}},"description":"OK","headers":{}}},"summary":"List all projects","tags":["Projects"]}},"/org/{orgId}/provision":{"delete":{"description":"","operationId":"Delete pending user provision","parameters":[{"description":"The organization ID.","example":"25065eb1-109c-4c3e-9503-68fc56ef6f44","in":"path","name":"orgId","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":{"ok":false}}},"schema":{"properties":{"ok":{"description":"Deletion succeeded.","type":"boolean"}},"type":"object"}}},"description":"OK","headers":{}},"403":{"description":"Provided `API_KEY` has no user provision permission or does not have permissions in role being provisioned.","headers":{}}},"summary":"Delete pending user provision","tags":["Organizations"]},"get":{"description":"","operationId":"List pending user provisions","parameters":[{"description":"The organization ID.","example":"25065eb1-109c-4c3e-9503-68fc56ef6f44","in":"path","name":"orgId","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":[{"created":"","email":"","role":"","rolePublicId":""}]}},"schema":{"items":{},"type":"array"}}},"description":"OK","headers":{}},"403":{"description":"Provided `API_KEY` has no user provision permission or does not have permissions in role being provisioned.","headers":{}}},"summary":"List pending user provisions","tags":["Organizations"]},"post":{"description":"","operationId":"Provision a user to the organization","parameters":[{"description":"The organization ID. The `API_KEY` must not exceed the permissions being granted to the provisioned user.","example":"25065eb1-109c-4c3e-9503-68fc56ef6f44","in":"path","name":"orgId","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"example":{"email":"","role":"","rolePublicId":""},"properties":{"email":{"description":"The email of the user.","type":"string"},"role":{"description":"Deprecated. Name of the role to grant this user. Must be one of `ADMIN`, `COLLABORATOR`, or `RESTRICTED_COLLABORATOR`. This field is invalid if `rolePublicId` is supplied with the request.","type":"string"},"rolePublicId":{"description":"ID of the role to grant this user.","type":"string"}},"required":["email"],"type":"object"}}}},"responses":{"200":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":{"created":"","email":"","role":"","rolePublicId":""}}},"schema":{"properties":{"created":{"description":"Timestamp of when this provision record was created.","type":"string"},"email":{"description":"The email of the user.","type":"string"},"role":{"description":"Name of the role granted for this user.","type":"string"},"rolePublicId":{"description":"ID of the role to granted for this user.","type":"string"}},"type":"object"}}},"description":"OK","headers":{}},"403":{"description":"Provided `API_KEY` has no user provision permission or does not have permissions in role being provisioned.","headers":{}}},"summary":"Provision a user to the organization","tags":["Organizations"]}},"/org/{orgId}/settings":{"get":{"description":"","operationId":"View organization settings","parameters":[{"description":"The organization ID. The `API_KEY` must have access to this organization.","example":"25065eb1-109c-4c3e-9503-68fc56ef6f44","in":"path","name":"orgId","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":{"requestAccess":{"enabled":true}}}},"schema":{"properties":{"requestAccess":{"description":"Will only be returned if `API_KEY` has read access to request access settings.","properties":{"enabled":{"description":"Whether requesting access to the organization is enabled.","type":"boolean"}},"required":["enabled"],"type":"object"}},"type":"object"}}},"description":"OK","headers":{}}},"summary":"View organization settings","tags":["Organizations"]},"put":{"description":"Settings that are not provided will not be modified.","operationId":"Update organization settings","parameters":[{"description":"The organization ID. The `API_KEY` must have admin access to this organization.","example":"25065eb1-109c-4c3e-9503-68fc56ef6f44","in":"path","name":"orgId","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"example":{"requestAccess":{"enabled":true}},"properties":{"requestAccess":{"description":"Can only be updated if `API_KEY` has edit access to request access settings.","properties":{"enabled":{"description":"Whether requesting access to the organization is enabled.","type":"boolean"}},"required":["enabled"],"type":"object"}},"type":"object"}}}},"responses":{"200":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":{"requestAccess":{"enabled":true}}}},"schema":{"properties":{"requestAccess":{"description":"Will only be returned if `API_KEY` has read access to request access settings.","properties":{"enabled":{"description":"Whether requesting access to the organization is enabled.","type":"boolean"}},"required":["enabled"],"type":"object"}},"type":"object"}}},"description":"OK","headers":{}},"403":{"description":"If provided a setting that the `API_KEY` has no edit permission for.","headers":{}}},"summary":"Update organization settings","tags":["Organizations"]}},"/org/{orgId}/webhooks":{"get":{"description":"","operationId":"List webhooks","parameters":[{"description":"The organization ID to list projects for. The `API_KEY` must have access to this organization.","example":"4a18d42f-0706-4ad0-b127-24078731fbed","in":"path","name":"orgId","required":true,"schema":{"type":"string"}}],"responses":{"200":{"description":"OK","headers":{}}},"summary":"List webhooks","tags":["Webhooks"]},"post":{"description":"","operationId":"Create a webhook","parameters":[{"description":"The organization ID to list projects for. The `API_KEY` must have access to this organization.","example":"4a18d42f-0706-4ad0-b127-24078731fbed","in":"path","name":"orgId","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"properties":{"secret":{"description":"This is a password you create, that Snyk uses to sign our transports to you, so you be sure the notification is authentic. Your `secret` should: Be a random string with high entropy; Not be used for anything else; Only known to Snyk and your webhook transport consuming code;","type":"string"},"url":{"description":"Webhooks can only be configured for URLs using the `https` protocol. `http` is not allowed.","type":"string"}},"type":"object"}}}},"responses":{"200":{"description":"OK","headers":{}}},"summary":"Create a webhook","tags":["Webhooks"]}},"/org/{orgId}/webhooks/{webhookId}":{"delete":{"description":"","operationId":"Delete a webhook","parameters":[{"description":"Automatically added","in":"path","name":"orgId","required":true,"schema":{"type":"string"}},{"description":"Automatically added","in":"path","name":"webhookId","required":true,"schema":{"type":"string"}}],"responses":{"200":{"description":"OK","headers":{}}},"summary":"Delete a webhook","tags":["Webhooks"]},"get":{"description":"","operationId":"Retrieve a webhook","parameters":[{"description":"The organization ID the project belongs to. The `API_KEY` must have access to this organization.","example":"4a18d42f-0706-4ad0-b127-24078731fbed","in":"path","name":"orgId","required":true,"schema":{"type":"string"}},{"description":"The webhook ID.","example":"463c1ee5-31bc-428c-b451-b79a3270db08","in":"path","name":"webhookId","required":true,"schema":{"type":"string"}}],"responses":{"200":{"description":"OK","headers":{}}},"summary":"Retrieve a webhook","tags":["Webhooks"]}},"/org/{orgId}/webhooks/{webhookId}/ping":{"post":{"description":"","operationId":"Ping a webhook","parameters":[{"description":"The organization ID the project belongs to. The `API_KEY` must have access to this organization.","example":"4a18d42f-0706-4ad0-b127-24078731fbed","in":"path","name":"orgId","required":true,"schema":{"type":"string"}},{"description":"The webhook ID.","example":"463c1ee5-31bc-428c-b451-b79a3270db08","in":"path","name":"webhookId","required":true,"schema":{"type":"string"}}],"responses":{"200":{"description":"OK","headers":{}}},"summary":"Ping a webhook","tags":["Webhooks"]}},"/orgs":{"get":{"description":"","operationId":"List all the organizations a user belongs to","responses":{"200":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":{"orgs":[{"group":null,"id":"689ce7f9-7943-4a71-b704-2ba575f01089","name":"defaultOrg","slug":"default-org","url":"https://api.snyk.io/org/default-org"},{"group":{"id":"a060a49f-636e-480f-9e14-38e773b2a97f","name":"ACME Inc."},"id":"a04d9cbd-ae6e-44af-b573-0556b0ad4bd2","name":"My Other Org","slug":"my-other-org","url":"https://api.snyk.io/org/my-other-org"}]}}}}},"description":"OK","headers":{}}},"summary":"List all the organizations a user belongs to","tags":["Organizations"]}},"/reporting/counts/issues":{"post":{"description":"","operationId":"Get issue counts","parameters":[{"description":"The date you wish to fetch results from, in the format `YYYY-MM-DD`","example":"2025-08-15T13:51:54.395Z","in":"query","name":"from","required":true,"schema":{"type":"string"}},{"description":"The date you wish to fetch results until, in the format `YYYY-MM-DD`","example":"2025-08-15T13:51:54.395Z","in":"query","name":"to","required":true,"schema":{"type":"string"}},{"description":"The field to group results by","example":"severity","in":"query","name":"groupBy","required":false,"schema":{"enum":["severity","fixable","project,[severity|fixable]"],"type":"string"}}],"requestBody":{"$ref":"#/components/requestBodies/Get_latest_issue_countsBody"},"responses":{"200":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":{"results":[{"count":0,"day":"2025-08-15T13:51:54.395Z","severity":{"critical":0,"high":0,"low":0,"medium":0}},{"count":0,"day":"2025-08-15T13:51:54.395Z","severity":{"critical":0,"high":0,"low":0,"medium":0}},{"count":0,"day":"2025-08-15T13:51:54.395Z","severity":{"critical":0,"high":0,"low":0,"medium":0}}]}}},"schema":{"properties":{"results":{"description":"A list of issue counts by day","items":{"properties":{"count":{"description":"The number of issues","type":"number"},"day":{"description":"The date in the format `YYYY-MM-DD`","type":"string"},"fixable":{"properties":{"false":{"description":"The number of non-fixable issues","type":"number"},"true":{"description":"The number of fixable issues","type":"number"}},"type":"object"},"severity":{"properties":{"critical":{"description":"The number of critical severity issues","type":"number"},"high":{"description":"The number of high severity issues","type":"number"},"low":{"description":"The number of low severity issues","type":"number"},"medium":{"description":"The number of medium severity issues","type":"number"}},"type":"object"}},"required":["day","count"],"type":"object"},"type":"array"}},"required":["results"],"type":"object"}}},"description":"OK","headers":{}},"400":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":{"code":400,"error":{"innerErrors":["invalid type filters.types is an invalid type unsupported-type"],"name":"ValidationError"},"ok":false}}},"schema":{"properties":{"code":{"description":"The error response code","type":"number"},"error":{"properties":{"innerErrors":{"description":"A list of additional reasons why the error occurred","items":{},"type":"array"},"name":{"description":"A descriptive message of the error","type":"string"}},"required":["name"],"type":"object"},"ok":{"type":"boolean"}},"required":["code","ok","error"],"type":"object"}}},"description":"Bad Request","headers":{}}},"summary":"Get issue counts","tags":["Reporting API"]}},"/reporting/counts/issues/latest":{"post":{"description":"","operationId":"Get latest issue counts","parameters":[{"description":"The field to group results by","example":"severity","in":"query","name":"groupBy","required":false,"schema":{"enum":["severity","fixable","project,[severity|fixable]"],"type":"string"}}],"requestBody":{"$ref":"#/components/requestBodies/Get_latest_issue_countsBody"},"responses":{"200":{"content":{"application/json; charset=utf-8":{"schema":{"properties":{"results":{"description":"A list of issue counts by day","items":{"properties":{"count":{"description":"The number of issues","type":"number"},"day":{"description":"The date in the format `YYYY-MM-DD`","type":"string"},"fixable":{"properties":{"false":{"description":"The number of non-fixable issues","type":"number"},"true":{"description":"The number of fixable issues","type":"number"}},"type":"object"},"severity":{"properties":{"critical":{"description":"The number of critical severity issues","type":"number"},"high":{"description":"The number of high severity issues","type":"number"},"low":{"description":"The number of low severity issues","type":"number"},"medium":{"description":"The number of medium severity issues","type":"number"}},"type":"object"}},"required":["day","count"],"type":"object"},"type":"array"}},"required":["results"],"type":"object"}}},"description":"OK","headers":{}},"400":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":{"code":400,"error":{"innerErrors":["invalid type filters.types is an invalid type unsupported-type"],"name":"ValidationError"},"ok":false}}},"schema":{"properties":{"code":{"description":"The error response code","type":"number"},"error":{"properties":{"innerErrors":{"description":"A list of additional reasons why the error occurred","items":{},"type":"array"},"name":{"description":"A descriptive message of the error","type":"string"}},"required":["name"],"type":"object"},"ok":{"type":"boolean"}},"required":["code","ok","error"],"type":"object"}}},"description":"Bad Request","headers":{}}},"summary":"Get latest issue counts","tags":["Reporting API"]}},"/reporting/counts/projects":{"post":{"description":"","operationId":"Get project counts","parameters":[{"description":"The date you wish to fetch results from, in the format `YYYY-MM-DD`","example":"2025-08-15T13:51:54.395Z","in":"query","name":"from","required":true,"schema":{"type":"string"}},{"description":"The date you wish to fetch results until, in the format `YYYY-MM-DD`","example":"2025-08-15T13:51:54.395Z","in":"query","name":"to","required":true,"schema":{"type":"string"}}],"requestBody":{"$ref":"#/components/requestBodies/Get_latest_project_countsBody"},"responses":{"200":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":{"results":[{"count":0,"day":"2025-08-15T13:51:54.395Z"},{"count":0,"day":"2025-08-15T13:51:54.395Z"},{"count":0,"day":"2025-08-15T13:51:54.395Z"}]}}},"schema":{"properties":{"results":{"description":"A list of project counts by day","items":{"properties":{"count":{"description":"The number of projects","type":"number"},"day":{"description":"The date in the format `YYYY-MM-DD`","type":"string"}},"required":["day","count"],"type":"object"},"type":"array"}},"required":["results"],"type":"object"}}},"description":"OK","headers":{}},"400":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":{"code":400,"error":{"innerErrors":["invalid type filters.projects is an invalid project unsupported-project"],"name":"ValidationError"},"ok":false}}},"schema":{"properties":{"code":{"description":"The error response code","type":"number"},"error":{"properties":{"innerErrors":{"description":"A list of additional reasons why the error occurred","items":{},"type":"array"},"name":{"description":"A descriptive message of the error","type":"string"}},"required":["name"],"type":"object"},"ok":{"type":"boolean"}},"required":["code","ok","error"],"type":"object"}}},"description":"Bad Request","headers":{}}},"summary":"Get project counts","tags":["Reporting API"]}},"/reporting/counts/projects/latest":{"post":{"description":"","operationId":"Get latest project counts","requestBody":{"$ref":"#/components/requestBodies/Get_latest_project_countsBody"},"responses":{"200":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":{"results":[{"count":0,"day":"2025-08-15T13:51:54.395Z"}]}}},"schema":{"properties":{"results":{"description":"A list of project counts by day","items":{"properties":{"count":{"description":"The number of projects","type":"number"},"day":{"description":"The date in the format `YYYY-MM-DD`","type":"string"}},"required":["day","count"],"type":"object"},"type":"array"}},"required":["results"],"type":"object"}}},"description":"OK","headers":{}},"400":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":{"code":400,"error":{"innerErrors":["invalid type filters.projects is an invalid project unsupported-project"],"name":"ValidationError"},"ok":false}}},"schema":{"properties":{"code":{"description":"The error response code","type":"number"},"error":{"properties":{"innerErrors":{"description":"A list of additional reasons why the error occurred","items":{},"type":"array"},"name":{"description":"A descriptive message of the error","type":"string"}},"required":["name"],"type":"object"},"ok":{"type":"boolean"}},"required":["code","ok","error"],"type":"object"}}},"description":"Bad Request","headers":{}}},"summary":"Get latest project counts","tags":["Reporting API"]}},"/reporting/counts/tests":{"post":{"description":"","operationId":"Get test counts","parameters":[{"description":"The date you wish to count tests from, in the format `YYYY-MM-DD`","example":"2025-08-15T13:51:54.395Z","in":"query","name":"from","required":true,"schema":{"type":"string"}},{"description":"The date you wish to count tests until, in the format `YYYY-MM-DD`","example":"2025-08-15T13:51:54.395Z","in":"query","name":"to","required":true,"schema":{"type":"string"}},{"description":"The field to group results by","example":"isPrivate","in":"query","name":"groupBy","required":false,"schema":{"enum":["isPrivate","issuesPrevented"],"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"example":{"filters":{"isPrivate":false,"issuesPrevented":false,"orgs":[],"projects":[]}},"properties":{"filters":{"properties":{"isPrivate":{"description":"If set to `true`, only include tests which were conducted against private projects, if set to `false` only include tests which were conducted against public projects","type":"boolean"},"issuesPrevented":{"description":"If set to `true`, only include tests which prevented issues from being introduced, if set to `false` only include tests which did not prevent issues from being introduced","type":"boolean"},"orgs":{"description":"The list of org IDs to filter the results by"},"projects":{"description":"The list of project IDs to filter issues by, max projects allowed is 1000"}},"required":["orgs"],"type":"object"}},"type":"object"}}}},"responses":{"200":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":{"results":[{"count":0,"isPrivate":{"false":0,"true":0}}]}}},"schema":{"properties":{"results":{"description":"A list of test counts","items":{"properties":{"count":{"description":"The number of tests conducted","type":"number"},"isPrivate":{"properties":{"false":{"description":"The number of tests conducted against public projects","type":"number"},"true":{"description":"The number of tests conducted against private projects","type":"number"}},"type":"object"},"issuesPrevented":{"properties":{"false":{"description":"The number of tests that did not prevent issues from being introduced","type":"number"},"true":{"description":"The number of tests that prevented issues from being introduced","type":"number"}},"type":"object"}},"required":["count"],"type":"object"},"type":"array"}},"required":["results"],"type":"object"}}},"description":"OK","headers":{}},"400":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":{"code":400,"error":{"innerErrors":["invalid type filters.isPrivate is not a Boolean"],"name":"ValidationError"},"ok":false}}},"schema":{"properties":{"code":{"description":"The error response code","type":"number"},"error":{"properties":{"innerErrors":{"description":"A list of additional reasons why the error occurred","items":{},"type":"array"},"name":{"description":"A descriptive message of the error","type":"string"}},"required":["name"],"type":"object"},"ok":{"type":"boolean"}},"required":["code","ok","error"],"type":"object"}}},"description":"Bad Request","headers":{}}},"summary":"Get test counts","tags":["Reporting API"]}},"/reporting/issues/":{"post":{"description":"","operationId":"Get list of issues","parameters":[{"description":"The date you wish to fetch results from, in the format `YYYY-MM-DD`","example":"2025-08-15T13:51:54.395Z","in":"query","name":"from","required":true,"schema":{"type":"string"}},{"description":"The date you wish to fetch results until, in the format `YYYY-MM-DD`","example":"2025-08-15T13:51:54.395Z","in":"query","name":"to","required":true,"schema":{"type":"string"}},{"description":"The page of results to request","example":"1","in":"query","name":"page","required":false,"schema":{"type":"number"}},{"description":"The number of results to return per page (Maximum: 1000)","example":"100","in":"query","name":"perPage","required":false,"schema":{"type":"number"}},{"description":"The key to sort results by","example":"issueTitle","in":"query","name":"sortBy","required":false,"schema":{"enum":["severity","issueTitle","projectName","isFixed","isPatched","isIgnored","introducedDate","isUpgradable","isPatchable","priorityScore"],"type":"string"}},{"description":"The direction to sort results.","example":"asc","in":"query","name":"order","required":false,"schema":{"type":"string"}},{"description":"Set to issue to group the same issue in multiple projects","example":"issue","in":"query","name":"groupBy","required":false,"schema":{"enum":["issue"],"type":"string"}}],"requestBody":{"$ref":"#/components/requestBodies/Get_list_of_latest_issuesBody"},"responses":{"200":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":{"results":[{"fixedDate":"","introducedDate":"","isFixed":false,"issue":{"CVSSv3":"","credit":[],"cvssScore":0,"disclosureTime":"","exploitMaturity":"","id":"","identifiers":{"CVE":[],"CWE":[],"OSVDB":[]},"ignored":[{"expires":"","reason":"","source":"cli"}],"isIgnored":false,"isPatchable":false,"isPatched":false,"isPinnable":false,"isUpgradable":false,"jiraIssueUrl":"","language":"","originalSeverity":"","package":"","packageManager":"","patches":[{"comments":[],"id":"","modificationTime":"","urls":[],"version":""}],"priorityScore":0,"publicationTime":"","semver":{"unaffected":"","vulnerable":[]},"severity":"","title":"","type":"","uniqueSeveritiesList":[],"url":"","version":""},"patchedDate":"","projects":[{"id":"","name":"","packageManager":"","source":"","targetFile":"","url":""}]}],"total":0}}},"schema":{"properties":{"results":{"description":"A list of issues","items":{"oneOf":[{"properties":{"projects":{"description":"When `groupBy` is used, multiple projects may be returned per issue","items":{},"type":"array"}},"required":["projects"]},{"properties":{"project":{"description":"When no `groupBy` is used, a single project is returned per issue","properties":{"id":{"description":"The identifier of the project","type":"string"},"name":{"description":"The name of the project","type":"string"},"packageManager":{"description":"The package manager for the project (e.g. npm, rubygems etc)","type":"string"},"source":{"description":"The source of the project (e.g. github, heroku etc)","type":"string"},"targetFile":{"description":"The file path to the dependency manifest or lock file (e.g. package.json, Gemfile.lock etc)","type":"string"},"url":{"description":"URL to a page containing information about the project","type":"string"}},"required":["url","id","name","source","packageManager"],"type":"object"}},"required":["project"]}],"properties":{"fixedDate":{"description":"The date that the issue was fixed","type":"string"},"introducedDate":{"description":"The date that the issue was introduced into the project","type":"string"},"isFixed":{"description":"Whether the issue has been fixed","type":"boolean"},"issue":{"properties":{"CVSSv3":{"description":"The CVSS v3 string that signifies how the CVSS score was calculated (not applicable to licenses)","type":"string"},"credit":{"description":"The list of people responsible for first uncovering or reporting the issue (not applicable to licenses)","items":{},"type":"array"},"cvssScore":{"description":"The CVSS score that results from running the CVSSv3 string (not applicable to licenses)","type":"number"},"disclosureTime":{"description":"The date that the vulnerability was first disclosed (not applicable to licenses)","type":"string"},"exploitMaturity":{"description":"The exploit maturity of the issue","type":"string"},"id":{"description":"The identifier of the issue","type":"string"},"identifiers":{"description":"External identifiers assigned to the issue (not applicable to licenses)","properties":{"CVE":{"description":"Common Vulnerability Enumeration identifiers","items":{},"type":"array"},"CWE":{"description":"Common Weakness Enumeration identifiers","items":{},"type":"array"},"OSVDB":{"description":"Identifiers assigned by the Open Source Vulnerability Database (OSVDB)","items":{},"type":"array"}},"type":"object"},"ignored":{"description":"The list of ignore rules that were applied to the issue (only present if issue was ignored and no `groupBy` in the API request)","items":{},"type":"array"},"isIgnored":{"description":"Whether the issue has been ignored (only present if there is no `groupBy` in the API request)","type":"boolean"},"isPatchable":{"description":"Whether the issue can be patched","type":"boolean"},"isPatched":{"description":"Whether the issue has been patched (not applicable to licenses and only present if there is no `groupBy` in the API request)","type":"boolean"},"isPinnable":{"description":"Whether the issue can be pinned","type":"boolean"},"isUpgradable":{"description":"Whether the issue can be fixed by upgrading to a later version of the dependency","type":"boolean"},"jiraIssueUrl":{"description":"The link to the Jira issue attached to the vulnerability","type":"string"},"language":{"description":"The language of the issue","type":"string"},"originalSeverity":{"description":"The original severity status of the issue, as retrieved from Snyk Vulnerability database, before policies are applied","type":"string"},"package":{"description":"The name of the package that the issue relates to","type":"string"},"packageManager":{"description":"The package manager of the issue","type":"string"},"patches":{"description":"A list of patches available for the given issue (not applicable to licenses)","items":{},"type":"array"},"priorityScore":{"description":"The priority score ranging between 0-1000","type":"number"},"publicationTime":{"description":"The date that the vulnerability was first published by Snyk (not applicable to licenses)","type":"string"},"semver":{"description":"The ranges that are vulnerable and unaffected by the issue","properties":{"unaffected":{"description":"The ranges that are unaffected by the issue","type":"string"},"vulnerable":{"description":"The ranges that are vulnerable to the issue","items":{},"type":"array"}},"type":"object"},"severity":{"description":"The severity status of the issue, after policies are applied","type":"string"},"title":{"description":"The issue title","type":"string"},"type":{"description":"The issue type, can be \"vuln\", \"license\"","type":"string"},"uniqueSeveritiesList":{"description":"A list of all severities in issue per projects","items":{},"type":"array"},"url":{"description":"URL to a page containing information about the issue","type":"string"},"version":{"description":"The version of the package that the issue relates to","type":"string"}},"required":["url","id","title","type","package","version","severity","originalSeverity","exploitMaturity"],"type":"object"},"patchedDate":{"description":"The date that the issue was patched","type":"string"}},"required":["issue","isFixed","introducedDate"],"type":"object"},"type":"array"},"total":{"description":"The total number of results found","type":"number"}},"required":["results","total"],"type":"object"}}},"description":"OK","headers":{}},"400":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":{"code":400,"error":{"innerErrors":["invalid type filters.types is an invalid type unsupported-type"],"name":"ValidationError"},"ok":false}}},"schema":{"properties":{"code":{"description":"The error response code","type":"number"},"error":{"properties":{"innerErrors":{"description":"A list of additional reasons why the error occurred","items":{},"type":"array"},"name":{"description":"A descriptive message of the error","type":"string"}},"required":["name"],"type":"object"},"ok":{"type":"boolean"}},"required":["code","ok","error"],"type":"object"}}},"description":"Bad Request","headers":{}}},"summary":"Get list of issues","tags":["Reporting API"]}},"/reporting/issues/latest":{"post":{"description":"","operationId":"Get list of latest issues","parameters":[{"description":"The page of results to request","example":"1","in":"query","name":"page","required":false,"schema":{"type":"number"}},{"description":"The number of results to return per page (Maximum: 1000)","example":"100","in":"query","name":"perPage","required":false,"schema":{"type":"number"}},{"description":"The key to sort results by","example":"issueTitle","in":"query","name":"sortBy","required":false,"schema":{"enum":["severity","issueTitle","projectName","isFixed","isPatched","isIgnored","introducedDate","isUpgradable","isPatchable","priorityScore"],"type":"string"}},{"description":"The direction to sort results.","example":"asc","in":"query","name":"order","required":false,"schema":{"type":"string"}},{"description":"Set to issue to group the same issue in multiple projects","example":"issue","in":"query","name":"groupBy","required":false,"schema":{"enum":["issue"],"type":"string"}}],"requestBody":{"$ref":"#/components/requestBodies/Get_list_of_latest_issuesBody"},"responses":{"200":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":{"results":[{"fixedDate":"","introducedDate":"","isFixed":false,"issue":{"CVSSv3":"","credit":[],"cvssScore":0,"disclosureTime":"","exploitMaturity":"","id":"","identifiers":{"CVE":[],"CWE":[],"OSVDB":[]},"ignored":[{"expires":"","reason":"","source":"cli"}],"isIgnored":false,"isPatchable":false,"isPatched":false,"isPinnable":false,"isUpgradable":false,"jiraIssueUrl":"","language":"","originalSeverity":"","package":"","packageManager":"","patches":[{"comments":[],"id":"","modificationTime":"","urls":[],"version":""}],"priorityScore":0,"publicationTime":"","semver":{"unaffected":"","vulnerable":[]},"severity":"","title":"","type":"","uniqueSeveritiesList":[],"url":"","version":""},"patchedDate":"","projects":[{"id":"","name":"","packageManager":"","source":"","targetFile":"","url":""}]}],"total":0}}},"schema":{"properties":{"results":{"description":"A list of issues","items":{"oneOf":[{"properties":{"projects":{"description":"When `groupBy` is used, multiple projects may be returned per issue","items":{},"type":"array"}},"required":["projects"]},{"properties":{"project":{"description":"When no `groupBy` is used, a single project is returned per issue","properties":{"id":{"description":"The identifier of the project","type":"string"},"name":{"description":"The name of the project","type":"string"},"packageManager":{"description":"The package manager for the project (e.g. npm, rubygems etc)","type":"string"},"source":{"description":"The source of the project (e.g. github, heroku etc)","type":"string"},"targetFile":{"description":"The file path to the dependency manifest or lock file (e.g. package.json, Gemfile.lock etc)","type":"string"},"url":{"description":"URL to a page containing information about the project","type":"string"}},"required":["url","id","name","source","packageManager"],"type":"object"}},"required":["project"]}],"properties":{"fixedDate":{"description":"The date that the issue was fixed","type":"string"},"introducedDate":{"description":"The date that the issue was introduced into the project","type":"string"},"isFixed":{"description":"Whether the issue has been fixed","type":"boolean"},"issue":{"properties":{"CVSSv3":{"description":"The CVSS v3 string that signifies how the CVSS score was calculated (not applicable to licenses)","type":"string"},"credit":{"description":"The list of people responsible for first uncovering or reporting the issue (not applicable to licenses)","items":{},"type":"array"},"cvssScore":{"description":"The CVSS score that results from running the CVSSv3 string (not applicable to licenses)","type":"number"},"disclosureTime":{"description":"The date that the vulnerability was first disclosed (not applicable to licenses)","type":"string"},"exploitMaturity":{"description":"The exploit maturity of the issue","type":"string"},"id":{"description":"The identifier of the issue","type":"string"},"identifiers":{"description":"External identifiers assigned to the issue (not applicable to licenses)","properties":{"CVE":{"description":"Common Vulnerability Enumeration identifiers","items":{},"type":"array"},"CWE":{"description":"Common Weakness Enumeration identifiers","items":{},"type":"array"},"OSVDB":{"description":"Identifiers assigned by the Open Source Vulnerability Database (OSVDB)","items":{},"type":"array"}},"type":"object"},"ignored":{"description":"The list of ignore rules that were applied to the issue (only present if issue was ignored and no `groupBy` in the API request)","items":{},"type":"array"},"isIgnored":{"description":"Whether the issue has been ignored (only present if there is no `groupBy` in the API request)","type":"boolean"},"isPatchable":{"description":"Whether the issue can be patched","type":"boolean"},"isPatched":{"description":"Whether the issue has been patched (not applicable to licenses and only present if there is no `groupBy` in the API request)","type":"boolean"},"isPinnable":{"description":"Whether the issue can be pinned","type":"boolean"},"isUpgradable":{"description":"Whether the issue can be fixed by upgrading to a later version of the dependency","type":"boolean"},"jiraIssueUrl":{"description":"The link to the Jira issue attached to the vulnerability","type":"string"},"language":{"description":"The language of the issue","type":"string"},"originalSeverity":{"description":"The original severity status of the issue, as retrieved from Snyk Vulnerability database, before policies are applied","type":"string"},"package":{"description":"The name of the package that the issue relates to","type":"string"},"packageManager":{"description":"The package manager of the issue","type":"string"},"patches":{"description":"A list of patches available for the given issue (not applicable to licenses)","items":{},"type":"array"},"priorityScore":{"description":"The priority score ranging between 0-1000","type":"number"},"publicationTime":{"description":"The date that the vulnerability was first published by Snyk (not applicable to licenses)","type":"string"},"semver":{"description":"The ranges that are vulnerable and unaffected by the issue","properties":{"unaffected":{"description":"The ranges that are unaffected by the issue","type":"string"},"vulnerable":{"description":"The ranges that are vulnerable to the issue","items":{},"type":"array"}},"type":"object"},"severity":{"description":"The severity status of the issue, after policies are applied","type":"string"},"title":{"description":"The issue title","type":"string"},"type":{"description":"The issue type, can be \"vuln\", \"license\"","type":"string"},"uniqueSeveritiesList":{"description":"A list of all severities in issue per projects","items":{},"type":"array"},"url":{"description":"URL to a page containing information about the issue","type":"string"},"version":{"description":"The version of the package that the issue relates to","type":"string"}},"required":["url","id","title","type","package","version","severity","originalSeverity","exploitMaturity"],"type":"object"},"patchedDate":{"description":"The date that the issue was patched","type":"string"}},"required":["issue","isFixed","introducedDate"],"type":"object"},"type":"array"},"total":{"description":"The total number of results found","type":"number"}},"required":["results","total"],"type":"object"}}},"description":"OK","headers":{}},"400":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":{"code":400,"error":{"innerErrors":["invalid type filters.types is an invalid type unsupported-type"],"name":"ValidationError"},"ok":false}}},"schema":{"properties":{"code":{"description":"The error response code","type":"number"},"error":{"properties":{"innerErrors":{"description":"A list of additional reasons why the error occurred","items":{},"type":"array"},"name":{"description":"A descriptive message of the error","type":"string"}},"required":["name"],"type":"object"},"ok":{"type":"boolean"}},"required":["code","ok","error"],"type":"object"}}},"description":"Bad Request","headers":{}}},"summary":"Get list of latest issues","tags":["Reporting API"]}},"/test/composer":{"post":{"description":"You can test your Composer packages for issues according to their manifest file & lockfile using this action. It takes a JSON object containing a \"target\" `composer.json` and a `composer.lock`.","operationId":"Test composer.json & composer.lock file","requestBody":{"content":{"application/json":{"schema":{"example":{"encoding":"base64","files":{"additional":[{"contents":"{\"_readme\":[\"This file locks the dependencies of your project to a known state\",\"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file\",\"This file is @generated automatically\"],\"content-hash\":\"3a3771e545494c4c098e639bd68602ba\",\"packages\":[{\"name\":\"aws/aws-sdk-php\",\"version\":\"3.0.0\",\"source\":{\"type\":\"git\",\"url\":\"https://github.com/aws/aws-sdk-php.git\",\"reference\":\"4018c8f14a9e53003bb0417fa859c6a7ad57b53b\"},\"dist\":{\"type\":\"zip\",\"url\":\"https://api.github.com/repos/aws/aws-sdk-php/zipball/4018c8f14a9e53003bb0417fa859c6a7ad57b53b\",\"reference\":\"4018c8f14a9e53003bb0417fa859c6a7ad57b53b\",\"shasum\":\"\"},\"require\":{\"guzzlehttp/guzzle\":\"^5.3 || ^6.0.1\",\"guzzlehttp/promises\":\"^1.0.0\",\"guzzlehttp/psr7\":\"^1.0.0\",\"mtdowling/jmespath.php\":\"^2.2\",\"php\":\">=5.5\"},\"require-dev\":{\"ext-dom\":\"*\",\"ext-json\":\"*\",\"ext-openssl\":\"*\",\"ext-pcre\":\"*\",\"ext-simplexml\":\"*\",\"ext-spl\":\"*\",\"phpunit/phpunit\":\"^4.0\"},\"suggest\":{\"ext-curl\":\"To send requests using cURL\",\"ext-openssl\":\"Allows working with CloudFront private distributions and verifying received SNS messages\"},\"type\":\"library\",\"extra\":{\"branch-alias\":{\"dev-master\":\"3.0-dev\"}},\"autoload\":{\"psr-4\":{\"Aws\\\":\"src/\"},\"files\":[\"src/functions.php\"]},\"notification-url\":\"https://packagist.org/downloads/\",\"license\":[\"Apache-2.0\"],\"authors\":[{\"name\":\"Amazon Web Services\",\"homepage\":\"http://aws.amazon.com\"}],\"description\":\"AWS SDK for PHP - Use Amazon Web Services in your PHP project\",\"homepage\":\"http://aws.amazon.com/sdkforphp\",\"keywords\":[\"amazon\",\"aws\",\"cloud\",\"dynamodb\",\"ec2\",\"glacier\",\"s3\",\"sdk\"],\"time\":\"2015-05-27T20:07:42+00:00\"},{\"name\":\"doctrine/annotations\",\"version\":\"v1.5.0\",\"source\":{\"type\":\"git\",\"url\":\"https://github.com/doctrine/annotations.git\",\"reference\":\"5beebb01b025c94e93686b7a0ed3edae81fe3e7f\"},\"dist\":{\"type\":\"zip\",\"url\":\"https://api.github.com/repos/doctrine/annotations/zipball/5beebb01b025c94e93686b7a0ed3edae81fe3e7f\",\"reference\":\"5beebb01b025c94e93686b7a0ed3edae81fe3e7f\",\"shasum\":\"\"},\"require\":{\"doctrine/lexer\":\"1.*\",\"php\":\"^7.1\"},\"require-dev\":{\"doctrine/cache\":\"1.*\",\"phpunit/phpunit\":\"^5.7\"},\"type\":\"library\",\"extra\":{\"branch-alias\":{\"dev-master\":\"1.5.x-dev\"}},\"autoload\":{\"psr-4\":{\"Doctrine\\Common\\Annotations\\\":\"lib/Doctrine/Common/Annotations\"}},\"notification-url\":\"https://packagist.org/downloads/\",\"license\":[\"MIT\"],\"authors\":[{\"name\":\"Roman Borschel\",\"email\":\"roman@code-factory.org\"},{\"name\":\"Benjamin Eberlei\",\"email\":\"kontakt@beberlei.de\"},{\"name\":\"Guilherme Blanco\",\"email\":\"guilhermeblanco@gmail.com\"},{\"name\":\"Jonathan Wage\",\"email\":\"jonwage@gmail.com\"},{\"name\":\"Johannes Schmitt\",\"email\":\"schmittjoh@gmail.com\"}],\"description\":\"Docblock Annotations Parser\",\"homepage\":\"http://www.doctrine-project.org\",\"keywords\":[\"annotations\",\"docblock\",\"parser\"],\"time\":\"2017-07-22T10:58:02+00:00\"},{\"name\":\"doctrine/cache\",\"version\":\"v1.7.1\",\"source\":{\"type\":\"git\",\"url\":\"https://github.com/doctrine/cache.git\",\"reference\":\"b3217d58609e9c8e661cd41357a54d926c4a2a1a\"},\"dist\":{\"type\":\"zip\",\"url\":\"https://api.github.com/repos/doctrine/cache/zipball/b3217d58609e9c8e661cd41357a54d926c4a2a1a\",\"reference\":\"b3217d58609e9c8e661cd41357a54d926c4a2a1a\",\"shasum\":\"\"},\"require\":{\"php\":\"~7.1\"},\"conflict\":{\"doctrine/common\":\">2.2,<2.4\"},\"require-dev\":{\"alcaeus/mongo-php-adapter\":\"^1.1\",\"mongodb/mongodb\":\"^1.1\",\"phpunit/phpunit\":\"^5.7\",\"predis/predis\":\"~1.0\"},\"suggest\":{\"alcaeus/mongo-php-adapter\":\"Required to use legacy MongoDB driver\"},\"type\":\"library\",\"extra\":{\"branch-alias\":{\"dev-master\":\"1.7.x-dev\"}},\"autoload\":{\"psr-4\":{\"Doctrine\\Common\\Cache\\\":\"lib/Doctrine/Common/Cache\"}},\"notification-url\":\"https://packagist.org/downloads/\",\"license\":[\"MIT\"],\"authors\":[{\"name\":\"Roman Borschel\",\"email\":\"roman@code-factory.org\"},{\"name\":\"Benjamin Eberlei\",\"email\":\"kontakt@beberlei.de\"},{\"name\":\"Guilherme Blanco\",\"email\":\"guilhermeblanco@gmail.com\"},{\"name\":\"Jonathan Wage\",\"email\":\"jonwage@gmail.com\"},{\"name\":\"Johannes Schmitt\",\"email\":\"schmittjoh@gmail.com\"}],\"description\":\"Caching library offering an object-oriented API for many cache backends\",\"homepage\":\"http://www.doctrine-project.org\",\"keywords\":[\"cache\",\"caching\"],\"time\":\"2017-08-25T07:02:50+00:00\"},{\"name\":\"doctrine/collections\",\"version\":\"v1.5.0\",\"source\":{\"type\":\"git\",\"url\":\"https://github.com/doctrine/collections.git\",\"reference\":\"a01ee38fcd999f34d9bfbcee59dbda5105449cbf\"},\"dist\":{\"type\":\"zip\",\"url\":\"https://api.github.com/repos/doctrine/collections/zipball/a01ee38fcd999f34d9bfbcee59dbda5105449cbf\",\"reference\":\"a01ee38fcd999f34d9bfbcee59dbda5105449cbf\",\"shasum\":\"\"},\"require\":{\"php\":\"^7.1\"},\"require-dev\":{\"doctrine/coding-standard\":\"~0.1@dev\",\"phpunit/phpunit\":\"^5.7\"},\"type\":\"library\",\"extra\":{\"branch-alias\":{\"dev-master\":\"1.3.x-dev\"}},\"autoload\":{\"psr-0\":{\"Doctrine\\Common\\Collections\\\":\"lib/\"}},\"notification-url\":\"https://packagist.org/downloads/\",\"license\":[\"MIT\"],\"authors\":[{\"name\":\"Roman Borschel\",\"email\":\"roman@code-factory.org\"},{\"name\":\"Benjamin Eberlei\",\"email\":\"kontakt@beberlei.de\"},{\"name\":\"Guilherme Blanco\",\"email\":\"guilhermeblanco@gmail.com\"},{\"name\":\"Jonathan Wage\",\"email\":\"jonwage@gmail.com\"},{\"name\":\"Johannes Schmitt\",\"email\":\"schmittjoh@gmail.com\"}],\"description\":\"Collections Abstraction library\",\"homepage\":\"http://www.doctrine-project.org\",\"keywords\":[\"array\",\"collections\",\"iterator\"],\"time\":\"2017-07-22T10:37:32+00:00\"},{\"name\":\"doctrine/common\",\"version\":\"v2.5.0\",\"source\":{\"type\":\"git\",\"url\":\"https://github.com/doctrine/common.git\",\"reference\":\"cd8daf2501e10c63dced7b8b9b905844316ae9d3\"},\"dist\":{\"type\":\"zip\",\"url\":\"https://api.github.com/repos/doctrine/common/zipball/cd8daf2501e10c63dced7b8b9b905844316ae9d3\",\"reference\":\"cd8daf2501e10c63dced7b8b9b905844316ae9d3\",\"shasum\":\"\"},\"require\":{\"doctrine/annotations\":\"1.*\",\"doctrine/cache\":\"1.*\",\"doctrine/collections\":\"1.*\",\"doctrine/inflector\":\"1.*\",\"doctrine/lexer\":\"1.*\",\"php\":\">=5.3.2\"},\"require-dev\":{\"phpunit/phpunit\":\"~3.7\"},\"type\":\"library\",\"extra\":{\"branch-alias\":{\"dev-master\":\"2.6.x-dev\"}},\"autoload\":{\"psr-0\":{\"Doctrine\\Common\\\":\"lib/\"}},\"notification-url\":\"https://packagist.org/downloads/\",\"license\":[\"MIT\"],\"authors\":[{\"name\":\"Roman Borschel\",\"email\":\"roman@code-factory.org\"},{\"name\":\"Benjamin Eberlei\",\"email\":\"kontakt@beberlei.de\"},{\"name\":\"Guilherme Blanco\",\"email\":\"guilhermeblanco@gmail.com\"},{\"name\":\"Jonathan Wage\",\"email\":\"jonwage@gmail.com\"},{\"name\":\"Johannes Schmitt\",\"email\":\"schmittjoh@gmail.com\"}],\"description\":\"Common Library for Doctrine projects\",\"homepage\":\"http://www.doctrine-project.org\",\"keywords\":[\"annotations\",\"collections\",\"eventmanager\",\"persistence\",\"spl\"],\"time\":\"2015-04-02T19:55:44+00:00\"},{\"name\":\"doctrine/inflector\",\"version\":\"v1.2.0\",\"source\":{\"type\":\"git\",\"url\":\"https://github.com/doctrine/inflector.git\",\"reference\":\"e11d84c6e018beedd929cff5220969a3c6d1d462\"},\"dist\":{\"type\":\"zip\",\"url\":\"https://api.github.com/repos/doctrine/inflector/zipball/e11d84c6e018beedd929cff5220969a3c6d1d462\",\"reference\":\"e11d84c6e018beedd929cff5220969a3c6d1d462\",\"shasum\":\"\"},\"require\":{\"php\":\"^7.0\"},\"require-dev\":{\"phpunit/phpunit\":\"^6.2\"},\"type\":\"library\",\"extra\":{\"branch-alias\":{\"dev-master\":\"1.2.x-dev\"}},\"autoload\":{\"psr-4\":{\"Doctrine\\Common\\Inflector\\\":\"lib/Doctrine/Common/Inflector\"}},\"notification-url\":\"https://packagist.org/downloads/\",\"license\":[\"MIT\"],\"authors\":[{\"name\":\"Roman Borschel\",\"email\":\"roman@code-factory.org\"},{\"name\":\"Benjamin Eberlei\",\"email\":\"kontakt@beberlei.de\"},{\"name\":\"Guilherme Blanco\",\"email\":\"guilhermeblanco@gmail.com\"},{\"name\":\"Jonathan Wage\",\"email\":\"jonwage@gmail.com\"},{\"name\":\"Johannes Schmitt\",\"email\":\"schmittjoh@gmail.com\"}],\"description\":\"Common String Manipulations with regard to casing and singular/plural rules.\",\"homepage\":\"http://www.doctrine-project.org\",\"keywords\":[\"inflection\",\"pluralize\",\"singularize\",\"string\"],\"time\":\"2017-07-22T12:18:28+00:00\"},{\"name\":\"doctrine/lexer\",\"version\":\"v1.0.1\",\"source\":{\"type\":\"git\",\"url\":\"https://github.com/doctrine/lexer.git\",\"reference\":\"83893c552fd2045dd78aef794c31e694c37c0b8c\"},\"dist\":{\"type\":\"zip\",\"url\":\"https://api.github.com/repos/doctrine/lexer/zipball/83893c552fd2045dd78aef794c31e694c37c0b8c\",\"reference\":\"83893c552fd2045dd78aef794c31e694c37c0b8c\",\"shasum\":\"\"},\"require\":{\"php\":\">=5.3.2\"},\"type\":\"library\",\"extra\":{\"branch-alias\":{\"dev-master\":\"1.0.x-dev\"}},\"autoload\":{\"psr-0\":{\"Doctrine\\Common\\Lexer\\\":\"lib/\"}},\"notification-url\":\"https://packagist.org/downloads/\",\"license\":[\"MIT\"],\"authors\":[{\"name\":\"Roman Borschel\",\"email\":\"roman@code-factory.org\"},{\"name\":\"Guilherme Blanco\",\"email\":\"guilhermeblanco@gmail.com\"},{\"name\":\"Johannes Schmitt\",\"email\":\"schmittjoh@gmail.com\"}],\"description\":\"Base library for a lexer that can be used in Top-Down, Recursive Descent Parsers.\",\"homepage\":\"http://www.doctrine-project.org\",\"keywords\":[\"lexer\",\"parser\"],\"time\":\"2014-09-09T13:34:57+00:00\"},{\"name\":\"guzzlehttp/guzzle\",\"version\":\"6.3.0\",\"source\":{\"type\":\"git\",\"url\":\"https://github.com/guzzle/guzzle.git\",\"reference\":\"f4db5a78a5ea468d4831de7f0bf9d9415e348699\"},\"dist\":{\"type\":\"zip\",\"url\":\"https://api.github.com/repos/guzzle/guzzle/zipball/f4db5a78a5ea468d4831de7f0bf9d9415e348699\",\"reference\":\"f4db5a78a5ea468d4831de7f0bf9d9415e348699\",\"shasum\":\"\"},\"require\":{\"guzzlehttp/promises\":\"^1.0\",\"guzzlehttp/psr7\":\"^1.4\",\"php\":\">=5.5\"},\"require-dev\":{\"ext-curl\":\"*\",\"phpunit/phpunit\":\"^4.0 || ^5.0\",\"psr/log\":\"^1.0\"},\"suggest\":{\"psr/log\":\"Required for using the Log middleware\"},\"type\":\"library\",\"extra\":{\"branch-alias\":{\"dev-master\":\"6.2-dev\"}},\"autoload\":{\"files\":[\"src/functions_include.php\"],\"psr-4\":{\"GuzzleHttp\\\":\"src/\"}},\"notification-url\":\"https://packagist.org/downloads/\",\"license\":[\"MIT\"],\"authors\":[{\"name\":\"Michael Dowling\",\"email\":\"mtdowling@gmail.com\",\"homepage\":\"https://github.com/mtdowling\"}],\"description\":\"Guzzle is a PHP HTTP client library\",\"homepage\":\"http://guzzlephp.org/\",\"keywords\":[\"client\",\"curl\",\"framework\",\"http\",\"http client\",\"rest\",\"web service\"],\"time\":\"2017-06-22T18:50:49+00:00\"},{\"name\":\"guzzlehttp/promises\",\"version\":\"v1.3.1\",\"source\":{\"type\":\"git\",\"url\":\"https://github.com/guzzle/promises.git\",\"reference\":\"a59da6cf61d80060647ff4d3eb2c03a2bc694646\"},\"dist\":{\"type\":\"zip\",\"url\":\"https://api.github.com/repos/guzzle/promises/zipball/a59da6cf61d80060647ff4d3eb2c03a2bc694646\",\"reference\":\"a59da6cf61d80060647ff4d3eb2c03a2bc694646\",\"shasum\":\"\"},\"require\":{\"php\":\">=5.5.0\"},\"require-dev\":{\"phpunit/phpunit\":\"^4.0\"},\"type\":\"library\",\"extra\":{\"branch-alias\":{\"dev-master\":\"1.4-dev\"}},\"autoload\":{\"psr-4\":{\"GuzzleHttp\\Promise\\\":\"src/\"},\"files\":[\"src/functions_include.php\"]},\"notification-url\":\"https://packagist.org/downloads/\",\"license\":[\"MIT\"],\"authors\":[{\"name\":\"Michael Dowling\",\"email\":\"mtdowling@gmail.com\",\"homepage\":\"https://github.com/mtdowling\"}],\"description\":\"Guzzle promises library\",\"keywords\":[\"promise\"],\"time\":\"2016-12-20T10:07:11+00:00\"},{\"name\":\"guzzlehttp/psr7\",\"version\":\"1.4.2\",\"source\":{\"type\":\"git\",\"url\":\"https://github.com/guzzle/psr7.git\",\"reference\":\"f5b8a8512e2b58b0071a7280e39f14f72e05d87c\"},\"dist\":{\"type\":\"zip\",\"url\":\"https://api.github.com/repos/guzzle/psr7/zipball/f5b8a8512e2b58b0071a7280e39f14f72e05d87c\",\"reference\":\"f5b8a8512e2b58b0071a7280e39f14f72e05d87c\",\"shasum\":\"\"},\"require\":{\"php\":\">=5.4.0\",\"psr/http-message\":\"~1.0\"},\"provide\":{\"psr/http-message-implementation\":\"1.0\"},\"require-dev\":{\"phpunit/phpunit\":\"~4.0\"},\"type\":\"library\",\"extra\":{\"branch-alias\":{\"dev-master\":\"1.4-dev\"}},\"autoload\":{\"psr-4\":{\"GuzzleHttp\\Psr7\\\":\"src/\"},\"files\":[\"src/functions_include.php\"]},\"notification-url\":\"https://packagist.org/downloads/\",\"license\":[\"MIT\"],\"authors\":[{\"name\":\"Michael Dowling\",\"email\":\"mtdowling@gmail.com\",\"homepage\":\"https://github.com/mtdowling\"},{\"name\":\"Tobias Schultze\",\"homepage\":\"https://github.com/Tobion\"}],\"description\":\"PSR-7 message implementation that also provides common utility methods\",\"keywords\":[\"http\",\"message\",\"request\",\"response\",\"stream\",\"uri\",\"url\"],\"time\":\"2017-03-20T17:10:46+00:00\"},{\"name\":\"mtdowling/jmespath.php\",\"version\":\"2.4.0\",\"source\":{\"type\":\"git\",\"url\":\"https://github.com/jmespath/jmespath.php.git\",\"reference\":\"adcc9531682cf87dfda21e1fd5d0e7a41d292fac\"},\"dist\":{\"type\":\"zip\",\"url\":\"https://api.github.com/repos/jmespath/jmespath.php/zipball/adcc9531682cf87dfda21e1fd5d0e7a41d292fac\",\"reference\":\"adcc9531682cf87dfda21e1fd5d0e7a41d292fac\",\"shasum\":\"\"},\"require\":{\"php\":\">=5.4.0\"},\"require-dev\":{\"phpunit/phpunit\":\"~4.0\"},\"bin\":[\"bin/jp.php\"],\"type\":\"library\",\"extra\":{\"branch-alias\":{\"dev-master\":\"2.0-dev\"}},\"autoload\":{\"psr-4\":{\"JmesPath\\\":\"src/\"},\"files\":[\"src/JmesPath.php\"]},\"notification-url\":\"https://packagist.org/downloads/\",\"license\":[\"MIT\"],\"authors\":[{\"name\":\"Michael Dowling\",\"email\":\"mtdowling@gmail.com\",\"homepage\":\"https://github.com/mtdowling\"}],\"description\":\"Declaratively specify how to extract elements from a JSON document\",\"keywords\":[\"json\",\"jsonpath\"],\"time\":\"2016-12-03T22:08:25+00:00\"},{\"name\":\"psr/http-message\",\"version\":\"1.0.1\",\"source\":{\"type\":\"git\",\"url\":\"https://github.com/php-fig/http-message.git\",\"reference\":\"f6561bf28d520154e4b0ec72be95418abe6d9363\"},\"dist\":{\"type\":\"zip\",\"url\":\"https://api.github.com/repos/php-fig/http-message/zipball/f6561bf28d520154e4b0ec72be95418abe6d9363\",\"reference\":\"f6561bf28d520154e4b0ec72be95418abe6d9363\",\"shasum\":\"\"},\"require\":{\"php\":\">=5.3.0\"},\"type\":\"library\",\"extra\":{\"branch-alias\":{\"dev-master\":\"1.0.x-dev\"}},\"autoload\":{\"psr-4\":{\"Psr\\Http\\Message\\\":\"src/\"}},\"notification-url\":\"https://packagist.org/downloads/\",\"license\":[\"MIT\"],\"authors\":[{\"name\":\"PHP-FIG\",\"homepage\":\"http://www.php-fig.org/\"}],\"description\":\"Common interface for HTTP messages\",\"homepage\":\"https://github.com/php-fig/http-message\",\"keywords\":[\"http\",\"http-message\",\"psr\",\"psr-7\",\"request\",\"response\"],\"time\":\"2016-08-06T14:39:51+00:00\"},{\"name\":\"psr/log\",\"version\":\"1.0.2\",\"source\":{\"type\":\"git\",\"url\":\"https://github.com/php-fig/log.git\",\"reference\":\"4ebe3a8bf773a19edfe0a84b6585ba3d401b724d\"},\"dist\":{\"type\":\"zip\",\"url\":\"https://api.github.com/repos/php-fig/log/zipball/4ebe3a8bf773a19edfe0a84b6585ba3d401b724d\",\"reference\":\"4ebe3a8bf773a19edfe0a84b6585ba3d401b724d\",\"shasum\":\"\"},\"require\":{\"php\":\">=5.3.0\"},\"type\":\"library\",\"extra\":{\"branch-alias\":{\"dev-master\":\"1.0.x-dev\"}},\"autoload\":{\"psr-4\":{\"Psr\\Log\\\":\"Psr/Log/\"}},\"notification-url\":\"https://packagist.org/downloads/\",\"license\":[\"MIT\"],\"authors\":[{\"name\":\"PHP-FIG\",\"homepage\":\"http://www.php-fig.org/\"}],\"description\":\"Common interface for logging libraries\",\"homepage\":\"https://github.com/php-fig/log\",\"keywords\":[\"log\",\"psr\",\"psr-3\"],\"time\":\"2016-10-10T12:19:37+00:00\"},{\"name\":\"symfony/icu\",\"version\":\"v1.2.2\",\"target-dir\":\"Symfony/Component/Icu\",\"source\":{\"type\":\"git\",\"url\":\"https://github.com/symfony/icu.git\",\"reference\":\"d4d85d6055b87f394d941b45ddd3a9173e1e3d2a\"},\"dist\":{\"type\":\"zip\",\"url\":\"https://api.github.com/repos/symfony/icu/zipball/d4d85d6055b87f394d941b45ddd3a9173e1e3d2a\",\"reference\":\"d4d85d6055b87f394d941b45ddd3a9173e1e3d2a\",\"shasum\":\"\"},\"require\":{\"ext-intl\":\"*\",\"lib-icu\":\">=4.4\",\"php\":\">=5.3.3\",\"symfony/intl\":\"~2.3\"},\"type\":\"library\",\"autoload\":{\"psr-0\":{\"Symfony\\Component\\Icu\\\":\"\"}},\"notification-url\":\"https://packagist.org/downloads/\",\"license\":[\"MIT\"],\"authors\":[{\"name\":\"Symfony Community\",\"homepage\":\"http://symfony.com/contributors\"},{\"name\":\"Bernhard Schussek\",\"email\":\"bschussek@gmail.com\"}],\"description\":\"Contains an excerpt of the ICU data and classes to load it.\",\"homepage\":\"http://symfony.com\",\"keywords\":[\"icu\",\"intl\"],\"abandoned\":\"symfony/intl\",\"time\":\"2014-07-25T09:58:17+00:00\"},{\"name\":\"symfony/symfony\",\"version\":\"v2.3.1\",\"source\":{\"type\":\"git\",\"url\":\"https://github.com/symfony/symfony.git\",\"reference\":\"0902c606b4df1161f5b786ae89f37b71380b1f23\"},\"dist\":{\"type\":\"zip\",\"url\":\"https://api.github.com/repos/symfony/symfony/zipball/0902c606b4df1161f5b786ae89f37b71380b1f23\",\"reference\":\"0902c606b4df1161f5b786ae89f37b71380b1f23\",\"shasum\":\"\"},\"require\":{\"doctrine/common\":\"~2.2\",\"php\":\">=5.3.3\",\"psr/log\":\"~1.0\",\"symfony/icu\":\"~1.0\",\"twig/twig\":\"~1.11\"},\"replace\":{\"symfony/browser-kit\":\"self.version\",\"symfony/class-loader\":\"self.version\",\"symfony/config\":\"self.version\",\"symfony/console\":\"self.version\",\"symfony/css-selector\":\"self.version\",\"symfony/debug\":\"self.version\",\"symfony/dependency-injection\":\"self.version\",\"symfony/doctrine-bridge\":\"self.version\",\"symfony/dom-crawler\":\"self.version\",\"symfony/event-dispatcher\":\"self.version\",\"symfony/filesystem\":\"self.version\",\"symfony/finder\":\"self.version\",\"symfony/form\":\"self.version\",\"symfony/framework-bundle\":\"self.version\",\"symfony/http-foundation\":\"self.version\",\"symfony/http-kernel\":\"self.version\",\"symfony/intl\":\"self.version\",\"symfony/locale\":\"self.version\",\"symfony/monolog-bridge\":\"self.version\",\"symfony/options-resolver\":\"self.version\",\"symfony/process\":\"self.version\",\"symfony/propel1-bridge\":\"self.version\",\"symfony/property-access\":\"self.version\",\"symfony/proxy-manager-bridge\":\"self.version\",\"symfony/routing\":\"self.version\",\"symfony/security\":\"self.version\",\"symfony/security-bundle\":\"self.version\",\"symfony/serializer\":\"self.version\",\"symfony/stopwatch\":\"self.version\",\"symfony/swiftmailer-bridge\":\"self.version\",\"symfony/templating\":\"self.version\",\"symfony/translation\":\"self.version\",\"symfony/twig-bridge\":\"self.version\",\"symfony/twig-bundle\":\"self.version\",\"symfony/validator\":\"self.version\",\"symfony/web-profiler-bundle\":\"self.version\",\"symfony/yaml\":\"self.version\"},\"require-dev\":{\"doctrine/data-fixtures\":\"1.0.*\",\"doctrine/dbal\":\"~2.2\",\"doctrine/orm\":\"~2.2,>=2.2.3\",\"ircmaxell/password-compat\":\"1.0.*\",\"monolog/monolog\":\"~1.3\",\"ocramius/proxy-manager\":\">=0.3.1,<0.4-dev\",\"propel/propel1\":\"1.6.*\"},\"type\":\"library\",\"extra\":{\"branch-alias\":{\"dev-master\":\"2.3-dev\"}},\"autoload\":{\"psr-0\":{\"Symfony\\\":\"src/\"},\"classmap\":[\"src/Symfony/Component/HttpFoundation/Resources/stubs\",\"src/Symfony/Component/Intl/Resources/stubs\"],\"files\":[\"src/Symfony/Component/Intl/Resources/stubs/functions.php\"]},\"notification-url\":\"https://packagist.org/downloads/\",\"license\":[\"MIT\"],\"authors\":[{\"name\":\"Symfony Community\",\"homepage\":\"http://symfony.com/contributors\"},{\"name\":\"Fabien Potencier\",\"email\":\"fabien@symfony.com\"}],\"description\":\"The Symfony PHP framework\",\"homepage\":\"http://symfony.com\",\"keywords\":[\"framework\"],\"time\":\"2013-06-11T11:46:38+00:00\"},{\"name\":\"twig/twig\",\"version\":\"v1.35.0\",\"source\":{\"type\":\"git\",\"url\":\"https://github.com/twigphp/Twig.git\",\"reference\":\"daa657073e55b0a78cce8fdd22682fddecc6385f\"},\"dist\":{\"type\":\"zip\",\"url\":\"https://api.github.com/repos/twigphp/Twig/zipball/daa657073e55b0a78cce8fdd22682fddecc6385f\",\"reference\":\"daa657073e55b0a78cce8fdd22682fddecc6385f\",\"shasum\":\"\"},\"require\":{\"php\":\">=5.3.3\"},\"require-dev\":{\"psr/container\":\"^1.0\",\"symfony/debug\":\"~2.7\",\"symfony/phpunit-bridge\":\"~3.3@dev\"},\"type\":\"library\",\"extra\":{\"branch-alias\":{\"dev-master\":\"1.35-dev\"}},\"autoload\":{\"psr-0\":{\"Twig_\":\"lib/\"},\"psr-4\":{\"Twig\\\":\"src/\"}},\"notification-url\":\"https://packagist.org/downloads/\",\"license\":[\"BSD-3-Clause\"],\"authors\":[{\"name\":\"Fabien Potencier\",\"email\":\"fabien@symfony.com\",\"homepage\":\"http://fabien.potencier.org\",\"role\":\"Lead Developer\"},{\"name\":\"Armin Ronacher\",\"email\":\"armin.ronacher@active-4.com\",\"role\":\"Project Founder\"},{\"name\":\"Twig Team\",\"homepage\":\"http://twig.sensiolabs.org/contributors\",\"role\":\"Contributors\"}],\"description\":\"Twig, the flexible, fast, and secure template language for PHP\",\"homepage\":\"http://twig.sensiolabs.org\",\"keywords\":[\"templating\"],\"time\":\"2017-09-27T18:06:46+00:00\"},{\"name\":\"yiisoft/yii\",\"version\":\"1.1.14\",\"source\":{\"type\":\"git\",\"url\":\"https://github.com/yiisoft/yii.git\",\"reference\":\"f0fee98ee84f70f1f3652f65562c9670e919cb4e\"},\"dist\":{\"type\":\"zip\",\"url\":\"https://api.github.com/repos/yiisoft/yii/zipball/f0fee98ee84f70f1f3652f65562c9670e919cb4e\",\"reference\":\"f0fee98ee84f70f1f3652f65562c9670e919cb4e\",\"shasum\":\"\"},\"require\":{\"php\":\">=5.1.0\"},\"bin\":[\"framework/yiic\"],\"type\":\"library\",\"notification-url\":\"https://packagist.org/downloads/\",\"license\":[\"BSD-3-Clause\"],\"authors\":[{\"name\":\"Qiang Xue\",\"email\":\"qiang.xue@gmail.com\",\"homepage\":\"http://www.yiiframework.com/\",\"role\":\"Founder and project lead\"},{\"name\":\"Alexander Makarov\",\"email\":\"sam@rmcreative.ru\",\"homepage\":\"http://rmcreative.ru/\",\"role\":\"Core framework development\"},{\"name\":\"Maurizio Domba\",\"homepage\":\"http://mdomba.info/\",\"role\":\"Core framework development\"},{\"name\":\"Carsten Brandt\",\"email\":\"mail@cebe.cc\",\"homepage\":\"http://cebe.cc/\",\"role\":\"Core framework development\"},{\"name\":\"Wei Zhuo\",\"email\":\"weizhuo@gmail.com\",\"role\":\"Project site maintenance and development\"},{\"name\":\"Sebastián Thierer\",\"email\":\"sebas@artfos.com\",\"role\":\"Component development\"},{\"name\":\"Jeffrey Winesett\",\"email\":\"jefftulsa@gmail.com\",\"role\":\"Documentation and marketing\"},{\"name\":\"Timur Ruziev\",\"email\":\"resurtm@gmail.com\",\"homepage\":\"http://resurtm.com/\",\"role\":\"Core framework development\"},{\"name\":\"Paul Klimov\",\"email\":\"klimov.paul@gmail.com\",\"role\":\"Core framework development\"}],\"description\":\"Yii Web Programming Framework\",\"homepage\":\"http://www.yiiframework.com/\",\"keywords\":[\"framework\",\"yii\"],\"time\":\"2013-08-12T00:12:08+00:00\"},{\"name\":\"zendframework/zendframework\",\"version\":\"2.1.0\",\"source\":{\"type\":\"git\",\"url\":\"https://github.com/zendframework/zendframework.git\",\"reference\":\"345a8cbedbe8de8a25bf18579fe54d169ac5075a\"},\"dist\":{\"type\":\"zip\",\"url\":\"https://api.github.com/repos/zendframework/zendframework/zipball/345a8cbedbe8de8a25bf18579fe54d169ac5075a\",\"reference\":\"345a8cbedbe8de8a25bf18579fe54d169ac5075a\",\"shasum\":\"\"},\"require\":{\"php\":\">=5.3.3\"},\"replace\":{\"zendframework/zend-authentication\":\"self.version\",\"zendframework/zend-barcode\":\"self.version\",\"zendframework/zend-cache\":\"self.version\",\"zendframework/zend-captcha\":\"self.version\",\"zendframework/zend-code\":\"self.version\",\"zendframework/zend-config\":\"self.version\",\"zendframework/zend-console\":\"self.version\",\"zendframework/zend-crypt\":\"self.version\",\"zendframework/zend-db\":\"self.version\",\"zendframework/zend-debug\":\"self.version\",\"zendframework/zend-di\":\"self.version\",\"zendframework/zend-dom\":\"self.version\",\"zendframework/zend-escaper\":\"self.version\",\"zendframework/zend-eventmanager\":\"self.version\",\"zendframework/zend-feed\":\"self.version\",\"zendframework/zend-file\":\"self.version\",\"zendframework/zend-filter\":\"self.version\",\"zendframework/zend-form\":\"self.version\",\"zendframework/zend-http\":\"self.version\",\"zendframework/zend-i18n\":\"self.version\",\"zendframework/zend-inputfilter\":\"self.version\",\"zendframework/zend-json\":\"self.version\",\"zendframework/zend-ldap\":\"self.version\",\"zendframework/zend-loader\":\"self.version\",\"zendframework/zend-log\":\"self.version\",\"zendframework/zend-mail\":\"self.version\",\"zendframework/zend-math\":\"self.version\",\"zendframework/zend-memory\":\"self.version\",\"zendframework/zend-mime\":\"self.version\",\"zendframework/zend-modulemanager\":\"self.version\",\"zendframework/zend-mvc\":\"self.version\",\"zendframework/zend-navigation\":\"self.version\",\"zendframework/zend-paginator\":\"self.version\",\"zendframework/zend-permissions-acl\":\"self.version\",\"zendframework/zend-permissions-rbac\":\"self.version\",\"zendframework/zend-progressbar\":\"self.version\",\"zendframework/zend-serializer\":\"self.version\",\"zendframework/zend-server\":\"self.version\",\"zendframework/zend-servicemanager\":\"self.version\",\"zendframework/zend-session\":\"self.version\",\"zendframework/zend-soap\":\"self.version\",\"zendframework/zend-stdlib\":\"self.version\",\"zendframework/zend-tag\":\"self.version\",\"zendframework/zend-test\":\"self.version\",\"zendframework/zend-text\":\"self.version\",\"zendframework/zend-uri\":\"self.version\",\"zendframework/zend-validator\":\"self.version\",\"zendframework/zend-version\":\"self.version\",\"zendframework/zend-view\":\"self.version\",\"zendframework/zend-xmlrpc\":\"self.version\"},\"require-dev\":{\"doctrine/common\":\">=2.1\",\"phpunit/phpunit\":\"3.7.*\"},\"suggest\":{\"doctrine/common\":\"Doctrine\\Common >=2.1 for annotation features\",\"ext-intl\":\"ext/intl for i18n features\",\"pecl-weakref\":\"Implementation of weak references for Zend\\Stdlib\\CallbackHandler\",\"zendframework/zendpdf\":\"ZendPdf for creating PDF representations of barcodes\",\"zendframework/zendservice-recaptcha\":\"ZendService\\ReCaptcha for rendering ReCaptchas in Zend\\Captcha and/or Zend\\Form\"},\"bin\":[\"bin/classmap_generator.php\"],\"type\":\"library\",\"extra\":{\"branch-alias\":{\"dev-master\":\"2.1-dev\",\"dev-develop\":\"2.2-dev\"}},\"autoload\":{\"psr-0\":{\"Zend\\\":\"library/\",\"ZendTest\\\":\"tests/\"}},\"notification-url\":\"https://packagist.org/downloads/\",\"license\":[\"BSD-3-Clause\"],\"description\":\"Zend Framework 2\",\"homepage\":\"http://framework.zend.com/\",\"keywords\":[\"framework\",\"zf2\"],\"time\":\"2013-01-30T16:46:21+00:00\"}],\"packages-dev\":[],\"aliases\":[],\"minimum-stability\":\"stable\",\"stability-flags\":[],\"prefer-stable\":false,\"prefer-lowest\":false,\"platform\":{\"php\":\">=5.3.2\"},\"platform-dev\":[]}"}],"target":{"contents":"{\"name\": \"vulnerable/project\",\"description\": \"A sample vulnerable project\",\"require\": {\"php\": \">=5.3.2\",\"symfony/symfony\": \"v2.3.1\",\"yiisoft/yii\": \"1.1.14\",\"zendframework/zendframework\": \"2.1.0\",\"aws/aws-sdk-php\": \"3.0.0\",\"doctrine/common\": \"2.5.0\"}}"}}},"properties":{"encoding":{"default":"base64","description":"the encoding for the manifest files sent.","enum":["plain","base64"],"type":"string"},"files":{"description":"The manifest files:","properties":{"additional":{"description":"a lockfile encoded according the the \"encoding\" field.","items":{},"type":"array"},"target":{"description":"the `composer.json` file, encoded according the the \"encoding\" field.","properties":{"contents":{"type":"string"}},"type":"object"}},"required":["target","additional"],"type":"object"}},"required":["files"],"type":"object"}}}},"responses":{"200":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":{"dependencyCount":31,"issues":{"licenses":[],"vulnerabilities":[{"CVSSv3":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","credit":["Ryan Lane"],"cvssScore":7.8,"description":"## Overview\n Affected versions of [`aws/aws-sdk-php`](https://packagist.org/packages/aws/aws-sdk-php) are vulnerable to Arbitrary Code Execution.\n\nDoctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB ODM Bundle before 3.0.1 use world-writable permissions for cache directories, which allows local users to execute arbitrary PHP code with additional privileges by leveraging an application with the umask set to 0 and that executes cache entries as code.\n\n## Remediation\nUpgrade `aws/aws-sdk-php` to version 3.2.1 or higher.\n\n## References\n- [NVD](https://nvd.nist.gov/vuln/detail/CVE-2015-5723)\n- [Github ChangeLog](https://github.com/aws/aws-sdk-php/blob/master/CHANGELOG.md#321---2015-07-23)\n","disclosureTime":"2025-08-15T13:51:54.396Z","exploitMaturity":"no-known-exploit","from":["aws/aws-sdk-php@3.0.0"],"functions":[],"id":"SNYK-PHP-AWSAWSSDKPHP-70003","identifiers":{"CVE":["CVE-2015-5723"],"CWE":["CWE-264"]},"isPatchable":false,"isPinnable":false,"isUpgradable":false,"language":"php","package":"aws/aws-sdk-php","packageManager":"composer","patches":[],"publicationTime":"2025-08-15T13:51:54.396Z","semver":{"vulnerable":["<3.2.1"]},"severity":"high","title":"Arbitrary Code Execution","type":"vuln","upgradePath":[],"url":"https://snyk.io/vuln/SNYK-PHP-AWSAWSSDKPHP-70003","version":"3.0.0"},{"CVSSv3":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","credit":["Ryan Lane"],"cvssScore":7.8,"description":"## Overview\nAffected versions of [`doctrine/common`](https://packagist.org/packages/doctrine/common) are vulnerable to Arbitrary Code Execution.\n\nDoctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB ODM Bundle before 3.0.1 use world-writable permissions for cache directories, which allows local users to execute arbitrary PHP code with additional privileges by leveraging an application with the umask set to 0 and that executes cache entries as code.\n\n## Remediation\nUpgrade `doctrine/common` to version 2.5.1, 2.4.3 or higher.\n\n## References\n- [Doctrine Release Notes](http://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html)\n","disclosureTime":"2025-08-15T13:51:54.396Z","exploitMaturity":"no-known-exploit","from":["doctrine/common@2.5.0"],"functions":[],"id":"SNYK-PHP-DOCTRINECOMMON-70024","identifiers":{"CVE":["CVE-2015-5723"],"CWE":["CWE-94"]},"isPatchable":false,"isPinnable":false,"isUpgradable":false,"language":"php","package":"doctrine/common","packageManager":"composer","patches":[],"publicationTime":"2025-08-15T13:51:54.396Z","semver":{"vulnerable":["<2.4.3",">=2.5.0, <2.5.1"]},"severity":"high","title":"Arbitrary Code Execution","type":"vuln","upgradePath":[],"url":"https://snyk.io/vuln/SNYK-PHP-DOCTRINECOMMON-70024","version":"2.5.0"},{"CVSSv3":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","credit":["Ryan Lane"],"cvssScore":7.8,"description":"## Overview\nAffected versions of [`doctrine/common`](https://packagist.org/packages/doctrine/common) are vulnerable to Arbitrary Code Execution.\n\nDoctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB ODM Bundle before 3.0.1 use world-writable permissions for cache directories, which allows local users to execute arbitrary PHP code with additional privileges by leveraging an application with the umask set to 0 and that executes cache entries as code.\n\n## Remediation\nUpgrade `doctrine/common` to version 2.5.1, 2.4.3 or higher.\n\n## References\n- [Doctrine Release Notes](http://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html)\n","disclosureTime":"2025-08-15T13:51:54.396Z","exploitMaturity":"no-known-exploit","from":["symfony/symfony@2.3.1","doctrine/common@2.5.0"],"functions":[],"id":"SNYK-PHP-DOCTRINECOMMON-70024","identifiers":{"CVE":["CVE-2015-5723"],"CWE":["CWE-94"]},"isPatchable":false,"isPinnable":false,"isUpgradable":false,"language":"php","package":"doctrine/common","packageManager":"composer","patches":[],"publicationTime":"2025-08-15T13:51:54.396Z","semver":{"vulnerable":["<2.4.3",">=2.5.0, <2.5.1"]},"severity":"high","title":"Arbitrary Code Execution","type":"vuln","upgradePath":[],"url":"https://snyk.io/vuln/SNYK-PHP-DOCTRINECOMMON-70024","version":"2.5.0"},{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","credit":["Unknown"],"cvssScore":6.1,"description":"## Overview\n\n[symfony/symfony](https://packagist.org/packages/symfony/symfony) is a PHP framework for web applications and a set of reusable PHP components.\n\n\nAffected versions of this package are vulnerable to Cross-site Scripting (XSS).\nA remote attacker could inject arbitrary web script or HTML via the \"file\" parameter in a URL.\n\n## Details\nA cross-site scripting attack occurs when the attacker tricks a legitimate web-based application or site to accept a request as originating from a trusted source.\r\n\r\nThis is done by escaping the context of the web application; the web application then delivers that data to its users along with other trusted dynamic content, without validating it. The browser unknowingly executes malicious script on the client side (through client-side languages; usually JavaScript or HTML) in order to perform actions that are otherwise typically blocked by the browser’s Same Origin Policy.\r\n\r\nֿInjecting malicious code is the most prevalent manner by which XSS is exploited; for this reason, escaping characters in order to prevent this manipulation is the top method for securing code against this vulnerability.\r\n\r\nEscaping means that the application is coded to mark key characters, and particularly key characters included in user input, to prevent those characters from being interpreted in a dangerous context. For example, in HTML, `<` can be coded as `<`; and `>` can be coded as `>`; in order to be interpreted and displayed as themselves in text, while within the code itself, they are used for HTML tags. If malicious content is injected into an application that escapes special characters and that malicious content uses `<` and `>` as HTML tags, those characters are nonetheless not interpreted as HTML tags by the browser if they’ve been correctly escaped in the application code and in this way the attempted attack is diverted.\r\n \r\nThe most prominent use of XSS is to steal cookies (source: OWASP HttpOnly) and hijack user sessions, but XSS exploits have been used to expose sensitive information, enable access to privileged services and functionality and deliver malware. \r\n\r\n### Types of attacks\r\nThere are a few methods by which XSS can be manipulated:\r\n\r\n|Type|Origin|Description|\r\n|--|--|--|\r\n|**Stored**|Server|The malicious code is inserted in the application (usually as a link) by the attacker. The code is activated every time a user clicks the link.|\r\n|**Reflected**|Server|The attacker delivers a malicious link externally from the vulnerable web site application to a user. When clicked, malicious code is sent to the vulnerable web site, which reflects the attack back to the user’s browser.| \r\n|**DOM-based**|Client|The attacker forces the user’s browser to render a malicious page. The data in the page itself delivers the cross-site scripting data.|\r\n|**Mutated**| |The attacker injects code that appears safe, but is then rewritten and modified by the browser, while parsing the markup. An example is rebalancing unclosed quotation marks or even adding quotation marks to unquoted parameters.|\r\n\r\n### Affected environments\r\nThe following environments are susceptible to an XSS attack:\r\n\r\n* Web servers\r\n* Application servers\r\n* Web application environments\r\n\r\n### How to prevent\r\nThis section describes the top best practices designed to specifically protect your code: \r\n\r\n* Sanitize data input in an HTTP request before reflecting it back, ensuring all data is validated, filtered or escaped before echoing anything back to the user, such as the values of query parameters during searches. \r\n* Convert special characters such as `?`, `&`, `/`, `<`, `>` and spaces to their respective HTML or URL encoded equivalents. \r\n* Give users the option to disable client-side scripts.\r\n* Redirect invalid requests.\r\n* Detect simultaneous logins, including those from two separate IP addresses, and invalidate those sessions.\r\n* Use and enforce a Content Security Policy (source: Wikipedia) to disable any features that might be manipulated for an XSS attack.\r\n* Read the documentation for any of the libraries referenced in your code to understand which elements allow for embedded HTML.\n\n## Remediation\n\nUpgrade `symfony/symfony` to version 4.1 or higher.\n\n\n## References\n\n- [NVD](https://nvd.nist.gov/vuln/detail/CVE-2018-12040)\n","disclosureTime":"2025-08-15T13:51:54.396Z","exploitMaturity":"no-known-exploit","from":["symfony/symfony@2.3.1"],"functions":[],"id":"SNYK-PHP-SYMFONYSYMFONY-173743","identifiers":{"CVE":["CVE-2018-12040"],"CWE":["CWE-79"]},"isPatchable":false,"isPinnable":false,"isUpgradable":false,"language":"php","package":"symfony/symfony","packageManager":"composer","patches":[],"publicationTime":"2025-08-15T13:51:54.396Z","semver":{"vulnerable":["<4.1"]},"severity":"medium","title":"Cross-site Scripting (XSS)","type":"vuln","upgradePath":[],"url":"https://snyk.io/vuln/SNYK-PHP-SYMFONYSYMFONY-173743","version":"2.3.1"},{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N","credit":["Chaosversum"],"cvssScore":7.2,"description":"## Overview\n\n[symfony/symfony](https://packagist.org/packages/symfony/symfony) is a PHP framework for web applications and a set of reusable PHP components.\n\n\nAffected versions of this package are vulnerable to Host Header Injection.\nWhen using `HttpCache`, the values of the `X-Forwarded-Host` headers are implicitly set as trusted while this should be forbidden, leading to potential host header injection.\n\n## Remediation\n\nUpgrade `symfony/symfony` to version 2.7.49, 2.8.44, 3.3.18, 3.4.14, 4.0.14, 4.1.2 or higher.\n\n\n## References\n\n- [GitHub Commit](https://github.com/symfony/symfony/commit/725dee4cd8b4ccd52e335ae4b4522242cea9bd4a)\n\n- [GitHub Release Tag 4.1.3](https://github.com/symfony/symfony/releases/tag/v4.1.3)\n\n- [Symphony Security Blog](https://symfony.com/blog/cve-2018-14774-possible-host-header-injection-when-using-httpcache)\n","disclosureTime":"2025-08-15T13:51:54.396Z","exploitMaturity":"no-known-exploit","from":["symfony/symfony@2.3.1"],"functions":[],"id":"SNYK-PHP-SYMFONYSYMFONY-173744","identifiers":{"CVE":["CVE-2018-14774"],"CWE":["CWE-444"]},"isPatchable":false,"isPinnable":false,"isUpgradable":false,"language":"php","package":"symfony/symfony","packageManager":"composer","patches":[],"publicationTime":"2025-08-15T13:51:54.396Z","semver":{"vulnerable":["<2.7.49",">=2.8.0, <2.8.44",">=3.3.0, <3.3.18",">=3.4.0, <3.4.14",">=4.0.0, <4.0.14",">=4.1.0, <4.1.2"]},"severity":"high","title":"Host Header Injection","type":"vuln","upgradePath":[],"url":"https://snyk.io/vuln/SNYK-PHP-SYMFONYSYMFONY-173744","version":"2.3.1"},{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","credit":["Unknown"],"cvssScore":6.1,"description":"## Overview\n\n[symfony/symfony](https://packagist.org/packages/symfony/symfony) is a PHP framework for web applications and a set of reusable PHP components.\n\n\nAffected versions of this package are vulnerable to Cross-site Scripting (XSS)\nvia the content page.\n\n## Details\nA cross-site scripting attack occurs when the attacker tricks a legitimate web-based application or site to accept a request as originating from a trusted source.\r\n\r\nThis is done by escaping the context of the web application; the web application then delivers that data to its users along with other trusted dynamic content, without validating it. The browser unknowingly executes malicious script on the client side (through client-side languages; usually JavaScript or HTML) in order to perform actions that are otherwise typically blocked by the browser’s Same Origin Policy.\r\n\r\nֿInjecting malicious code is the most prevalent manner by which XSS is exploited; for this reason, escaping characters in order to prevent this manipulation is the top method for securing code against this vulnerability.\r\n\r\nEscaping means that the application is coded to mark key characters, and particularly key characters included in user input, to prevent those characters from being interpreted in a dangerous context. For example, in HTML, `<` can be coded as `<`; and `>` can be coded as `>`; in order to be interpreted and displayed as themselves in text, while within the code itself, they are used for HTML tags. If malicious content is injected into an application that escapes special characters and that malicious content uses `<` and `>` as HTML tags, those characters are nonetheless not interpreted as HTML tags by the browser if they’ve been correctly escaped in the application code and in this way the attempted attack is diverted.\r\n \r\nThe most prominent use of XSS is to steal cookies (source: OWASP HttpOnly) and hijack user sessions, but XSS exploits have been used to expose sensitive information, enable access to privileged services and functionality and deliver malware. \r\n\r\n### Types of attacks\r\nThere are a few methods by which XSS can be manipulated:\r\n\r\n|Type|Origin|Description|\r\n|--|--|--|\r\n|**Stored**|Server|The malicious code is inserted in the application (usually as a link) by the attacker. The code is activated every time a user clicks the link.|\r\n|**Reflected**|Server|The attacker delivers a malicious link externally from the vulnerable web site application to a user. When clicked, malicious code is sent to the vulnerable web site, which reflects the attack back to the user’s browser.| \r\n|**DOM-based**|Client|The attacker forces the user’s browser to render a malicious page. The data in the page itself delivers the cross-site scripting data.|\r\n|**Mutated**| |The attacker injects code that appears safe, but is then rewritten and modified by the browser, while parsing the markup. An example is rebalancing unclosed quotation marks or even adding quotation marks to unquoted parameters.|\r\n\r\n### Affected environments\r\nThe following environments are susceptible to an XSS attack:\r\n\r\n* Web servers\r\n* Application servers\r\n* Web application environments\r\n\r\n### How to prevent\r\nThis section describes the top best practices designed to specifically protect your code: \r\n\r\n* Sanitize data input in an HTTP request before reflecting it back, ensuring all data is validated, filtered or escaped before echoing anything back to the user, such as the values of query parameters during searches. \r\n* Convert special characters such as `?`, `&`, `/`, `<`, `>` and spaces to their respective HTML or URL encoded equivalents. \r\n* Give users the option to disable client-side scripts.\r\n* Redirect invalid requests.\r\n* Detect simultaneous logins, including those from two separate IP addresses, and invalidate those sessions.\r\n* Use and enforce a Content Security Policy (source: Wikipedia) to disable any features that might be manipulated for an XSS attack.\r\n* Read the documentation for any of the libraries referenced in your code to understand which elements allow for embedded HTML.\n\n## Remediation\n\nUpgrade `symfony/symfony` to version 2.7.7 or higher.\n\n\n## References\n\n- [GitHub Commit](https://github.com/symphonycms/symphony-2/commit/1ace6b31867cc83267b3550686271c9c65ac3ec0)\n\n- [NVD](https://nvd.nist.gov/vuln/detail/CVE-2018-12043)\n","disclosureTime":"2025-08-15T13:51:54.396Z","exploitMaturity":"no-known-exploit","from":["symfony/symfony@2.3.1"],"functions":[],"id":"SNYK-PHP-SYMFONYSYMFONY-173745","identifiers":{"CVE":["CVE-2018-12043"],"CWE":["CWE-79"]},"isPatchable":false,"isPinnable":false,"isUpgradable":false,"language":"php","package":"symfony/symfony","packageManager":"composer","patches":[],"publicationTime":"2025-08-15T13:51:54.396Z","semver":{"vulnerable":["<2.7.7"]},"severity":"medium","title":"Cross-site Scripting (XSS)","type":"vuln","upgradePath":[],"url":"https://snyk.io/vuln/SNYK-PHP-SYMFONYSYMFONY-173745","version":"2.3.1"},{"CVSSv3":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","credit":["Alexandre Salome"],"cvssScore":3.7,"description":"## Overview\nAffected versions of [`symfony/symfony`](https://packagist.org/packages/symfony/symfony) are vulnerable to Loss of Information.\n\nWhen using the Validator component, if Symfony\\\\Component\\\\Validator\\\\Mapping\\\\Cache\\\\ApcCache is enabled (or any other cache implementing Symfony\\\\Component\\\\Validator\\\\Mapping\\\\Cache\\\\CacheInterface), some information is lost during serialization (the collectionCascaded and the collectionCascadedDeeply fields).\n\n## Remediation\nUpgrade `symfony/symfony` to version 2.3.3, 2.1.12, 2.2.5, 2.0.24 or higher.\n\n## References\n- [Symfony Release Notes](http://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-released)\n","disclosureTime":"2025-08-15T13:51:54.396Z","exploitMaturity":"no-known-exploit","from":["symfony/symfony@2.3.1"],"functions":[],"id":"SNYK-PHP-SYMFONYSYMFONY-70207","identifiers":{"CVE":["CVE-2013-4751"],"CWE":["CWE-221"]},"isPatchable":false,"isPinnable":false,"isUpgradable":false,"language":"php","package":"symfony/symfony","packageManager":"composer","patches":[],"publicationTime":"2025-08-15T13:51:54.396Z","semver":{"vulnerable":[">=2.3.0, <2.3.3",">=2.1.0, <2.1.12",">=2.2.0, <2.2.5",">=2, <2.0.24"]},"severity":"low","title":"Loss of Information","type":"vuln","upgradePath":[],"url":"https://snyk.io/vuln/SNYK-PHP-SYMFONYSYMFONY-70207","version":"2.3.1"},{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","credit":["Jordan Alliot"],"cvssScore":8.2,"description":"## Overview\nAffected versions of [`symfony/symfony`](https://packagist.org/packages/symfony/symfony) are vulnerable to HTTP Host Header Poisoning.\n\n## Remediation\nUpgrade `symfony/symfony` to version 2.3.3, 2.1.12, 2.2.5, 2.0.24 or higher.\n\n## References\n- [Symfony Release Notes](http://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-released)\n","disclosureTime":"2025-08-15T13:51:54.396Z","exploitMaturity":"no-known-exploit","from":["symfony/symfony@2.3.1"],"functions":[],"id":"SNYK-PHP-SYMFONYSYMFONY-70208","identifiers":{"CVE":["CVE-2013-4752"],"CWE":["CWE-74"]},"isPatchable":false,"isPinnable":false,"isUpgradable":false,"language":"php","package":"symfony/symfony","packageManager":"composer","patches":[],"publicationTime":"2025-08-15T13:51:54.396Z","semver":{"vulnerable":[">=2.3.0, <2.3.3",">=2.1.0, <2.1.12",">=2.2.0, <2.2.5",">=2, <2.0.24"]},"severity":"high","title":"HTTP Host Header Poisoning","type":"vuln","upgradePath":[],"url":"https://snyk.io/vuln/SNYK-PHP-SYMFONYSYMFONY-70208","version":"2.3.1"},{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","credit":["Unknown"],"cvssScore":5.3,"description":"## Overview\nAffected versions of [`symfony/symfony`](https://packagist.org/packages/symfony/symfony) are vulnerable to Denial of Service (DoS).\n\nThe Security component in Symfony 2.0.x before 2.0.25, 2.1.x before 2.1.13, 2.2.x before 2.2.9, and 2.3.x before 2.3.6 allows remote attackers to cause a denial of service (CPU consumption) via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation, a similar issue to [CVE-2013-5750](https://snyk.io/vuln/SNYK-PHP-FRIENDSOFSYMFONYUSERBUNDLE-70102).\n\n## Details\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.\r\n\r\nUnlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.\r\n\r\nOne popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.\r\n\r\nWhen it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.\r\n\r\nTwo common types of DoS vulnerabilities:\r\n\r\n* High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, [commons-fileupload:commons-fileupload](SNYK-JAVA-COMMONSFILEUPLOAD-30082).\r\n\r\n* Crash - An attacker sending crafted requests that could cause the system to crash. For Example, [npm `ws` package](npm:ws:20171108)\n\n## Remediation\nUpgrade `symfony/symfony` to version 2.3.6, 2.1.13, 2.2.9, 2.0.25 or higher.\n\n## References\n- [NVD](https://nvd.nist.gov/vuln/detail/CVE-2013-5958)\n- [Symfony Release Notes](http://symfony.com/blog/security-releases-cve-2013-5958-symfony-2-0-25-2-1-13-2-2-9-and-2-3-6-released)\n","disclosureTime":"2025-08-15T13:51:54.396Z","exploitMaturity":"no-known-exploit","from":["symfony/symfony@2.3.1"],"functions":[],"id":"SNYK-PHP-SYMFONYSYMFONY-70209","identifiers":{"CVE":["CVE-2013-5958"],"CWE":["CWE-400"]},"isPatchable":false,"isPinnable":false,"isUpgradable":false,"language":"php","package":"symfony/symfony","packageManager":"composer","patches":[],"publicationTime":"2025-08-15T13:51:54.396Z","semver":{"vulnerable":[">=2, <2.0.25",">=2.1.0, <2.1.13",">=2.2.0, <2.2.9",">=2.3.0, <2.3.6"]},"severity":"medium","title":"Denial of Service (DoS)","type":"vuln","upgradePath":[],"url":"https://snyk.io/vuln/SNYK-PHP-SYMFONYSYMFONY-70209","version":"2.3.1"},{"CVSSv3":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L","credit":["Jeremy Derussé"],"cvssScore":5.6,"description":"## Overview\nAffected versions of [`symfony/symfony`](https://packagist.org/packages/symfony/symfony) are vulnerable to Arbitrary Code Injection.\n\n## Remediation\nUpgrade `symfony/symfony` to version 2.3.19, 2.2.0, 2.4.9, 2.5.4, 2.3.0, 2.1.0 or higher.\n\n## References\n- [Symfony Release Notes](http://symfony.com/blog/security-releases-cve-2014-4931-symfony-2-3-18-2-4-8-and-2-5-2-released)\n- [GitHub Commit](https://github.com/symfony/symfony/commit/06a80fbdbe744ad6f3010479ba64ef5cf35dd9af)\n","disclosureTime":"2025-08-15T13:51:54.396Z","exploitMaturity":"no-known-exploit","from":["symfony/symfony@2.3.1"],"functions":[],"id":"SNYK-PHP-SYMFONYSYMFONY-70210","identifiers":{"CVE":["CVE-2014-4931"],"CWE":["CWE-94"]},"isPatchable":false,"isPinnable":false,"isUpgradable":false,"language":"php","package":"symfony/symfony","packageManager":"composer","patches":[],"publicationTime":"2025-08-15T13:51:54.396Z","semver":{"vulnerable":[">=2.3.0, <2.3.19",">=2.1.0, <2.2.0",">=2.4.0, <2.4.9",">=2.5.0, <2.5.4",">=2.2.0, <2.3.0",">=2, <2.1.0"]},"severity":"medium","title":"Arbitrary Code Injection","type":"vuln","upgradePath":[],"url":"https://snyk.io/vuln/SNYK-PHP-SYMFONYSYMFONY-70210","version":"2.3.1"},{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","credit":["Unknown"],"cvssScore":5.3,"description":"## Overview\nAffected versions of [`symfony/symfony`](https://packagist.org/packages/symfony/symfony) are vulnerable to Denial of Service (DoS).\n\n## Details\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.\r\n\r\nUnlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.\r\n\r\nOne popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.\r\n\r\nWhen it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.\r\n\r\nTwo common types of DoS vulnerabilities:\r\n\r\n* High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, [commons-fileupload:commons-fileupload](SNYK-JAVA-COMMONSFILEUPLOAD-30082).\r\n\r\n* Crash - An attacker sending crafted requests that could cause the system to crash. For Example, [npm `ws` package](npm:ws:20171108)\n\n## Remediation\nUpgrade `symfony/symfony` to version 2.3.19, 2.4.9, 2.5.4 or higher.\n\n## References\n- [Symfony Release Notes](http://symfony.com/blog/cve-2014-5244-denial-of-service-with-a-malicious-http-host-header)\n- [GitHub PR](https://github.com/symfony/symfony/pull/11828)\n- [GitHub Commit](https://github.com/symfony/symfony/commit/1ee96a8b1b0987ffe2a62dca7ad268bf9edfa9b8)\n","disclosureTime":"2025-08-15T13:51:54.396Z","exploitMaturity":"no-known-exploit","from":["symfony/symfony@2.3.1"],"functions":[],"id":"SNYK-PHP-SYMFONYSYMFONY-70211","identifiers":{"CVE":["CVE-2014-5244"],"CWE":["CWE-400"]},"isPatchable":false,"isPinnable":false,"isUpgradable":false,"language":"php","package":"symfony/symfony","packageManager":"composer","patches":[],"publicationTime":"2025-08-15T13:51:54.396Z","semver":{"vulnerable":[">=2, <2.3.19",">=2.4.0, <2.4.9",">=2.5.0, <2.5.4"]},"severity":"medium","title":"Denial of Service (DoS)","type":"vuln","upgradePath":[],"url":"https://snyk.io/vuln/SNYK-PHP-SYMFONYSYMFONY-70211","version":"2.3.1"},{"CVSSv3":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","credit":["Cédric Nirousset","Trent Steel","Christophe Coevoet"],"cvssScore":3.7,"description":"## Overview\nAffected versions of [`symfony/symfony`](https://packagist.org/packages/symfony/symfony) are vulnerable to Information Exposure.\n\nWhen you enable the ESI feature and when you are using a proxy like Varnish that you configured as a trusted proxy, the FragmentHandler considered requests to render fragments as coming from a trusted source, even if the client was requesting them directly. Symfony can not distinguish between ESI requests done on behalf of the client by Varnish and faked fragment requests coming directly from the client.\n\n## Remediation\nUpgrade `symfony/symfony` to version 2.3.19, 2.2.0, 2.4.9, 2.5.4, 2.3.0, 2.1.0 or higher.\n\n## References\n- [Symfony Release Notes](http://symfony.com/blog/cve-2014-5245-direct-access-of-esi-urls-behind-a-trusted-proxy)\n- [GitHub PR](https://github.com/symfony/symfony/pull/11831)\n","disclosureTime":"2025-08-15T13:51:54.396Z","exploitMaturity":"no-known-exploit","from":["symfony/symfony@2.3.1"],"functions":[],"id":"SNYK-PHP-SYMFONYSYMFONY-70212","identifiers":{"CVE":["CVE-2014-5245"],"CWE":["CWE-200"]},"isPatchable":false,"isPinnable":false,"isUpgradable":false,"language":"php","package":"symfony/symfony","packageManager":"composer","patches":[],"publicationTime":"2025-08-15T13:51:54.396Z","semver":{"vulnerable":[">=2.3.0, <2.3.19",">=2.1.0, <2.2.0",">=2.4.0, <2.4.9",">=2.5.0, <2.5.4",">=2.2.0, <2.3.0",">=2, <2.1.0"]},"severity":"low","title":"Information Exposure","type":"vuln","upgradePath":[],"url":"https://snyk.io/vuln/SNYK-PHP-SYMFONYSYMFONY-70212","version":"2.3.1"},{"CVSSv3":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","credit":["Damien Tournoud"],"cvssScore":3.7,"description":"## Overview\nAffected versions of [`symfony/symfony`](https://packagist.org/packages/symfony/symfony) are vulnerable to Authentication Bypass.\n\nWhen an application uses an HTTP basic or digest authentication, Symfony does not parse the Authorization header properly, which could be exploited in some server setups (no exploits have been demonstrated though.)\n\n## Remediation\nUpgrade `symfony/symfony` to version 2.3.19, 2.2.0, 2.4.9, 2.5.4, 2.3.0, 2.1.0 or higher.\n\n## References\n- [Symfony Release Notes](http://symfony.com/blog/cve-2014-6061-security-issue-when-parsing-the-authorization-header)\n- [GitHub Issue](https://github.com/symfony/symfony/pull/11829)\n","disclosureTime":"2025-08-15T13:51:54.396Z","exploitMaturity":"no-known-exploit","from":["symfony/symfony@2.3.1"],"functions":[],"id":"SNYK-PHP-SYMFONYSYMFONY-70213","identifiers":{"CVE":["CVE-2014-6061"],"CWE":["CWE-592"]},"isPatchable":false,"isPinnable":false,"isUpgradable":false,"language":"php","package":"symfony/symfony","packageManager":"composer","patches":[],"publicationTime":"2025-08-15T13:51:54.396Z","semver":{"vulnerable":[">=2.3.0, <2.3.19",">=2.1.0, <2.2.0",">=2.4.0, <2.4.9",">=2.5.0, <2.5.4",">=2.2.0, <2.3.0",">=2, <2.1.0"]},"severity":"low","title":"Authentication Bypass","type":"vuln","upgradePath":[],"url":"https://snyk.io/vuln/SNYK-PHP-SYMFONYSYMFONY-70213","version":"2.3.1"},{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L","credit":["Unknown"],"cvssScore":6.3,"description":"## Overview\nAffected versions of [`symfony/symfony`](https://packagist.org/packages/symfony/symfony) are vulnerable to Cross-site Request Forgery (CSRF).\n\n## Remediation\nUpgrade `symfony/symfony` to version 2.3.19, 2.2.0, 2.4.9, 2.5.4, 2.3.0, 2.1.0 or higher.\n\n## References\n- [Symfony Release Notes](http://symfony.com/blog/cve-2014-6072-csrf-vulnerability-in-the-web-profiler)\n","disclosureTime":"2025-08-15T13:51:54.396Z","exploitMaturity":"no-known-exploit","from":["symfony/symfony@2.3.1"],"functions":[],"id":"SNYK-PHP-SYMFONYSYMFONY-70214","identifiers":{"CVE":["CVE-2014-6072"],"CWE":["CWE-352"]},"isPatchable":false,"isPinnable":false,"isUpgradable":false,"language":"php","package":"symfony/symfony","packageManager":"composer","patches":[],"publicationTime":"2025-08-15T13:51:54.396Z","semver":{"vulnerable":[">=2.3.0, <2.3.19",">=2.1.0, <2.2.0",">=2.4.0, <2.4.9",">=2.5.0, <2.5.4",">=2.2.0, <2.3.0",">=2, <2.1.0"]},"severity":"medium","title":"Cross-site Request Forgery (CSRF)","type":"vuln","upgradePath":[],"url":"https://snyk.io/vuln/SNYK-PHP-SYMFONYSYMFONY-70214","version":"2.3.1"},{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L","credit":["Unknown"],"cvssScore":6.3,"description":"## Overview\nAffected versions of [`symfony/symfony`](https://packagist.org/packages/symfony/symfony) are vulnerable to Arbitrary Code Injection.\n\nEval injection vulnerability in the HttpCache class in HttpKernel in Symfony 2.x before 2.3.27, 2.4.x and 2.5.x before 2.5.11, and 2.6.x before 2.6.6 allows remote attackers to execute arbitrary PHP code via a `language=\"php\"` attribute of a SCRIPT element.\n\n## Remediation\nUpgrade `symfony/symfony` to version 2.3.27, 2.6.6, 2.2.0, 2.5.0, 2.5.11, 2.3.0, 2.1.0 or higher.\n\n## References\n- [Symfony Release Notes](http://symfony.com/blog/cve-2015-2308-esi-code-injection)\n","disclosureTime":"2025-08-15T13:51:54.396Z","exploitMaturity":"no-known-exploit","from":["symfony/symfony@2.3.1"],"functions":[],"id":"SNYK-PHP-SYMFONYSYMFONY-70215","identifiers":{"CVE":["CVE-2015-2308"],"CWE":["CWE-94"]},"isPatchable":false,"isPinnable":false,"isUpgradable":false,"language":"php","package":"symfony/symfony","packageManager":"composer","patches":[],"publicationTime":"2025-08-15T13:51:54.397Z","semver":{"vulnerable":[">=2.3.0, <2.3.27",">=2.6.0, <2.6.6",">=2.1.0, <2.2.0",">=2.4.0, <2.5.0",">=2.5.0, <2.5.11",">=2.2.0, <2.3.0",">=2, <2.1.0"]},"severity":"medium","title":"Arbitrary Code Injection","type":"vuln","upgradePath":[],"url":"https://snyk.io/vuln/SNYK-PHP-SYMFONYSYMFONY-70215","version":"2.3.1"},{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","credit":["Dmitrii Chekaliuk"],"cvssScore":6.5,"description":"## Overview\nAffected versions of [`symfony/symfony`](https://packagist.org/packages/symfony/symfony) are vulnerable to Man-in-the-Middle (MitM).\n\nThe `Symfony\\Component\\HttpFoundation\\Request` class provides a mechanism that ensures it does not trust HTTP header values coming from a \"non-trusted\" client. Unfortunately, it assumes that the remote address is always a trusted client if at least one trusted proxy is involved in the request; this allows a man-in-the-middle attack between the latest trusted proxy and the web server.\n\n## Remediation\nUpgrade `symfony/symfony` to version 2.3.27, 2.5.11, 2.6.6 or higher.\n\n## References\n- [Symfony Release Notes](http://symfony.com/blog/cve-2015-2309-unsafe-methods-in-the-request-class)\n","disclosureTime":"2025-08-15T13:51:54.397Z","exploitMaturity":"no-known-exploit","from":["symfony/symfony@2.3.1"],"functions":[],"id":"SNYK-PHP-SYMFONYSYMFONY-70216","identifiers":{"CVE":["CVE-2015-2309"],"CWE":["CWE-300"]},"isPatchable":false,"isPinnable":false,"isUpgradable":false,"language":"php","package":"symfony/symfony","packageManager":"composer","patches":[],"publicationTime":"2025-08-15T13:51:54.397Z","semver":{"vulnerable":[">=2, <2.3.27",">=2.4.0, <2.5.11",">=2.6.0, <2.6.6"]},"severity":"medium","title":"Man-in-the-Middle (MitM)","type":"vuln","upgradePath":[],"url":"https://snyk.io/vuln/SNYK-PHP-SYMFONYSYMFONY-70216","version":"2.3.1"},{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L","credit":["Unknown"],"cvssScore":6.3,"description":"## Overview\nAffected versions of [`symfony/symfony`](https://packagist.org/packages/symfony/symfony) are vulnerable to Session Fixation.\n\n## Remediation\nUpgrade `symfony/symfony` to version 2.3.35, 2.6.12, 2.5.0, 2.7.7, 2.6.0 or higher.\n\n## References\n- [Symfony Release Notes](http://symfony.com/blog/cve-2015-8124-session-fixation-in-the-remember-me-login-feature)\n","disclosureTime":"2025-08-15T13:51:54.397Z","exploitMaturity":"no-known-exploit","from":["symfony/symfony@2.3.1"],"functions":[],"id":"SNYK-PHP-SYMFONYSYMFONY-70218","identifiers":{"CVE":["CVE-2015-8124"],"CWE":["CWE-384"]},"isPatchable":false,"isPinnable":false,"isUpgradable":false,"language":"php","package":"symfony/symfony","packageManager":"composer","patches":[],"publicationTime":"2025-08-15T13:51:54.397Z","semver":{"vulnerable":[">=2.3.0, <2.3.35",">=2.6.0, <2.6.12",">=2.4.0, <2.5.0",">=2.7.0, <2.7.7",">=2.5.0, <2.6.0"]},"severity":"medium","title":"Session Fixation","type":"vuln","upgradePath":[],"url":"https://snyk.io/vuln/SNYK-PHP-SYMFONYSYMFONY-70218","version":"2.3.1"},{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","credit":["Sebastiaan Stok"],"cvssScore":7.3,"description":"## Overview\nAffected versions of [`symfony/symfony`](https://packagist.org/packages/symfony/symfony) are vulnerable to Timing Attack.\n\nSymfony 2.3.x before 2.3.35, 2.6.x before 2.6.12, and 2.7.x before 2.7.7 might allow remote attackers to have unspecified impact via a timing attack involving:\n* Symfony/Component/Security/Http/RememberMe/PersistentTokenBasedRememberMeServices or\n* Symfony/Component/Security/Http/Firewall/DigestAuthenticationListener class in the Symfony Security Component, or\n* legacy CSRF implementation from the Symfony/Component/Form/Extension/Csrf/CsrfProvider/DefaultCsrfProvider class in the Symfony Form component.\n\n## Remediation\nUpgrade `symfony/symfony` to version 2.3.35, 2.6.12, 2.5.0, 2.7.7, 2.6.0 or higher.\n\n## References\n- [Symfony Release Notes](http://symfony.com/blog/cve-2015-8125-potential-remote-timing-attack-vulnerability-in-security-remember-me-service)\n","disclosureTime":"2025-08-15T13:51:54.397Z","exploitMaturity":"no-known-exploit","from":["symfony/symfony@2.3.1"],"functions":[],"id":"SNYK-PHP-SYMFONYSYMFONY-70219","identifiers":{"CVE":["CVE-2015-8125"],"CWE":["CWE-208"]},"isPatchable":false,"isPinnable":false,"isUpgradable":false,"language":"php","package":"symfony/symfony","packageManager":"composer","patches":[],"publicationTime":"2025-08-15T13:51:54.397Z","semver":{"vulnerable":[">=2.3.0, <2.3.35",">=2.6.0, <2.6.12",">=2.4.0, <2.5.0",">=2.7.0, <2.7.7",">=2.5.0, <2.6.0"]},"severity":"high","title":"Timing Attack","type":"vuln","upgradePath":[],"url":"https://snyk.io/vuln/SNYK-PHP-SYMFONYSYMFONY-70219","version":"2.3.1"},{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","credit":["Unknown"],"cvssScore":7.5,"description":"## Overview\nAffected versions of [`symfony/symfony`](https://packagist.org/packages/symfony/symfony) are vulnerable to Insecure Randomness .\n\nThe nextBytes function in the SecureRandom class in Symfony before 2.3.37, 2.6.x before 2.6.13, and 2.7.x before 2.7.9 does not properly generate random numbers when used with PHP 5.x without the paragonie/random_compat library and the openssl_random_pseudo_bytes function fails, which makes it easier for attackers to defeat cryptographic protection mechanisms via unspecified vectors.\n\n## Remediation\nUpgrade `symfony/symfony` to version 2.3.37, 2.6.13, 2.5.0, 2.7.9, 2.6.0 or higher.\n\n## References\n- [Symfony Release Notes](http://symfony.com/blog/cve-2016-1902-securerandom-s-fallback-not-secure-when-openssl-fails)\n","disclosureTime":"2025-08-15T13:51:54.397Z","exploitMaturity":"no-known-exploit","from":["symfony/symfony@2.3.1"],"functions":[],"id":"SNYK-PHP-SYMFONYSYMFONY-70220","identifiers":{"CVE":["CVE-2016-1902"],"CWE":["CWE-330"]},"isPatchable":false,"isPinnable":false,"isUpgradable":false,"language":"php","package":"symfony/symfony","packageManager":"composer","patches":[],"publicationTime":"2025-08-15T13:51:54.397Z","semver":{"vulnerable":[">=2.3.0, <2.3.37",">=2.6.0, <2.6.13",">=2.4.0, <2.5.0",">=2.7.0, <2.7.9",">=2.5.0, <2.6.0"]},"severity":"high","title":"Insecure Randomness","type":"vuln","upgradePath":[],"url":"https://snyk.io/vuln/SNYK-PHP-SYMFONYSYMFONY-70220","version":"2.3.1"},{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","credit":["Marek Alaksa"],"cvssScore":7.5,"description":"## Overview\nAffected versions of [`symfony/symfony`](https://packagist.org/packages/symfony/symfony) are vulnerable to Denial of Service (DoS).\n\nThe attemptAuthentication function in Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php in Symfony before 2.3.41, 2.7.x before 2.7.13, 2.8.x before 2.8.6, and 3.0.x before 3.0.6 does not limit the length of a username stored in a session, which allows remote attackers to cause a denial of service (session storage consumption) via a series of authentication attempts with long, non-existent usernames.\n\n## Details\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.\r\n\r\nUnlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.\r\n\r\nOne popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.\r\n\r\nWhen it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.\r\n\r\nTwo common types of DoS vulnerabilities:\r\n\r\n* High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, [commons-fileupload:commons-fileupload](SNYK-JAVA-COMMONSFILEUPLOAD-30082).\r\n\r\n* Crash - An attacker sending crafted requests that could cause the system to crash. For Example, [npm `ws` package](npm:ws:20171108)\n\n## Remediation\nUpgrade `symfony/symfony` to version 2.3.41, 2.7.0, 2.5.0, 2.7.13, 2.6.0, 2.8.6, 3.0.6 or higher.\n\n## References\n- [Symfony Release Notes](http://symfony.com/blog/cve-2016-4423-large-username-storage-in-session)\n- [GitHub PR](https://github.com/symfony/symfony/pull/18733)\n","disclosureTime":"2025-08-15T13:51:54.397Z","exploitMaturity":"no-known-exploit","from":["symfony/symfony@2.3.1"],"functions":[],"id":"SNYK-PHP-SYMFONYSYMFONY-70222","identifiers":{"CVE":["CVE-2016-4423"],"CWE":["CWE-400"]},"isPatchable":false,"isPinnable":false,"isUpgradable":false,"language":"php","package":"symfony/symfony","packageManager":"composer","patches":[],"publicationTime":"2025-08-15T13:51:54.397Z","semver":{"vulnerable":[">=2.3.0, <2.3.41",">=2.6.0, <2.7.0",">=2.4.0, <2.5.0",">=2.7.0, <2.7.13",">=2.5.0, <2.6.0",">=2.8.0, <2.8.6",">=3, <3.0.6"]},"severity":"high","title":"Denial of Service (DoS)","type":"vuln","upgradePath":[],"url":"https://snyk.io/vuln/SNYK-PHP-SYMFONYSYMFONY-70222","version":"2.3.1"},{"CVSSv3":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","credit":["Federico Stange"],"cvssScore":5.9,"description":"## Overview\n[symfony/symfony](https://packagist.org/packages/symfony/symfony) is a set of reusable PHP components.\n\nAffected versions of this package are vulnerable to Denial of Service (DoS) attacks via the `PDOSessionHandler` class.\n\n**An application is vulnerable when:**\n\n* It uses `PDOSessionHandler` to store its sessions\n* And it uses MySQL as a backend for sessions managed by `PDOSessionHandler`\n* And the SQL mode does not contain `STRICT_ALL_TABLES` or `STRICT_TRANS_TABLES`.\n\nWith this configuration, An attacker may conduct a denial of service by a well-crafted session, which leads to an infinite loop in the code.\n\n## Details\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.\r\n\r\nUnlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.\r\n\r\nOne popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.\r\n\r\nWhen it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.\r\n\r\nTwo common types of DoS vulnerabilities:\r\n\r\n* High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, [commons-fileupload:commons-fileupload](SNYK-JAVA-COMMONSFILEUPLOAD-30082).\r\n\r\n* Crash - An attacker sending crafted requests that could cause the system to crash. For Example, [npm `ws` package](npm:ws:20171108)\n\n## Remediation\nUpgrade `symfony/symfony` to versions 2.7.48, 2.8.41, 3.3.17, 3.4.11, 4.0.11 or higher.\n\n## References\n- [Symphony Security Advisory](https://symfony.com/cve-2018-11386)\n","disclosureTime":"2025-08-15T13:51:54.397Z","exploitMaturity":"no-known-exploit","from":["symfony/symfony@2.3.1"],"functions":[],"id":"SNYK-PHP-SYMFONYSYMFONY-72196","identifiers":{"CVE":["CVE-2018-11386"],"CWE":["CWE-835"]},"isPatchable":false,"isPinnable":false,"isUpgradable":false,"language":"php","package":"symfony/symfony","packageManager":"composer","patches":[],"publicationTime":"2025-08-15T13:51:54.397Z","semver":{"vulnerable":["<2.7.48",">=2.8.0, <2.8.41",">=3.0.0, <3.3.17",">=3.4.0, <3.4.11",">=4.0.0, <4.0.11"]},"severity":"medium","title":"Denial of Service (DoS)","type":"vuln","upgradePath":[],"url":"https://snyk.io/vuln/SNYK-PHP-SYMFONYSYMFONY-72196","version":"2.3.1"},{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","credit":["Theo Bouge"],"cvssScore":9.8,"description":"## Overview\n[symfony/symfony](https://packagist.org/packages/symfony/symfony) is a set of PHP components.\n\nAffected versions of this package are vulnerable to Access Restriction Bypass. A misconfigured LDAP server allowed unauthorized access, due to a missing check for `null` passwords.\n\n**Note:** This is related to [CVE-2016-2403](https://snyk.io/vuln/SNYK-PHP-SYMFONYSYMFONY-70221).\n\n## Remediation\nUpgrade `symfony/symfony` to versions 2.8.37, 3.3.17, 3.4.7, 4.0.7 or higher.\n\n## References\n- [Symphony Security Advisory](https://symfony.com/cve-2018-11407)\n","disclosureTime":"2025-08-15T13:51:54.397Z","exploitMaturity":"no-known-exploit","from":["symfony/symfony@2.3.1"],"functions":[],"id":"SNYK-PHP-SYMFONYSYMFONY-72197","identifiers":{"CVE":["CVE-2018-11407"],"CWE":["CWE-284"]},"isPatchable":false,"isPinnable":false,"isUpgradable":false,"language":"php","package":"symfony/symfony","packageManager":"composer","patches":[],"publicationTime":"2025-08-15T13:51:54.397Z","semver":{"vulnerable":["<2.8.37",">=3.0.0, <3.3.17",">=3.4.0, <3.4.7",">=4.0.0, <4.0.7"]},"severity":"critical","title":"Access Restriction Bypass","type":"vuln","upgradePath":[],"url":"https://snyk.io/vuln/SNYK-PHP-SYMFONYSYMFONY-72197","version":"2.3.1"},{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","credit":["Kevin Liagre"],"cvssScore":8.8,"description":"## Overview\n[symfony/symfony](https://packagist.org/packages/symfony/symfony) is a set of reusable PHP components.\n\nAffected versions of this package are vulnerable to CSRF Token Fixation. CSRF tokens where not erased during logout, when the `invalidate_session` option was disabled. By default, a user’s session is invalidated when the user is logged out.\n\n## Remediation\nUpgrade `symfony/symfony` to versions 2.7.48, 2.8.41, 3.3.17, 3.4.11, 4.0.11 or higher.\n\n## References\n- [Symphony Security Advisory](https://symfony.com/cve-2018-11406)\n","disclosureTime":"2025-08-15T13:51:54.397Z","exploitMaturity":"no-known-exploit","from":["symfony/symfony@2.3.1"],"functions":[],"id":"SNYK-PHP-SYMFONYSYMFONY-72198","identifiers":{"CVE":["CVE-2018-11406"],"CWE":["CWE-384"]},"isPatchable":false,"isPinnable":false,"isUpgradable":false,"language":"php","package":"symfony/symfony","packageManager":"composer","patches":[],"publicationTime":"2025-08-15T13:51:54.397Z","semver":{"vulnerable":["<2.7.48",">=2.8.0, <2.8.41",">=3.0.0, <3.3.17",">=3.4.0, <3.4.11",">=4.0.0, <4.0.11"]},"severity":"high","title":"CSRF Token Fixation","type":"vuln","upgradePath":[],"url":"https://snyk.io/vuln/SNYK-PHP-SYMFONYSYMFONY-72198","version":"2.3.1"},{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","credit":["Antal Aron"],"cvssScore":6.1,"description":"## Overview\n[symfony/symfony](https://packagist.org/packages/symfony/symfony) is a set of reusable PHP components.\n\nAffected versions of this package are vulnerable to Open Redirect. This is due to an incomplete fix for [CVE-2017-16652](https://snyk.io/vuln/SNYK-PHP-SYMFONYSYMFONY-70381). There was an an edge case when the `security.http_utils` was inlined by the container.\n\n## Remediation\nUpgrade `symfony/symfony` to versions 2.7.48, 2.8.41, 3.3.17, 3.4.11, 4.0.11 or higher.\n\n## References\n- [Symphony Security Advisory](https://symfony.com/cve-2018-11408)\n","disclosureTime":"2025-08-15T13:51:54.397Z","exploitMaturity":"no-known-exploit","from":["symfony/symfony@2.3.1"],"functions":[],"id":"SNYK-PHP-SYMFONYSYMFONY-72199","identifiers":{"CVE":["CVE-2018-11408"],"CWE":["CWE-601"]},"isPatchable":false,"isPinnable":false,"isUpgradable":false,"language":"php","package":"symfony/symfony","packageManager":"composer","patches":[],"publicationTime":"2025-08-15T13:51:54.397Z","semver":{"vulnerable":["<2.7.48",">=2.8.0, <2.8.41",">=3.0.0, <3.3.17",">=3.4.0, <3.4.11",">=4.0.0, <4.0.11"]},"severity":"medium","title":"Open Redirect","type":"vuln","upgradePath":[],"url":"https://snyk.io/vuln/SNYK-PHP-SYMFONYSYMFONY-72199","version":"2.3.1"},{"CVSSv3":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","credit":["Chris Wilkinson"],"cvssScore":8.1,"description":"## Overview\n[symfony/symfony](https://packagist.org/packages/symfony/symfony) is a set of reusable PHP components.\n\nAffected versions of this package are vulnerable to Session Fixation via the `Guard` login feature. An attacker may be able to impersonate the victim towards the web application if the session id value was previously known to the attacker. This allows the attacker to access a Symfony web application with the attacked user's permissions.\n\n**Note:**\n* The `Guard authentication` login feature must be enabled for the attack to be applicable.\n* The attacker must have access to the `PHPSESSID` cookie value or has successfully set a new value in the user's browser.\n\n## Remediation\nUpgrade `symfony/symfony` to versions 2.7.48, 2.8.41, 3.3.17, 3.4.11, 4.0.11 or higher.\n\n## References\n- [Symphony Security Advisory](https://symfony.com/cve-2018-11385)\n","disclosureTime":"2025-08-15T13:51:54.397Z","exploitMaturity":"no-known-exploit","from":["symfony/symfony@2.3.1"],"functions":[],"id":"SNYK-PHP-SYMFONYSYMFONY-72200","identifiers":{"CVE":["CVE-2018-11385"],"CWE":["CWE-384"]},"isPatchable":false,"isPinnable":false,"isUpgradable":false,"language":"php","package":"symfony/symfony","packageManager":"composer","patches":[],"publicationTime":"2025-08-15T13:51:54.397Z","semver":{"vulnerable":["<2.7.48",">=2.8.0, <2.8.41",">=3.0.0, <3.3.17",">=3.4.0, <3.4.11",">=4.0.0, <4.0.11"]},"severity":"high","title":"Session Fixation","type":"vuln","upgradePath":[],"url":"https://snyk.io/vuln/SNYK-PHP-SYMFONYSYMFONY-72200","version":"2.3.1"},{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","credit":["Unknown"],"cvssScore":6.1,"description":"## Overview\n[symfony/symfony](https://packagist.org/packages/symfony/symfony) is the The Symfony PHP framework.\n\nAffected versions of this package are vulnerable to Cross-site Scripting (XSS) attacks via the `ExceptionHandler.php` method.\n\n## Details\nA cross-site scripting attack occurs when the attacker tricks a legitimate web-based application or site to accept a request as originating from a trusted source.\r\n\r\nThis is done by escaping the context of the web application; the web application then delivers that data to its users along with other trusted dynamic content, without validating it. The browser unknowingly executes malicious script on the client side (through client-side languages; usually JavaScript or HTML) in order to perform actions that are otherwise typically blocked by the browser’s Same Origin Policy.\r\n\r\nֿInjecting malicious code is the most prevalent manner by which XSS is exploited; for this reason, escaping characters in order to prevent this manipulation is the top method for securing code against this vulnerability.\r\n\r\nEscaping means that the application is coded to mark key characters, and particularly key characters included in user input, to prevent those characters from being interpreted in a dangerous context. For example, in HTML, `<` can be coded as `<`; and `>` can be coded as `>`; in order to be interpreted and displayed as themselves in text, while within the code itself, they are used for HTML tags. If malicious content is injected into an application that escapes special characters and that malicious content uses `<` and `>` as HTML tags, those characters are nonetheless not interpreted as HTML tags by the browser if they’ve been correctly escaped in the application code and in this way the attempted attack is diverted.\r\n \r\nThe most prominent use of XSS is to steal cookies (source: OWASP HttpOnly) and hijack user sessions, but XSS exploits have been used to expose sensitive information, enable access to privileged services and functionality and deliver malware. \r\n\r\n### Types of attacks\r\nThere are a few methods by which XSS can be manipulated:\r\n\r\n|Type|Origin|Description|\r\n|--|--|--|\r\n|**Stored**|Server|The malicious code is inserted in the application (usually as a link) by the attacker. The code is activated every time a user clicks the link.|\r\n|**Reflected**|Server|The attacker delivers a malicious link externally from the vulnerable web site application to a user. When clicked, malicious code is sent to the vulnerable web site, which reflects the attack back to the user’s browser.| \r\n|**DOM-based**|Client|The attacker forces the user’s browser to render a malicious page. The data in the page itself delivers the cross-site scripting data.|\r\n|**Mutated**| |The attacker injects code that appears safe, but is then rewritten and modified by the browser, while parsing the markup. An example is rebalancing unclosed quotation marks or even adding quotation marks to unquoted parameters.|\r\n\r\n### Affected environments\r\nThe following environments are susceptible to an XSS attack:\r\n\r\n* Web servers\r\n* Application servers\r\n* Web application environments\r\n\r\n### How to prevent\r\nThis section describes the top best practices designed to specifically protect your code: \r\n\r\n* Sanitize data input in an HTTP request before reflecting it back, ensuring all data is validated, filtered or escaped before echoing anything back to the user, such as the values of query parameters during searches. \r\n* Convert special characters such as `?`, `&`, `/`, `<`, `>` and spaces to their respective HTML or URL encoded equivalents. \r\n* Give users the option to disable client-side scripts.\r\n* Redirect invalid requests.\r\n* Detect simultaneous logins, including those from two separate IP addresses, and invalidate those sessions.\r\n* Use and enforce a Content Security Policy (source: Wikipedia) to disable any features that might be manipulated for an XSS attack.\r\n* Read the documentation for any of the libraries referenced in your code to understand which elements allow for embedded HTML.\n\n\n## Remediation\nUpgrade `symfony/symfony` to versions 2.7.33, 2.8.26, 3.2.13, 3.3.6 or higher.\n\n## References\n- [GitHub PR](https://github.com/symfony/symfony/pull/23684)\n- [GitHub Issue](https://github.com/symfony/symfony/issues/27987)\n","disclosureTime":"2025-08-15T13:51:54.397Z","exploitMaturity":"no-known-exploit","from":["symfony/symfony@2.3.1"],"functions":[],"id":"SNYK-PHP-SYMFONYSYMFONY-72246","identifiers":{"CVE":["CVE-2017-18343"],"CWE":["CWE-79"]},"isPatchable":false,"isPinnable":false,"isUpgradable":false,"language":"php","package":"symfony/symfony","packageManager":"composer","patches":[],"publicationTime":"2025-08-15T13:51:54.397Z","semver":{"vulnerable":["<2.7.33",">=2.8.0, <2.8.26",">=3.0.0, <3.2.13",">=3.3.0, <3.3.6"]},"severity":"medium","title":"Cross-site Scripting (XSS)","type":"vuln","upgradePath":[],"url":"https://snyk.io/vuln/SNYK-PHP-SYMFONYSYMFONY-72246","version":"2.3.1"},{"CVSSv3":"CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/RL:O","credit":["Fabien Potencier"],"cvssScore":4.8,"description":"## Overview\n\n[twig/twig](https://packagist.org/packages/twig/twig) is a flexible, fast, and secure template language for PHP.\n\n\nAffected versions of this package are vulnerable to Information Exposure\ndue to allowing the evaluation of non-trusted templates in a sandbox, where everything is forbidden if not explicitly allowed by a sandbox policy (tags, filters, functions, method calls, ...).\r\n\r\n*Note: If you are not using the sandbox, your code is not affected.*\n\n## Remediation\n\nUpgrade `twig/twig` to version 1.38.0, 2.7.0 or higher.\n\n\n## References\n\n- [GitHub Commit](https://github.com/twigphp/Twig/commit/0f3af98ef6e71929ad67fb6e5f3ad65777c1c4c5)\n\n- [Twig Security Advisory](https://symfony.com/blog/twig-sandbox-information-disclosure)\n","disclosureTime":"2025-08-15T13:51:54.397Z","exploitMaturity":"no-known-exploit","from":["symfony/symfony@2.3.1","twig/twig@1.35.0"],"functions":[],"id":"SNYK-PHP-TWIGTWIG-173776","identifiers":{"CVE":["CVE-2019-9942"],"CWE":["CWE-200"]},"isPatchable":false,"isPinnable":false,"isUpgradable":false,"language":"php","package":"twig/twig","packageManager":"composer","patches":[],"publicationTime":"2025-08-15T13:51:54.397Z","semver":{"vulnerable":[">=1.0.0, <1.38.0",">=2.0.0, <2.7.0"]},"severity":"medium","title":"Information Exposure","type":"vuln","upgradePath":[],"url":"https://snyk.io/vuln/SNYK-PHP-TWIGTWIG-173776","version":"1.35.0"},{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","credit":["Unknown"],"cvssScore":9.8,"description":"## Overview\n[twig/twig](https://packagist.org/packages/twig/twig) is a flexible, fast, and secure template language for PHP.\n\nAffected versions of this package are vulnerable to Server Side Template Injection (SSTI) via the `search_key` parameter.\n\n## Remediation\nUpgrade `twig/twig` to version 2.4.4 or higher.\n\n## References\n- [Exploit-DB](https://www.exploit-db.com/exploits/44102/)\n- [GitHub Commit](https://github.com/twigphp/Twig/commit/eddb97148ad779f27e670e1e3f19fb323aedafeb)\n- [GitHub ChangLog](https://github.com/twigphp/Twig/blob/2.x/CHANGELOG)\n","disclosureTime":"2025-08-15T13:51:54.397Z","exploitMaturity":"no-known-exploit","from":["symfony/symfony@2.3.1","twig/twig@1.35.0"],"functions":[],"id":"SNYK-PHP-TWIGTWIG-72239","identifiers":{"CVE":["CVE-2018-13818"],"CWE":["CWE-94"]},"isPatchable":false,"isPinnable":false,"isUpgradable":false,"language":"php","package":"twig/twig","packageManager":"composer","patches":[],"publicationTime":"2025-08-15T13:51:54.397Z","semver":{"vulnerable":["<2.4.4"]},"severity":"critical","title":"Server Side Template Injection (SSTI)","type":"vuln","upgradePath":[],"url":"https://snyk.io/vuln/SNYK-PHP-TWIGTWIG-72239","version":"1.35.0"},{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","credit":["Unknown"],"cvssScore":7.3,"description":"## Overview\nAffected versions of [`yiisoft/yii`](https://packagist.org/packages/yiisoft/yii) are vulnerable to Arbitrary Code Execution.\n\nThe CDetailView widget in Yii PHP Framework 1.1.14 allows remote attackers to execute arbitrary PHP scripts via vectors related to the value property.\n\n## Remediation\nUpgrade `yiisoft/yii` to version 1.1.15 or higher.\n\n## References\n- [Yii Framework Security Advisory](http://www.yiiframework.com/news/78/yii-1-1-15-is-released-security-fix/)\n","disclosureTime":"2025-08-15T13:51:54.397Z","exploitMaturity":"no-known-exploit","from":["yiisoft/yii@1.1.14"],"functions":[],"id":"SNYK-PHP-YIISOFTYII-70295","identifiers":{"CVE":["CVE-2014-4672"],"CWE":["CWE-94"]},"isPatchable":false,"isPinnable":false,"isUpgradable":false,"language":"php","package":"yiisoft/yii","packageManager":"composer","patches":[],"publicationTime":"2025-08-15T13:51:54.397Z","semver":{"vulnerable":["<1.1.15"]},"severity":"high","title":"Arbitrary Code Execution","type":"vuln","upgradePath":[],"url":"https://snyk.io/vuln/SNYK-PHP-YIISOFTYII-70295","version":"1.1.14"},{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","credit":["codemagician"],"cvssScore":6.5,"description":"## Overview\nAffected versions of [`zendframework/zendframework`](https://packagist.org/packages/zendframework/zendframework) are vulnerable to Route Parameter Injection.\n\n## Remediation\nUpgrade `zendframework/zendframework` to version 2.1.4, 2.0.8 or higher.\n\n## References\n- [Zend Framework Security Advisory](https://framework.zend.com/security/advisory/ZF2013-01)\n","disclosureTime":"2025-08-15T13:51:54.397Z","exploitMaturity":"no-known-exploit","from":["zendframework/zendframework@2.1.0"],"functions":[],"id":"SNYK-PHP-ZENDFRAMEWORKZENDFRAMEWORK-70321","identifiers":{"CVE":[],"CWE":["CWE-74"]},"isPatchable":false,"isPinnable":false,"isUpgradable":false,"language":"php","package":"zendframework/zendframework","packageManager":"composer","patches":[],"publicationTime":"2025-08-15T13:51:54.397Z","semver":{"vulnerable":[">=2.1.0, <2.1.4",">=2, <2.0.8"]},"severity":"medium","title":"Route Parameter Injection","type":"vuln","upgradePath":[],"url":"https://snyk.io/vuln/SNYK-PHP-ZENDFRAMEWORKZENDFRAMEWORK-70321","version":"2.1.0"},{"CVSSv3":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","credit":["Pádraic Brady"],"cvssScore":3.7,"description":"## Overview\nAffected versions of [`zendframework/zendframework`](https://packagist.org/packages/zendframework/zendframework) are vulnerable to Information Exposure.\n\n## Remediation\nUpgrade `zendframework/zendframework` to version 2.1.4, 2.0.8 or higher.\n\n## References\n- [Zend Framework Security Advisory](https://framework.zend.com/security/advisory/ZF2013-02)\n","disclosureTime":"2025-08-15T13:51:54.397Z","exploitMaturity":"no-known-exploit","from":["zendframework/zendframework@2.1.0"],"functions":[],"id":"SNYK-PHP-ZENDFRAMEWORKZENDFRAMEWORK-70322","identifiers":{"CVE":[],"CWE":["CWE-200"]},"isPatchable":false,"isPinnable":false,"isUpgradable":false,"language":"php","package":"zendframework/zendframework","packageManager":"composer","patches":[],"publicationTime":"2025-08-15T13:51:54.397Z","semver":{"vulnerable":[">=2.1.0, <2.1.4",">=2, <2.0.8"]},"severity":"low","title":"Information Exposure","type":"vuln","upgradePath":[],"url":"https://snyk.io/vuln/SNYK-PHP-ZENDFRAMEWORKZENDFRAMEWORK-70322","version":"2.1.0"},{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L","credit":["Axel Helmert"],"cvssScore":6.3,"description":"## Overview\nAffected versions of [`zendframework/zendframework`](https://packagist.org/packages/zendframework/zendframework) are vulnerable to SQL Injection due to execution of platform-specific SQL containing interpolations.\n\n## Remediation\nUpgrade `zendframework/zendframework` to version 2.1.4, 2.0.8 or higher.\n\n## References\n- [Zend Framework Security Advisory](https://framework.zend.com/security/advisory/ZF2013-03)\n","disclosureTime":"2025-08-15T13:51:54.397Z","exploitMaturity":"no-known-exploit","from":["zendframework/zendframework@2.1.0"],"functions":[],"id":"SNYK-PHP-ZENDFRAMEWORKZENDFRAMEWORK-70323","identifiers":{"CVE":[],"CWE":["CWE-89"]},"isPatchable":false,"isPinnable":false,"isUpgradable":false,"language":"php","package":"zendframework/zendframework","packageManager":"composer","patches":[],"publicationTime":"2025-08-15T13:51:54.397Z","semver":{"vulnerable":[">=2.1.0, <2.1.4",">=2, <2.0.8"]},"severity":"medium","title":"SQL Injection","type":"vuln","upgradePath":[],"url":"https://snyk.io/vuln/SNYK-PHP-ZENDFRAMEWORKZENDFRAMEWORK-70323","version":"2.1.0"},{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","credit":["Steve Talbot"],"cvssScore":5.3,"description":"## Overview\nAffected versions of [`zendframework/zendframework`](https://packagist.org/packages/zendframework/zendframework) are vulnerable to Potential IP Spoofing.\n\n## Remediation\nUpgrade `zendframework/zendframework` to version 2.2.5 or higher.\n\n## References\n- [Zend Framework Security Advisory](https://framework.zend.com/security/advisory/ZF2013-04)\n","disclosureTime":"2025-08-15T13:51:54.397Z","exploitMaturity":"no-known-exploit","from":["zendframework/zendframework@2.1.0"],"functions":[],"id":"SNYK-PHP-ZENDFRAMEWORKZENDFRAMEWORK-70324","identifiers":{"CVE":[],"CWE":["CWE-290"]},"isPatchable":false,"isPinnable":false,"isUpgradable":false,"language":"php","package":"zendframework/zendframework","packageManager":"composer","patches":[],"publicationTime":"2025-08-15T13:51:54.397Z","semver":{"vulnerable":["<2.2.5"]},"severity":"medium","title":"IP Spoofing","type":"vuln","upgradePath":[],"url":"https://snyk.io/vuln/SNYK-PHP-ZENDFRAMEWORKZENDFRAMEWORK-70324","version":"2.1.0"},{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","credit":["Lukas Reschke"],"cvssScore":7.3,"description":"## Overview\nAffected versions of [`zendframework/zendframework`](https://packagist.org/packages/zendframework/zendframework) are vulnerable to XML External Entity (XXE) Injection.\n\n## Details\n\nXXE Injection is a type of attack against an application that parses XML input.\r\nXML is a markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable. By default, many XML processors allow specification of an external entity, a URI that is dereferenced and evaluated during XML processing. When an XML document is being parsed, the parser can make a request and include the content at the specified URI inside of the XML document.\r\n\r\nAttacks can include disclosing local files, which may contain sensitive data such as passwords or private user data, using file: schemes or relative paths in the system identifier.\r\n\r\nFor example, below is a sample XML document, containing an XML element- username.\r\n\r\n```xml\r\n\r\n John\r\n\r\n```\r\n\r\nAn external XML entity - `xxe`, is defined using a system identifier and present within a DOCTYPE header. These entities can access local or remote content. For example the below code contains an external XML entity that would fetch the content of `/etc/passwd` and display it to the user rendered by `username`.\r\n\r\n```xml\r\n\r\n]>\r\n &xxe;\r\n\r\n```\r\n\r\nOther XXE Injection attacks can access local resources that may not stop returning data, possibly impacting application availability and leading to Denial of Service.\n\n## Remediation\nUpgrade `zendframework/zendframework` to version 2.1.6, 2.2.6 or higher.\n\n## References\n- [Zend Framework Security Advisory](https://framework.zend.com/security/advisory/ZF2014-01)\n","disclosureTime":"2025-08-15T13:51:54.397Z","exploitMaturity":"no-known-exploit","from":["zendframework/zendframework@2.1.0"],"functions":[],"id":"SNYK-PHP-ZENDFRAMEWORKZENDFRAMEWORK-70325","identifiers":{"CVE":[],"CWE":["CWE-611"]},"isPatchable":false,"isPinnable":false,"isUpgradable":false,"language":"php","package":"zendframework/zendframework","packageManager":"composer","patches":[],"publicationTime":"2025-08-15T13:51:54.397Z","semver":{"vulnerable":[">=2.1.0, <2.1.6",">=2.2.0, <2.2.6"]},"severity":"high","title":"XML External Entity (XXE) Injection","type":"vuln","upgradePath":[],"url":"https://snyk.io/vuln/SNYK-PHP-ZENDFRAMEWORKZENDFRAMEWORK-70325","version":"2.1.0"},{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","credit":["Unknown"],"cvssScore":6.5,"description":"## Overview\nAffected versions of [`zendframework/zendframework`](https://packagist.org/packages/zendframework/zendframework) are vulnerable to Cross-site Scripting (XSS).\n\n## Details\nA cross-site scripting attack occurs when the attacker tricks a legitimate web-based application or site to accept a request as originating from a trusted source.\r\n\r\nThis is done by escaping the context of the web application; the web application then delivers that data to its users along with other trusted dynamic content, without validating it. The browser unknowingly executes malicious script on the client side (through client-side languages; usually JavaScript or HTML) in order to perform actions that are otherwise typically blocked by the browser’s Same Origin Policy.\r\n\r\nֿInjecting malicious code is the most prevalent manner by which XSS is exploited; for this reason, escaping characters in order to prevent this manipulation is the top method for securing code against this vulnerability.\r\n\r\nEscaping means that the application is coded to mark key characters, and particularly key characters included in user input, to prevent those characters from being interpreted in a dangerous context. For example, in HTML, `<` can be coded as `<`; and `>` can be coded as `>`; in order to be interpreted and displayed as themselves in text, while within the code itself, they are used for HTML tags. If malicious content is injected into an application that escapes special characters and that malicious content uses `<` and `>` as HTML tags, those characters are nonetheless not interpreted as HTML tags by the browser if they’ve been correctly escaped in the application code and in this way the attempted attack is diverted.\r\n \r\nThe most prominent use of XSS is to steal cookies (source: OWASP HttpOnly) and hijack user sessions, but XSS exploits have been used to expose sensitive information, enable access to privileged services and functionality and deliver malware. \r\n\r\n### Types of attacks\r\nThere are a few methods by which XSS can be manipulated:\r\n\r\n|Type|Origin|Description|\r\n|--|--|--|\r\n|**Stored**|Server|The malicious code is inserted in the application (usually as a link) by the attacker. The code is activated every time a user clicks the link.|\r\n|**Reflected**|Server|The attacker delivers a malicious link externally from the vulnerable web site application to a user. When clicked, malicious code is sent to the vulnerable web site, which reflects the attack back to the user’s browser.| \r\n|**DOM-based**|Client|The attacker forces the user’s browser to render a malicious page. The data in the page itself delivers the cross-site scripting data.|\r\n|**Mutated**| |The attacker injects code that appears safe, but is then rewritten and modified by the browser, while parsing the markup. An example is rebalancing unclosed quotation marks or even adding quotation marks to unquoted parameters.|\r\n\r\n### Affected environments\r\nThe following environments are susceptible to an XSS attack:\r\n\r\n* Web servers\r\n* Application servers\r\n* Web application environments\r\n\r\n### How to prevent\r\nThis section describes the top best practices designed to specifically protect your code: \r\n\r\n* Sanitize data input in an HTTP request before reflecting it back, ensuring all data is validated, filtered or escaped before echoing anything back to the user, such as the values of query parameters during searches. \r\n* Convert special characters such as `?`, `&`, `/`, `<`, `>` and spaces to their respective HTML or URL encoded equivalents. \r\n* Give users the option to disable client-side scripts.\r\n* Redirect invalid requests.\r\n* Detect simultaneous logins, including those from two separate IP addresses, and invalidate those sessions.\r\n* Use and enforce a Content Security Policy (source: Wikipedia) to disable any features that might be manipulated for an XSS attack.\r\n* Read the documentation for any of the libraries referenced in your code to understand which elements allow for embedded HTML.\n\n\n## Remediation\nUpgrade `zendframework/zendframework` to version 2.3.1, 2.2.7 or higher.\n\n## References\n- [Zend Framework Security Advisory](https://framework.zend.com/security/advisory/ZF2014-03)\n","disclosureTime":"2025-08-15T13:51:54.397Z","exploitMaturity":"no-known-exploit","from":["zendframework/zendframework@2.1.0"],"functions":[],"id":"SNYK-PHP-ZENDFRAMEWORKZENDFRAMEWORK-70326","identifiers":{"CVE":[],"CWE":["CWE-79"]},"isPatchable":false,"isPinnable":false,"isUpgradable":false,"language":"php","package":"zendframework/zendframework","packageManager":"composer","patches":[],"publicationTime":"2025-08-15T13:51:54.397Z","semver":{"vulnerable":[">=2.3.0, <2.3.1",">=2, <2.2.7"]},"severity":"medium","title":"Cross-site Scripting (XSS)","type":"vuln","upgradePath":[],"url":"https://snyk.io/vuln/SNYK-PHP-ZENDFRAMEWORKZENDFRAMEWORK-70326","version":"2.1.0"},{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","credit":["Matthew Daley"],"cvssScore":5.3,"description":"## Overview\nAffected versions of [`zendframework/zendframework`](https://packagist.org/packages/zendframework/zendframework) are vulnerable to Authentication Bypass.\n\n## Remediation\nUpgrade `zendframework/zendframework` to version 2.3.3, 2.2.8 or higher.\n\n## References\n- [Zend Framework Security Advisory](https://framework.zend.com/security/advisory/ZF2014-05)\n","disclosureTime":"2025-08-15T13:51:54.397Z","exploitMaturity":"no-known-exploit","from":["zendframework/zendframework@2.1.0"],"functions":[],"id":"SNYK-PHP-ZENDFRAMEWORKZENDFRAMEWORK-70327","identifiers":{"CVE":["CVE-2014-8088"],"CWE":["CWE-592"]},"isPatchable":false,"isPinnable":false,"isUpgradable":false,"language":"php","package":"zendframework/zendframework","packageManager":"composer","patches":[],"publicationTime":"2025-08-15T13:51:54.397Z","semver":{"vulnerable":[">=2.3.0, <2.3.3",">=2, <2.2.8"]},"severity":"medium","title":"Authentication Bypass","type":"vuln","upgradePath":[],"url":"https://snyk.io/vuln/SNYK-PHP-ZENDFRAMEWORKZENDFRAMEWORK-70327","version":"2.1.0"},{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L","credit":["Jonas Sandström"],"cvssScore":6.3,"description":"## Overview\nAffected versions of [`zendframework/zendframework`](https://packagist.org/packages/zendframework/zendframework) are vulnerable to SQL Injection vector when manually quoting values for sqlsrv extension, using null byte.\n\n## Remediation\nUpgrade `zendframework/zendframework` to version 2.3.3, 2.2.8 or higher.\n\n## References\n- [Zend Framework Security Advisory](https://framework.zend.com/security/advisory/ZF2014-06)\n","disclosureTime":"2025-08-15T13:51:54.397Z","exploitMaturity":"no-known-exploit","from":["zendframework/zendframework@2.1.0"],"functions":[],"id":"SNYK-PHP-ZENDFRAMEWORKZENDFRAMEWORK-70328","identifiers":{"CVE":["CVE-2014-8089"],"CWE":["CWE-89"]},"isPatchable":false,"isPinnable":false,"isUpgradable":false,"language":"php","package":"zendframework/zendframework","packageManager":"composer","patches":[],"publicationTime":"2025-08-15T13:51:54.397Z","semver":{"vulnerable":[">=2.3.0, <2.3.3",">=2, <2.2.8"]},"severity":"medium","title":"SQL Injection","type":"vuln","upgradePath":[],"url":"https://snyk.io/vuln/SNYK-PHP-ZENDFRAMEWORKZENDFRAMEWORK-70328","version":"2.1.0"},{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","credit":["Yuriy Dyachenko"],"cvssScore":5.3,"description":"## Overview\nAffected versions of [`zendframework/zendframework`](https://packagist.org/packages/zendframework/zendframework) are vulnerable to Insufficient Session Validation.\n\n`Zend\\Session` session validators do not work as expected if set prior to the start of a session.\n\nThe implication is that subsequent calls to `Zend\\Session\\SessionManager#start()` (in later requests, assuming a session was created) will not have any validator metadata attached, which causes any validator metadata to be re-built from scratch, thus marking the session as valid.\n\nAn attacker is thus able to simply ignore session validators such as `RemoteAddr` or `HttpUserAgent`, since the \"signature\" that these validators check against is not being stored in the session.\n\n## Remediation\nUpgrade `zendframework/zendframework` to version 2.3.4, 2.2.9 or higher.\n\n## References\n- [Zend Framework Security Advisory](https://framework.zend.com/security/advisory/ZF2015-01)\n","disclosureTime":"2025-08-15T13:51:54.397Z","exploitMaturity":"no-known-exploit","from":["zendframework/zendframework@2.1.0"],"functions":[],"id":"SNYK-PHP-ZENDFRAMEWORKZENDFRAMEWORK-70329","identifiers":{"CVE":[],"CWE":["CWE-284"]},"isPatchable":false,"isPinnable":false,"isUpgradable":false,"language":"php","package":"zendframework/zendframework","packageManager":"composer","patches":[],"publicationTime":"2025-08-15T13:51:54.397Z","semver":{"vulnerable":[">=2.3.0, <2.3.4",">=2, <2.2.9"]},"severity":"medium","title":"Insufficient Session Validation","type":"vuln","upgradePath":[],"url":"https://snyk.io/vuln/SNYK-PHP-ZENDFRAMEWORKZENDFRAMEWORK-70329","version":"2.1.0"},{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L","credit":["Grigory Ivanov"],"cvssScore":6.3,"description":"## Overview\nAffected versions of [`zendframework/zendframework`](https://packagist.org/packages/zendframework/zendframework) are vulnerable to SQL Injection.\n\n## Remediation\nUpgrade `zendframework/zendframework` to version 2.3.5, 2.2.10 or higher.\n\n## References\n- [Zend Framework Security Advisory](https://framework.zend.com/security/advisory/ZF2015-02)\n","disclosureTime":"2025-08-15T13:51:54.397Z","exploitMaturity":"no-known-exploit","from":["zendframework/zendframework@2.1.0"],"functions":[],"id":"SNYK-PHP-ZENDFRAMEWORKZENDFRAMEWORK-70330","identifiers":{"CVE":["CVE-2015-0270"],"CWE":["CWE-89"]},"isPatchable":false,"isPinnable":false,"isUpgradable":false,"language":"php","package":"zendframework/zendframework","packageManager":"composer","patches":[],"publicationTime":"2025-08-15T13:51:54.397Z","semver":{"vulnerable":[">=2.3.0, <2.3.5",">=2, <2.2.10"]},"severity":"medium","title":"SQL Injection","type":"vuln","upgradePath":[],"url":"https://snyk.io/vuln/SNYK-PHP-ZENDFRAMEWORKZENDFRAMEWORK-70330","version":"2.1.0"},{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","credit":["Filippo Tessarotto","Maks3w"],"cvssScore":5.3,"description":"## Overview\nAffected versions of [`zendframework/zendframework`](https://packagist.org/packages/zendframework/zendframework) are vulnerable to Potential CRLF injection attacks in mail and HTTP headers.\n\n## Remediation\nUpgrade `zendframework/zendframework` to version 2.3.8, 2.4.1 or higher.\n\n## References\n- [Zend Framework Security Advisory](https://framework.zend.com/security/advisory/ZF2015-04)\n","disclosureTime":"2025-08-15T13:51:54.397Z","exploitMaturity":"no-known-exploit","from":["zendframework/zendframework@2.1.0"],"functions":[],"id":"SNYK-PHP-ZENDFRAMEWORKZENDFRAMEWORK-70332","identifiers":{"CVE":["CVE-2015-3154"],"CWE":["CWE-113"]},"isPatchable":false,"isPinnable":false,"isUpgradable":false,"language":"php","package":"zendframework/zendframework","packageManager":"composer","patches":[],"publicationTime":"2025-08-15T13:51:54.397Z","semver":{"vulnerable":["<2.3.8",">=2.4.0, <2.4.1"]},"severity":"medium","title":"CRLF Injection","type":"vuln","upgradePath":[],"url":"https://snyk.io/vuln/SNYK-PHP-ZENDFRAMEWORKZENDFRAMEWORK-70332","version":"2.1.0"},{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:R","credit":["Dawid Golunski"],"cvssScore":6.3,"description":"## Overview\r\nAffected versions of [`zendframework/zendframework`](https://packagist.org/packages/zendframework/zendframework) are vulnerable to XML External Entity (XXE) Injection.\r\n\r\n## Details\r\n\r\nXXE Injection is a type of attack against an application that parses XML input.\r\nXML is a markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable. By default, many XML processors allow specification of an external entity, a URI that is dereferenced and evaluated during XML processing. When an XML document is being parsed, the parser can make a request and include the content at the specified URI inside of the XML document.\r\n\r\nAttacks can include disclosing local files, which may contain sensitive data such as passwords or private user data, using file: schemes or relative paths in the system identifier.\r\n\r\nFor example, below is a sample XML document, containing an XML element- username.\r\n\r\n```xml\r\n\r\n John\r\n\r\n```\r\n\r\nAn external XML entity - `xxe`, is defined using a system identifier and present within a DOCTYPE header. These entities can access local or remote content. For example the below code contains an external XML entity that would fetch the content of `/etc/passwd` and display it to the user rendered by `username`.\r\n\r\n```xml\r\n\r\n]>\r\n &xxe;\r\n\r\n```\r\n\r\nOther XXE Injection attacks can access local resources that may not stop returning data, possibly impacting application availability and leading to Denial of Service.\r\n\r\n## Remediation\r\nUpgrade `zendframework/zendframework` to version 2.4.6, 2.5.1 or higher.\r\n\r\n## References\r\n- [Zend Framework Security Advisory](https://framework.zend.com/security/advisory/ZF2015-06)","disclosureTime":"2025-08-15T13:51:54.397Z","exploitMaturity":"proof-of-concept","from":["zendframework/zendframework@2.1.0"],"functions":[],"id":"SNYK-PHP-ZENDFRAMEWORKZENDFRAMEWORK-70333","identifiers":{"CVE":["CVE-2015-5161"],"CWE":["CWE-611"]},"isPatchable":false,"isPinnable":false,"isUpgradable":false,"language":"php","package":"zendframework/zendframework","packageManager":"composer","patches":[],"publicationTime":"2025-08-15T13:51:54.397Z","semver":{"vulnerable":["<2.4.6",">=2.5.0, <2.5.1"]},"severity":"medium","title":"XML External Entity (XXE) Injection","type":"vuln","upgradePath":[],"url":"https://snyk.io/vuln/SNYK-PHP-ZENDFRAMEWORKZENDFRAMEWORK-70333","version":"2.1.0"},{"CVSSv3":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","credit":["Vincent Herbulot"],"cvssScore":3.7,"description":"## Overview\nAffected versions of [`zendframework/zendframework`](https://packagist.org/packages/zendframework/zendframework) are vulnerable to Information Exposure.\n\n## Remediation\nUpgrade `zendframework/zendframework` to version 2.4.9 or higher.\n\n## References\n- [Zend Framework Security Advisory](https://framework.zend.com/security/advisory/ZF2015-09)\n","disclosureTime":"2025-08-15T13:51:54.398Z","exploitMaturity":"no-known-exploit","from":["zendframework/zendframework@2.1.0"],"functions":[],"id":"SNYK-PHP-ZENDFRAMEWORKZENDFRAMEWORK-70335","identifiers":{"CVE":[],"CWE":["CWE-200"]},"isPatchable":false,"isPinnable":false,"isUpgradable":false,"language":"php","package":"zendframework/zendframework","packageManager":"composer","patches":[],"publicationTime":"2025-08-15T13:51:54.398Z","semver":{"vulnerable":["<2.4.9"]},"severity":"low","title":"Information Exposure","type":"vuln","upgradePath":[],"url":"https://snyk.io/vuln/SNYK-PHP-ZENDFRAMEWORKZENDFRAMEWORK-70335","version":"2.1.0"},{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","credit":["Unknown"],"cvssScore":7.5,"description":"## Overview\nAffected versions of [`zendframework/zendframework`](https://packagist.org/packages/zendframework/zendframework) are vulnerable to Information Exposure.\n\n## Remediation\nUpgrade `zendframework/zendframework` to version 2.4.9 or higher.\n\n## References\n- [Zend Framework Security Advisory](https://framework.zend.com/security/advisory/ZF2015-10)\n","disclosureTime":"2025-08-15T13:51:54.398Z","exploitMaturity":"no-known-exploit","from":["zendframework/zendframework@2.1.0"],"functions":[],"id":"SNYK-PHP-ZENDFRAMEWORKZENDFRAMEWORK-70336","identifiers":{"CVE":["CVE-2015-7503"],"CWE":["CWE-200"]},"isPatchable":false,"isPinnable":false,"isUpgradable":false,"language":"php","package":"zendframework/zendframework","packageManager":"composer","patches":[],"publicationTime":"2025-08-15T13:51:54.398Z","semver":{"vulnerable":[">=2, <2.4.9"]},"severity":"high","title":"Information Exposure","type":"vuln","upgradePath":[],"url":"https://snyk.io/vuln/SNYK-PHP-ZENDFRAMEWORKZENDFRAMEWORK-70336","version":"2.1.0"},{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","credit":["Dawid Golunski"],"cvssScore":7.3,"description":"## Overview\nAffected versions of [`zendframework/zendframework`](https://packagist.org/packages/zendframework/zendframework) are vulnerable to Arbitrary Code Execution.\n\n## Remediation\nUpgrade `zendframework/zendframework` to version 2.4.11 or higher.\n\n## References\n- [Zend Framework Security Advisory](https://framework.zend.com/security/advisory/ZF2016-04)\n","disclosureTime":"2025-08-15T13:51:54.398Z","exploitMaturity":"no-known-exploit","from":["zendframework/zendframework@2.1.0"],"functions":[],"id":"SNYK-PHP-ZENDFRAMEWORKZENDFRAMEWORK-70337","identifiers":{"CVE":[],"CWE":["CWE-94"]},"isPatchable":false,"isPinnable":false,"isUpgradable":false,"language":"php","package":"zendframework/zendframework","packageManager":"composer","patches":[],"publicationTime":"2025-08-15T13:51:54.398Z","semver":{"vulnerable":["<2.4.11"]},"severity":"high","title":"Arbitrary Code Execution","type":"vuln","upgradePath":[],"url":"https://snyk.io/vuln/SNYK-PHP-ZENDFRAMEWORKZENDFRAMEWORK-70337","version":"2.1.0"},{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","credit":["Drupal Security Team"],"cvssScore":5.3,"description":"## Overview\n[zendframework/zendframework](https://packagist.org/packages/zendframework/zendframework) provides functionality for consuming RSS and Atom feeds.\n\nAffected versions of this package are vulnerable to Arbitrary URL Rewrite. The request URI marshaling process contains logic that inspects HTTP request headers that are specific to a given server-side URL rewrite mechanism. \n\nWhen these headers are present on systems not running the specific URL rewriting mechanism, the URLs are subject to rewriting, allowing a malicious client or proxy to emulate the headers to request arbitrary content.\n\n## Remediation\nUpgrade `zendframework/zendframework` to version 2.5.0 or higher.\n\n## References\n- [Zend Framework Security Advisory](https://framework.zend.com/security/advisory/ZF2018-01)\n","disclosureTime":"2025-08-15T13:51:54.398Z","exploitMaturity":"no-known-exploit","from":["zendframework/zendframework@2.1.0"],"functions":[],"id":"SNYK-PHP-ZENDFRAMEWORKZENDFRAMEWORK-72268","identifiers":{"CVE":[],"CWE":["CWE-601"]},"isPatchable":false,"isPinnable":false,"isUpgradable":false,"language":"php","package":"zendframework/zendframework","packageManager":"composer","patches":[],"publicationTime":"2025-08-15T13:51:54.398Z","semver":{"vulnerable":["<2.5.0"]},"severity":"medium","title":"Arbitrary URL Rewrite","type":"vuln","upgradePath":[],"url":"https://snyk.io/vuln/SNYK-PHP-ZENDFRAMEWORKZENDFRAMEWORK-72268","version":"2.1.0"}]},"licensesPolicy":null,"ok":false,"org":{"id":"4a18d42f-0706-4ad0-b127-24078731fbed","name":"atokeneduser"},"packageManager":"composer"}}}}},"description":"OK","headers":{}}},"summary":"Test composer.json & composer.lock file","tags":["Test"]}},"/test/dep-graph":{"post":{"description":"Use this endpoint to find issues in a [DepGraph data object](https://github.com/snyk/dep-graph#depgraphdata).","operationId":"Test Dep Graph","parameters":[{"description":"The organization to test the package with. See \"The Snyk organization for a request\" above.","example":"9695cbb1-3a87-4d6f-8ae1-61a1c37ee9f7","in":"query","name":"org","required":false,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"example":{"depGraph":{"graph":{"nodes":[{"deps":[{"nodeId":"ch.qos.logback:logback-core@1.0.13"}],"nodeId":"root-node","pkgId":"app@1.0.0"},{"deps":[],"nodeId":"ch.qos.logback:logback-core@1.0.13","pkgId":"ch.qos.logback:logback-core@1.0.13"}],"rootNodeId":"root-node"},"pkgManager":{"name":"maven"},"pkgs":[{"id":"app@1.0.0","info":{"name":"app","version":"1.0.0"}},{"id":"ch.qos.logback:logback-core@1.0.13","info":{"name":"ch.qos.logback:logback-core","version":"1.0.13"}}],"schemaVersion":"1.2.0"}},"properties":{"depGraph":{"description":"A [DepGraph data object](https://github.com/snyk/dep-graph#depgraphdata) defining all packages and their relationships.","properties":{"graph":{"description":"Graph object references each pkg and how they depend on each other through the deps property.","properties":{"nodes":{"description":"Array of node objects.","items":{},"type":"array"},"rootNodeId":{"description":"Root node id.","type":"string"}},"required":["rootNodeId","nodes"],"type":"object"},"pkgManager":{"description":"Package manager information.","properties":{"name":{"description":"Package manager name.","type":"string"},"repositories":{"description":"A list of package repositories (i.e. maven-central, or npm) that defaults to the canonical package registry for the given package manager.","items":{},"type":"array"}},"required":["name"],"type":"object"},"pkgs":{"description":"Array of package dependencies.","items":{},"type":"array"},"schemaVersion":{"description":"Snyk DepGraph library schema version.","type":"string"}},"required":["schemaVersion","pkgManager","pkgs","graph"],"type":"object"}},"required":["depGraph"],"type":"object"}}}},"responses":{"200":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":{"issues":[{"fixInfo":{},"issueId":"SNYK-JAVA-CHQOSLOGBACK-30208","pkgName":"ch.qos.logback:logback-core","pkgVersion":"1.0.13"}],"issuesData":{"SNYK-JAVA-CHQOSLOGBACK-30208":{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","credit":["Unknown"],"cvssScore":9.8,"description":"## Overview\n\n[ch.qos.logback:logback-core](https://mvnrepository.com/artifact/ch.qos.logback/logback-core) is a logback-core module.\n\n\nAffected versions of this package are vulnerable to Arbitrary Code Execution.\nA configuration can be turned on to allow remote logging through interfaces that accept untrusted serialized data. Authenticated attackers on the adjacent network can exploit this vulnerability to run arbitrary code through the deserialization of custom gadget chains.\n\n## Details\nSerialization is a process of converting an object into a sequence of bytes which can be persisted to a disk or database or can be sent through streams. The reverse process of creating object from sequence of bytes is called deserialization. Serialization is commonly used for communication (sharing objects between multiple hosts) and persistence (store the object state in a file or a database). It is an integral part of popular protocols like _Remote Method Invocation (RMI)_, _Java Management Extension (JMX)_, _Java Messaging System (JMS)_, _Action Message Format (AMF)_, _Java Server Faces (JSF) ViewState_, etc.\r\n\r\n \r\n\r\n_Deserialization of untrusted data_ ([CWE-502](https://cwe.mitre.org/data/definitions/502.html)), is when the application deserializes untrusted data without sufficiently verifying that the resulting data will be valid, letting the attacker to control the state or the flow of the execution.\r\n\r\n \r\n\r\nJava deserialization issues have been known for years. However, interest in the issue intensified greatly in 2015, when classes that could be abused to achieve remote code execution were found in a [popular library (Apache Commons Collection)](https://snyk.io/vuln/SNYK-JAVA-COMMONSCOLLECTIONS-30078). These classes were used in zero-days affecting IBM WebSphere, Oracle WebLogic and many other products.\r\n\r\n \r\n\r\nAn attacker just needs to identify a piece of software that has both a vulnerable class on its path, and performs deserialization on untrusted data. Then all they need to do is send the payload into the deserializer, getting the command executed.\r\n\r\n \r\n\r\n> Developers put too much trust in Java Object Serialization. Some even de-serialize objects pre-authentication. When deserializing an Object in Java you typically cast it to an expected type, and therefore Java's strict type system will ensure you only get valid object trees. Unfortunately, by the time the type checking happens, platform code has already created and executed significant logic. So, before the final type is checked a lot of code is executed from the readObject() methods of various objects, all of which is out of the developer's control. By combining the readObject() methods of various classes which are available on the classpath of the vulnerable application an attacker can execute functions (including calling Runtime.exec() to execute local OS commands).\r\n\r\n- Apache Blog\r\n\r\n \r\n\r\nThe vulnerability, also know as _Mad Gadget_\r\n\r\n> Mad Gadget is one of the most pernicious vulnerabilities we’ve seen. By merely existing on the Java classpath, seven “gadget” classes in Apache Commons Collections (versions 3.0, 3.1, 3.2, 3.2.1, and 4.0) make object deserialization for the entire JVM process Turing complete with an exec function. Since many business applications use object deserialization to send messages across the network, it would be like hiring a bank teller who was trained to hand over all the money in the vault if asked to do so politely, and then entrusting that teller with the key. The only thing that would keep a bank safe in such a circumstance is that most people wouldn’t consider asking such a question.\r\n\r\n- Google\n\n## Remediation\n\nUpgrade `ch.qos.logback:logback-core` to version 1.1.11 or higher.\n\n\n## References\n\n- [Logback News](https://logback.qos.ch/news.html)\n\n- [NVD](https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5929/)\n","disclosureTime":"2025-08-15T13:51:54.398Z","fixedIn":["1.1.11"],"id":"SNYK-JAVA-CHQOSLOGBACK-30208","identifiers":{"CVE":["CVE-2017-5929"],"CWE":["CWE-502"]},"language":"java","mavenModuleName":{"artifactId":"logback-core","groupId":"ch.qos.logback"},"moduleName":"ch.qos.logback:logback-core","packageManager":"maven","packageName":"ch.qos.logback:logback-core","patches":[],"semver":{"vulnerable":["[, 1.1.11)"]},"severity":"critical","title":"Arbitrary Code Execution"}},"ok":false,"org":{"id":"4a18d42f-0706-4ad0-b127-24078731fbed","name":"atokeneduser"},"packageManager":"maven"}}}}},"description":"OK","headers":{}}},"summary":"Test Dep Graph","tags":["Test"]}},"/test/golangdep":{"post":{"description":"You can test your Go dep packages for issues according to their manifest file & lockfile using this action. It takes a JSON object containing a \"target\" `Gopkg.toml` and a `Gopkg.lock`.","operationId":"Test Gopkg.toml & Gopkg.lock File","parameters":[{"description":"The organization to test the package with. See \"The Snyk organization for a request\" above.","example":"9695cbb1-3a87-4d6f-8ae1-61a1c37ee9f7","in":"query","name":"org","required":false,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"example":{"encoding":"base64","files":{"additional":[{"contents":"\"# This file is autogenerated, do not edit; changes may be undone by the next 'dep ensure'.\\r\\n\\r\\n\\r\\n[[projects]]\\r\\n branch = \\\"master\\\"\\r\\n digest = \\\"1:e2a1ff1174d564ed4b75a62757f4a9081ed3b8c99ed17e47eb252b048b4ff018\\\"\\r\\n name = \\\"github.com/asaskevich/EventBus\\\"\\r\\n packages = [\\\".\\\"]\\r\\n pruneopts = \\\"UT\\\"\\r\\n revision = \\\"d46933a94f05c6657d7b923fcf5ac563ee37ec79\\\"\\r\\n\\r\\n[[projects]]\\r\\n branch = \\\"master\\\"\\r\\n digest = \\\"1:b95c3763b72359370262246870366418c1d17446195e3c73921135c2537b9655\\\"\\r\\n name = \\\"github.com/cloudevents/sdk-go\\\"\\r\\n packages = [\\r\\n \\\".\\\",\\r\\n \\\"v02\\\",\\r\\n ]\\r\\n pruneopts = \\\"UT\\\"\\r\\n revision = \\\"3a3d34a7231e937edfa20964dc25c29081c3ebea\\\"\\r\\n\\r\\n[[projects]]\\r\\n digest = \\\"1:abeb38ade3f32a92943e5be54f55ed6d6e3b6602761d74b4aab4c9dd45c18abd\\\"\\r\\n name = \\\"github.com/fsnotify/fsnotify\\\"\\r\\n packages = [\\\".\\\"]\\r\\n pruneopts = \\\"UT\\\"\\r\\n revision = \\\"c2828203cd70a50dcccfb2761f8b1f8ceef9a8e9\\\"\\r\\n version = \\\"v1.4.7\\\"\\r\\n\\r\\n[[projects]]\\r\\n branch = \\\"master\\\"\\r\\n digest = \\\"1:36fe9527deed01d2a317617e59304eb2c4ce9f8a24115bcc5c2e37b3aee5bae4\\\"\\r\\n name = \\\"github.com/gin-contrib/sse\\\"\\r\\n packages = [\\\".\\\"]\\r\\n pruneopts = \\\"UT\\\"\\r\\n revision = \\\"22d885f9ecc78bf4ee5d72b937e4bbcdc58e8cae\\\"\\r\\n\\r\\n[[projects]]\\r\\n digest = \\\"1:d5083934eb25e45d17f72ffa86cae3814f4a9d6c073c4f16b64147169b245606\\\"\\r\\n name = \\\"github.com/gin-gonic/gin\\\"\\r\\n packages = [\\r\\n \\\".\\\",\\r\\n \\\"binding\\\",\\r\\n \\\"json\\\",\\r\\n \\\"render\\\",\\r\\n ]\\r\\n pruneopts = \\\"UT\\\"\\r\\n revision = \\\"b869fe1415e4b9eb52f247441830d502aece2d4d\\\"\\r\\n version = \\\"v1.3.0\\\"\\r\\n\\r\\n[[projects]]\\r\\n digest = \\\"1:4c0989ca0bcd10799064318923b9bc2db6b4d6338dd75f3f2d86c3511aaaf5cf\\\"\\r\\n name = \\\"github.com/golang/protobuf\\\"\\r\\n packages = [\\r\\n \\\"proto\\\",\\r\\n \\\"ptypes\\\",\\r\\n \\\"ptypes/any\\\",\\r\\n \\\"ptypes/duration\\\",\\r\\n \\\"ptypes/timestamp\\\",\\r\\n ]\\r\\n pruneopts = \\\"UT\\\"\\r\\n revision = \\\"aa810b61a9c79d51363740d207bb46cf8e620ed5\\\"\\r\\n version = \\\"v1.2.0\\\"\\r\\n\\r\\n[[projects]]\\r\\n digest = \\\"1:4e0e5d786c35c402574cda1906195d9fbd76a35d2c921eb10199741faf4f0256\\\"\\r\\n name = \\\"github.com/goph/emperror\\\"\\r\\n packages = [\\\".\\\"]\\r\\n pruneopts = \\\"UT\\\"\\r\\n revision = \\\"b1b4a9b847ebc56299eb729faa942b89e9d8a562\\\"\\r\\n version = \\\"v0.14.0\\\"\\r\\n\\r\\n[[projects]]\\r\\n digest = \\\"1:dd95856542089c3e0487299d6ac92f5f2941e97625b5a5754a483c7730e8dc89\\\"\\r\\n name = \\\"github.com/goph/logur\\\"\\r\\n packages = [\\\".\\\"]\\r\\n pruneopts = \\\"UT\\\"\\r\\n revision = \\\"111a952ccfacab0a90b9e4496da21d9f15187769\\\"\\r\\n version = \\\"v0.5.0\\\"\\r\\n\\r\\n[[projects]]\\r\\n digest = \\\"1:c0d19ab64b32ce9fe5cf4ddceba78d5bc9807f0016db6b1183599da3dcc24d10\\\"\\r\\n name = \\\"github.com/hashicorp/hcl\\\"\\r\\n packages = [\\r\\n \\\".\\\",\\r\\n \\\"hcl/ast\\\",\\r\\n \\\"hcl/parser\\\",\\r\\n \\\"hcl/printer\\\",\\r\\n \\\"hcl/scanner\\\",\\r\\n \\\"hcl/strconv\\\",\\r\\n \\\"hcl/token\\\",\\r\\n \\\"json/parser\\\",\\r\\n \\\"json/scanner\\\",\\r\\n \\\"json/token\\\",\\r\\n ]\\r\\n pruneopts = \\\"UT\\\"\\r\\n revision = \\\"8cb6e5b959231cc1119e43259c4a608f9c51a241\\\"\\r\\n version = \\\"v1.0.0\\\"\\r\\n\\r\\n[[projects]]\\r\\n digest = \\\"1:be97e109f627d3ba8edfef50c9c74f0d0c17cbe3a2e924a8985e4804a894f282\\\"\\r\\n name = \\\"github.com/json-iterator/go\\\"\\r\\n packages = [\\\".\\\"]\\r\\n pruneopts = \\\"UT\\\"\\r\\n revision = \\\"36b14963da70d11297d313183d7e6388c8510e1e\\\"\\r\\n version = \\\"1.0.0\\\"\\r\\n\\r\\n[[projects]]\\r\\n digest = \\\"1:0a69a1c0db3591fcefb47f115b224592c8dfa4368b7ba9fae509d5e16cdc95c8\\\"\\r\\n name = \\\"github.com/konsorten/go-windows-terminal-sequences\\\"\\r\\n packages = [\\\".\\\"]\\r\\n pruneopts = \\\"UT\\\"\\r\\n revision = \\\"5c8c8bd35d3832f5d134ae1e1e375b69a4d25242\\\"\\r\\n version = \\\"v1.0.1\\\"\\r\\n\\r\\n[[projects]]\\r\\n digest = \\\"1:c568d7727aa262c32bdf8a3f7db83614f7af0ed661474b24588de635c20024c7\\\"\\r\\n name = \\\"github.com/magiconair/properties\\\"\\r\\n packages = [\\\".\\\"]\\r\\n pruneopts = \\\"UT\\\"\\r\\n revision = \\\"c2353362d570a7bfa228149c62842019201cfb71\\\"\\r\\n version = \\\"v1.8.0\\\"\\r\\n\\r\\n[[projects]]\\r\\n digest = \\\"1:fa610f9fe6a93f4a75e64c83673dfff9bf1a34bbb21e6102021b6bc7850834a3\\\"\\r\\n name = \\\"github.com/mattn/go-isatty\\\"\\r\\n packages = [\\\".\\\"]\\r\\n pruneopts = \\\"UT\\\"\\r\\n revision = \\\"57fdcb988a5c543893cc61bce354a6e24ab70022\\\"\\r\\n\\r\\n[[projects]]\\r\\n digest = \\\"1:53bc4cd4914cd7cd52139990d5170d6dc99067ae31c56530621b18b35fc30318\\\"\\r\\n name = \\\"github.com/mitchellh/mapstructure\\\"\\r\\n packages = [\\\".\\\"]\\r\\n pruneopts = \\\"UT\\\"\\r\\n revision = \\\"3536a929edddb9a5b34bd6861dc4a9647cb459fe\\\"\\r\\n version = \\\"v1.1.2\\\"\\r\\n\\r\\n[[projects]]\\r\\n digest = \\\"1:808cdddf087fb64baeae67b8dfaee2069034d9704923a3cb8bd96a995421a625\\\"\\r\\n name = \\\"github.com/patrickmn/go-cache\\\"\\r\\n packages = [\\\".\\\"]\\r\\n pruneopts = \\\"UT\\\"\\r\\n revision = \\\"a3647f8e31d79543b2d0f0ae2fe5c379d72cedc0\\\"\\r\\n version = \\\"v2.1.0\\\"\\r\\n\\r\\n[[projects]]\\r\\n digest = \\\"1:95741de3af260a92cc5c7f3f3061e85273f5a81b5db20d4bd68da74bd521675e\\\"\\r\\n name = \\\"github.com/pelletier/go-toml\\\"\\r\\n packages = [\\\".\\\"]\\r\\n pruneopts = \\\"UT\\\"\\r\\n revision = \\\"c01d1270ff3e442a8a57cddc1c92dc1138598194\\\"\\r\\n version = \\\"v1.2.0\\\"\\r\\n\\r\\n[[projects]]\\r\\n digest = \\\"1:40e195917a951a8bf867cd05de2a46aaf1806c50cf92eebf4c16f78cd196f747\\\"\\r\\n name = \\\"github.com/pkg/errors\\\"\\r\\n packages = [\\\".\\\"]\\r\\n pruneopts = \\\"UT\\\"\\r\\n revision = \\\"645ef00459ed84a119197bfb8d8205042c6df63d\\\"\\r\\n version = \\\"v0.8.0\\\"\\r\\n\\r\\n[[projects]]\\r\\n digest = \\\"1:274f67cb6fed9588ea2521ecdac05a6d62a8c51c074c1fccc6a49a40ba80e925\\\"\\r\\n name = \\\"github.com/satori/go.uuid\\\"\\r\\n packages = [\\\".\\\"]\\r\\n pruneopts = \\\"UT\\\"\\r\\n revision = \\\"f58768cc1a7a7e77a3bd49e98cdd21419399b6a3\\\"\\r\\n version = \\\"v1.2.0\\\"\\r\\n\\r\\n[[projects]]\\r\\n digest = \\\"1:69b1cc331fca23d702bd72f860c6a647afd0aa9fcbc1d0659b1365e26546dd70\\\"\\r\\n name = \\\"github.com/sirupsen/logrus\\\"\\r\\n packages = [\\\".\\\"]\\r\\n pruneopts = \\\"UT\\\"\\r\\n revision = \\\"bcd833dfe83d3cebad139e4a29ed79cb2318bf95\\\"\\r\\n version = \\\"v1.2.0\\\"\\r\\n\\r\\n[[projects]]\\r\\n digest = \\\"1:d707dbc1330c0ed177d4642d6ae102d5e2c847ebd0eb84562d0dc4f024531cfc\\\"\\r\\n name = \\\"github.com/spf13/afero\\\"\\r\\n packages = [\\r\\n \\\".\\\",\\r\\n \\\"mem\\\",\\r\\n ]\\r\\n pruneopts = \\\"UT\\\"\\r\\n revision = \\\"a5d6946387efe7d64d09dcba68cdd523dc1273a3\\\"\\r\\n version = \\\"v1.2.0\\\"\\r\\n\\r\\n[[projects]]\\r\\n digest = \\\"1:08d65904057412fc0270fc4812a1c90c594186819243160dc779a402d4b6d0bc\\\"\\r\\n name = \\\"github.com/spf13/cast\\\"\\r\\n packages = [\\\".\\\"]\\r\\n pruneopts = \\\"UT\\\"\\r\\n revision = \\\"8c9545af88b134710ab1cd196795e7f2388358d7\\\"\\r\\n version = \\\"v1.3.0\\\"\\r\\n\\r\\n[[projects]]\\r\\n digest = \\\"1:68ea4e23713989dc20b1bded5d9da2c5f9be14ff9885beef481848edd18c26cb\\\"\\r\\n name = \\\"github.com/spf13/jwalterweatherman\\\"\\r\\n packages = [\\\".\\\"]\\r\\n pruneopts = \\\"UT\\\"\\r\\n revision = \\\"4a4406e478ca629068e7768fc33f3f044173c0a6\\\"\\r\\n version = \\\"v1.0.0\\\"\\r\\n\\r\\n[[projects]]\\r\\n digest = \\\"1:c1b1102241e7f645bc8e0c22ae352e8f0dc6484b6cb4d132fa9f24174e0119e2\\\"\\r\\n name = \\\"github.com/spf13/pflag\\\"\\r\\n packages = [\\\".\\\"]\\r\\n pruneopts = \\\"UT\\\"\\r\\n revision = \\\"298182f68c66c05229eb03ac171abe6e309ee79a\\\"\\r\\n version = \\\"v1.0.3\\\"\\r\\n\\r\\n[[projects]]\\r\\n digest = \\\"1:de37e343c64582d7026bf8ab6ac5b22a72eac54f3a57020db31524affed9f423\\\"\\r\\n name = \\\"github.com/spf13/viper\\\"\\r\\n packages = [\\\".\\\"]\\r\\n pruneopts = \\\"UT\\\"\\r\\n revision = \\\"6d33b5a963d922d182c91e8a1c88d81fd150cfd4\\\"\\r\\n version = \\\"v1.3.1\\\"\\r\\n\\r\\n[[projects]]\\r\\n digest = \\\"1:c268acaa4a4d94a467980e5e91452eb61c460145765293dc0aed48e5e9919cc6\\\"\\r\\n name = \\\"github.com/ugorji/go\\\"\\r\\n packages = [\\\"codec\\\"]\\r\\n pruneopts = \\\"UT\\\"\\r\\n revision = \\\"c88ee250d0221a57af388746f5cf03768c21d6e2\\\"\\r\\n\\r\\n[[projects]]\\r\\n branch = \\\"master\\\"\\r\\n digest = \\\"1:38f553aff0273ad6f367cb0a0f8b6eecbaef8dc6cb8b50e57b6a81c1d5b1e332\\\"\\r\\n name = \\\"golang.org/x/crypto\\\"\\r\\n packages = [\\\"ssh/terminal\\\"]\\r\\n pruneopts = \\\"UT\\\"\\r\\n revision = \\\"505ab145d0a99da450461ae2c1a9f6cd10d1f447\\\"\\r\\n\\r\\n[[projects]]\\r\\n branch = \\\"master\\\"\\r\\n digest = \\\"1:89a0cb976397aa9157a45bb2b896d0bcd07ee095ac975e0f03c53250c402265e\\\"\\r\\n name = \\\"golang.org/x/net\\\"\\r\\n packages = [\\r\\n \\\"context\\\",\\r\\n \\\"http/httpguts\\\",\\r\\n \\\"http2\\\",\\r\\n \\\"http2/hpack\\\",\\r\\n \\\"idna\\\",\\r\\n \\\"internal/timeseries\\\",\\r\\n \\\"trace\\\",\\r\\n ]\\r\\n pruneopts = \\\"UT\\\"\\r\\n revision = \\\"e147a9138326bc0e9d4e179541ffd8af41cff8a9\\\"\\r\\n\\r\\n[[projects]]\\r\\n branch = \\\"master\\\"\\r\\n digest = \\\"1:ba8cbf57cfd92d5f8592b4aca1a35d92c162363d32aeabd5b12555f8896635e7\\\"\\r\\n name = \\\"golang.org/x/sys\\\"\\r\\n packages = [\\r\\n \\\"unix\\\",\\r\\n \\\"windows\\\",\\r\\n ]\\r\\n pruneopts = \\\"UT\\\"\\r\\n revision = \\\"4d1cda033e0619309c606fc686de3adcf599539e\\\"\\r\\n\\r\\n[[projects]]\\r\\n digest = \\\"1:a2ab62866c75542dd18d2b069fec854577a20211d7c0ea6ae746072a1dccdd18\\\"\\r\\n name = \\\"golang.org/x/text\\\"\\r\\n packages = [\\r\\n \\\"collate\\\",\\r\\n \\\"collate/build\\\",\\r\\n \\\"internal/colltab\\\",\\r\\n \\\"internal/gen\\\",\\r\\n \\\"internal/tag\\\",\\r\\n \\\"internal/triegen\\\",\\r\\n \\\"internal/ucd\\\",\\r\\n \\\"language\\\",\\r\\n \\\"secure/bidirule\\\",\\r\\n \\\"transform\\\",\\r\\n \\\"unicode/bidi\\\",\\r\\n \\\"unicode/cldr\\\",\\r\\n \\\"unicode/norm\\\",\\r\\n \\\"unicode/rangetable\\\",\\r\\n ]\\r\\n pruneopts = \\\"UT\\\"\\r\\n revision = \\\"f21a4dfb5e38f5895301dc265a8def02365cc3d0\\\"\\r\\n version = \\\"v0.3.0\\\"\\r\\n\\r\\n[[projects]]\\r\\n branch = \\\"master\\\"\\r\\n digest = \\\"1:077c1c599507b3b3e9156d17d36e1e61928ee9b53a5b420f10f28ebd4a0b275c\\\"\\r\\n name = \\\"google.golang.org/genproto\\\"\\r\\n packages = [\\\"googleapis/rpc/status\\\"]\\r\\n pruneopts = \\\"UT\\\"\\r\\n revision = \\\"bd91e49a0898e27abb88c339b432fa53d7497ac0\\\"\\r\\n\\r\\n[[projects]]\\r\\n digest = \\\"1:9edd250a3c46675d0679d87540b30c9ed253b19bd1fd1af08f4f5fb3c79fc487\\\"\\r\\n name = \\\"google.golang.org/grpc\\\"\\r\\n packages = [\\r\\n \\\".\\\",\\r\\n \\\"balancer\\\",\\r\\n \\\"balancer/base\\\",\\r\\n \\\"balancer/roundrobin\\\",\\r\\n \\\"binarylog/grpc_binarylog_v1\\\",\\r\\n \\\"codes\\\",\\r\\n \\\"connectivity\\\",\\r\\n \\\"credentials\\\",\\r\\n \\\"credentials/internal\\\",\\r\\n \\\"encoding\\\",\\r\\n \\\"encoding/proto\\\",\\r\\n \\\"grpclog\\\",\\r\\n \\\"internal\\\",\\r\\n \\\"internal/backoff\\\",\\r\\n \\\"internal/binarylog\\\",\\r\\n \\\"internal/channelz\\\",\\r\\n \\\"internal/envconfig\\\",\\r\\n \\\"internal/grpcrand\\\",\\r\\n \\\"internal/grpcsync\\\",\\r\\n \\\"internal/syscall\\\",\\r\\n \\\"internal/transport\\\",\\r\\n \\\"keepalive\\\",\\r\\n \\\"metadata\\\",\\r\\n \\\"naming\\\",\\r\\n \\\"peer\\\",\\r\\n \\\"resolver\\\",\\r\\n \\\"resolver/dns\\\",\\r\\n \\\"resolver/passthrough\\\",\\r\\n \\\"stats\\\",\\r\\n \\\"status\\\",\\r\\n \\\"tap\\\",\\r\\n ]\\r\\n pruneopts = \\\"UT\\\"\\r\\n revision = \\\"df014850f6dee74ba2fc94874043a9f3f75fbfd8\\\"\\r\\n version = \\\"v1.17.0\\\"\\r\\n\\r\\n[[projects]]\\r\\n digest = \\\"1:cbc72c4c4886a918d6ab4b95e347ffe259846260f99ebdd8a198c2331cf2b2e9\\\"\\r\\n name = \\\"gopkg.in/go-playground/validator.v8\\\"\\r\\n packages = [\\\".\\\"]\\r\\n pruneopts = \\\"UT\\\"\\r\\n revision = \\\"5f1438d3fca68893a817e4a66806cea46a9e4ebf\\\"\\r\\n version = \\\"v8.18.2\\\"\\r\\n\\r\\n[[projects]]\\r\\n digest = \\\"1:4d2e5a73dc1500038e504a8d78b986630e3626dc027bc030ba5c75da257cdb96\\\"\\r\\n name = \\\"gopkg.in/yaml.v2\\\"\\r\\n packages = [\\\".\\\"]\\r\\n pruneopts = \\\"UT\\\"\\r\\n revision = \\\"51d6538a90f86fe93ac480b35f37b2be17fef232\\\"\\r\\n version = \\\"v2.2.2\\\"\\r\\n\\r\\n[solve-meta]\\r\\n analyzer-name = \\\"dep\\\"\\r\\n analyzer-version = 1\\r\\n input-imports = [\\r\\n \\\"github.com/asaskevich/EventBus\\\",\\r\\n \\\"github.com/cloudevents/sdk-go/v02\\\",\\r\\n \\\"github.com/gin-gonic/gin\\\",\\r\\n \\\"github.com/golang/protobuf/proto\\\",\\r\\n \\\"github.com/goph/emperror\\\",\\r\\n \\\"github.com/goph/logur\\\",\\r\\n \\\"github.com/karlseguin/ccache\\\",\\r\\n \\\"github.com/patrickmn/go-cache\\\",\\r\\n \\\"github.com/pkg/errors\\\",\\r\\n \\\"github.com/satori/go.uuid\\\",\\r\\n \\\"github.com/sirupsen/logrus\\\",\\r\\n \\\"github.com/spf13/cast\\\",\\r\\n \\\"github.com/spf13/pflag\\\",\\r\\n \\\"github.com/spf13/viper\\\",\\r\\n \\\"golang.org/x/net/context\\\",\\r\\n \\\"google.golang.org/grpc\\\",\\r\\n \\\"gopkg.in/go-playground/validator.v8\\\",\\r\\n \\\"gopkg.in/yaml.v2\\\",\\r\\n ]\\r\\n solver-name = \\\"gps-cdcl\\\"\\r\\n solver-version = 1\""}],"target":{"contents":"\"# Gopkg.toml example\\r\\n#\\r\\n# Refer to https://golang.github.io/dep/docs/Gopkg.toml.html\\r\\n# for detailed Gopkg.toml documentation.\\r\\n#\\r\\n# required = [\\\"github.com/user/thing/cmd/thing\\\"]\\r\\n# ignored = [\\\"github.com/user/project/pkgX\\\", \\\"bitbucket.org/user/project/pkgA/pkgY\\\"]\\r\\n#\\r\\n# [[constraint]]\\r\\n# name = \\\"github.com/user/project\\\"\\r\\n# version = \\\"1.0.0\\\"\\r\\n#\\r\\n# [[constraint]]\\r\\n# name = \\\"github.com/user/project2\\\"\\r\\n# branch = \\\"dev\\\"\\r\\n# source = \\\"github.com/myfork/project2\\\"\\r\\n#\\r\\n# [[override]]\\r\\n# name = \\\"github.com/x/y\\\"\\r\\n# version = \\\"2.4.0\\\"\\r\\n#\\r\\n# [prune]\\r\\n# non-go = false\\r\\n# go-tests = true\\r\\n# unused-packages = true\\r\\n\\r\\n\\r\\n[[constraint]]\\r\\n branch = \\\"master\\\"\\r\\n name = \\\"github.com/asaskevich/EventBus\\\"\\r\\n\\r\\n[[constraint]]\\r\\n branch = \\\"master\\\"\\r\\n name = \\\"github.com/cloudevents/sdk-go\\\"\\r\\n\\r\\n[[constraint]]\\r\\n name = \\\"github.com/gin-gonic/gin\\\"\\r\\n version = \\\"1.3.0\\\"\\r\\n\\r\\n[[constraint]]\\r\\n name = \\\"github.com/golang/protobuf\\\"\\r\\n version = \\\"1.2.0\\\"\\r\\n\\r\\n[[constraint]]\\r\\n name = \\\"github.com/goph/emperror\\\"\\r\\n version = \\\"0.14.0\\\"\\r\\n\\r\\n[[constraint]]\\r\\n name = \\\"github.com/goph/logur\\\"\\r\\n version = \\\"0.5.0\\\"\\r\\n\\r\\n[[constraint]]\\r\\n name = \\\"github.com/patrickmn/go-cache\\\"\\r\\n version = \\\"2.1.0\\\"\\r\\n\\r\\n[[constraint]]\\r\\n name = \\\"github.com/pkg/errors\\\"\\r\\n version = \\\"0.8.0\\\"\\r\\n\\r\\n[[constraint]]\\r\\n name = \\\"github.com/satori/go.uuid\\\"\\r\\n version = \\\"1.2.0\\\"\\r\\n\\r\\n[[constraint]]\\r\\n name = \\\"github.com/sirupsen/logrus\\\"\\r\\n version = \\\"1.2.0\\\"\\r\\n\\r\\n[[constraint]]\\r\\n name = \\\"github.com/spf13/cast\\\"\\r\\n version = \\\"1.3.0\\\"\\r\\n\\r\\n[[constraint]]\\r\\n name = \\\"github.com/spf13/pflag\\\"\\r\\n version = \\\"1.0.3\\\"\\r\\n\\r\\n[[constraint]]\\r\\n name = \\\"github.com/spf13/viper\\\"\\r\\n version = \\\"1.3.1\\\"\\r\\n\\r\\n[[constraint]]\\r\\n branch = \\\"master\\\"\\r\\n name = \\\"golang.org/x/net\\\"\\r\\n\\r\\n[[constraint]]\\r\\n name = \\\"google.golang.org/grpc\\\"\\r\\n version = \\\"1.17.0\\\"\\r\\n\\r\\n[[constraint]]\\r\\n name = \\\"gopkg.in/go-playground/validator.v8\\\"\\r\\n version = \\\"8.18.2\\\"\\r\\n\\r\\n[[constraint]]\\r\\n name = \\\"gopkg.in/yaml.v2\\\"\\r\\n version = \\\"2.2.2\\\"\\r\\n\\r\\n[prune]\\r\\n go-tests = true\\r\\n unused-packages = true\""}}},"properties":{"encoding":{"default":"base64","description":"the encoding for the manifest files sent.","enum":["plain","base64"],"type":"string"},"files":{"description":"The manifest files:","properties":{"additional":{"description":"a lockfile encoded according the the \"encoding\" field.","items":{},"type":"array"},"target":{"description":"the `Gopkg.toml` file, encoded according the the \"encoding\" field.","properties":{"contents":{"type":"string"}},"type":"object"}},"required":["target","additional"],"type":"object"}},"required":["files"],"type":"object"}}}},"responses":{"200":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":{"dependencyCount":101,"issues":{"licenses":[{"from":["github.com/hashicorp/hcl/json/token@v1.0.0"],"id":"snyk:lic:golang:github.com:hashicorp:hcl:MPL-2.0","language":"golang","package":"github.com/hashicorp/hcl/json/token","packageManager":"golang","semver":{"vulnerable":[">=0"],"vulnerableHashes":["*"]},"severity":"medium","title":"MPL-2.0 license","type":"license","url":"http://localhost:34612/vuln/snyk:lic:golang:github.com:hashicorp:hcl:MPL-2.0","version":"v1.0.0"},{"from":["github.com/hashicorp/hcl/json/scanner@v1.0.0"],"id":"snyk:lic:golang:github.com:hashicorp:hcl:MPL-2.0","language":"golang","package":"github.com/hashicorp/hcl/json/scanner","packageManager":"golang","semver":{"vulnerable":[">=0"],"vulnerableHashes":["*"]},"severity":"medium","title":"MPL-2.0 license","type":"license","url":"http://localhost:34612/vuln/snyk:lic:golang:github.com:hashicorp:hcl:MPL-2.0","version":"v1.0.0"},{"from":["github.com/hashicorp/hcl/json/parser@v1.0.0"],"id":"snyk:lic:golang:github.com:hashicorp:hcl:MPL-2.0","language":"golang","package":"github.com/hashicorp/hcl/json/parser","packageManager":"golang","semver":{"vulnerable":[">=0"],"vulnerableHashes":["*"]},"severity":"medium","title":"MPL-2.0 license","type":"license","url":"http://localhost:34612/vuln/snyk:lic:golang:github.com:hashicorp:hcl:MPL-2.0","version":"v1.0.0"},{"from":["github.com/hashicorp/hcl/hcl/token@v1.0.0"],"id":"snyk:lic:golang:github.com:hashicorp:hcl:MPL-2.0","language":"golang","package":"github.com/hashicorp/hcl/hcl/token","packageManager":"golang","semver":{"vulnerable":[">=0"],"vulnerableHashes":["*"]},"severity":"medium","title":"MPL-2.0 license","type":"license","url":"http://localhost:34612/vuln/snyk:lic:golang:github.com:hashicorp:hcl:MPL-2.0","version":"v1.0.0"},{"from":["github.com/hashicorp/hcl/hcl/strconv@v1.0.0"],"id":"snyk:lic:golang:github.com:hashicorp:hcl:MPL-2.0","language":"golang","package":"github.com/hashicorp/hcl/hcl/strconv","packageManager":"golang","semver":{"vulnerable":[">=0"],"vulnerableHashes":["*"]},"severity":"medium","title":"MPL-2.0 license","type":"license","url":"http://localhost:34612/vuln/snyk:lic:golang:github.com:hashicorp:hcl:MPL-2.0","version":"v1.0.0"},{"from":["github.com/hashicorp/hcl/hcl/scanner@v1.0.0"],"id":"snyk:lic:golang:github.com:hashicorp:hcl:MPL-2.0","language":"golang","package":"github.com/hashicorp/hcl/hcl/scanner","packageManager":"golang","semver":{"vulnerable":[">=0"],"vulnerableHashes":["*"]},"severity":"medium","title":"MPL-2.0 license","type":"license","url":"http://localhost:34612/vuln/snyk:lic:golang:github.com:hashicorp:hcl:MPL-2.0","version":"v1.0.0"},{"from":["github.com/hashicorp/hcl/hcl/printer@v1.0.0"],"id":"snyk:lic:golang:github.com:hashicorp:hcl:MPL-2.0","language":"golang","package":"github.com/hashicorp/hcl/hcl/printer","packageManager":"golang","semver":{"vulnerable":[">=0"],"vulnerableHashes":["*"]},"severity":"medium","title":"MPL-2.0 license","type":"license","url":"http://localhost:34612/vuln/snyk:lic:golang:github.com:hashicorp:hcl:MPL-2.0","version":"v1.0.0"},{"from":["github.com/hashicorp/hcl/hcl/parser@v1.0.0"],"id":"snyk:lic:golang:github.com:hashicorp:hcl:MPL-2.0","language":"golang","package":"github.com/hashicorp/hcl/hcl/parser","packageManager":"golang","semver":{"vulnerable":[">=0"],"vulnerableHashes":["*"]},"severity":"medium","title":"MPL-2.0 license","type":"license","url":"http://localhost:34612/vuln/snyk:lic:golang:github.com:hashicorp:hcl:MPL-2.0","version":"v1.0.0"},{"from":["github.com/hashicorp/hcl/hcl/ast@v1.0.0"],"id":"snyk:lic:golang:github.com:hashicorp:hcl:MPL-2.0","language":"golang","package":"github.com/hashicorp/hcl/hcl/ast","packageManager":"golang","semver":{"vulnerable":[">=0"],"vulnerableHashes":["*"]},"severity":"medium","title":"MPL-2.0 license","type":"license","url":"http://localhost:34612/vuln/snyk:lic:golang:github.com:hashicorp:hcl:MPL-2.0","version":"v1.0.0"},{"from":["github.com/hashicorp/hcl@v1.0.0"],"id":"snyk:lic:golang:github.com:hashicorp:hcl:MPL-2.0","language":"golang","package":"github.com/hashicorp/hcl","packageManager":"golang","semver":{"vulnerable":[">=0"],"vulnerableHashes":["*"]},"severity":"medium","title":"MPL-2.0 license","type":"license","url":"http://localhost:34612/vuln/snyk:lic:golang:github.com:hashicorp:hcl:MPL-2.0","version":"v1.0.0"}],"vulnerabilities":[{"CVSSv3":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","credit":["josselin-c"],"cvssScore":8.1,"description":"## Overview\n[github.com/satori/go.uuid](https://github.com/satori/go.uuid) provides pure Go implementation of Universally Unique Identifier (UUID).\r\n\r\nAffected versions of this package are vulnerable to Insecure Randomness producing predictable `UUID` identifiers due to the limited number of bytes read when using the `g.rand.Read` function.\r\n \r\n## Disclosure Timeline\r\n* Jun 3th, 2018 - The vulnerability introduced by replacing the function `rand.Read()` with the function `g.rand.Read()` (https://github.com/satori/go.uuid/commit/0ef6afb2f6cdd6cdaeee3885a95099c63f18fc8c)\r\n* Mar 23th, 2018- An issue was reported.\r\n* Oct 16th, 2018 Issue fixed\r\n\r\n## Remediation\r\nA fix was merged into the master branch but not yet published.\n\n## References\n- [GitHub Commit](https://github.com/satori/go.uuid/commit/d91630c8510268e75203009fe7daf2b8e1d60c45)\n- [Github Issue](https://github.com/satori/go.uuid/issues/73)\n","disclosureTime":"2025-08-15T13:51:54.398Z","exploitMaturity":"no-known-exploit","from":["github.com/satori/go.uuid@v1.2.0"],"functions":[],"id":"SNYK-GOLANG-GITHUBCOMSATORIGOUUID-72488","identifiers":{"CVE":[],"CWE":["CWE-338"]},"isPatchable":false,"isPinnable":false,"isUpgradable":false,"language":"golang","package":"github.com/satori/go.uuid","packageManager":"golang","patches":[],"publicationTime":"2025-08-15T13:51:54.398Z","semver":{"hashesRange":[">=0ef6afb2f6cdd6cdaeee3885a95099c63f18fc8c =5c246d038fc47b8d57a474e1b212ffe646764ee9 <46132cebcf391b56842f5cf9b247d508c59bc625"],"vulnerable":["<1.6.1"],"vulnerableHashes":["cab4b9bce1bece1b6c575e1826f3e5b221faebf3","4a72e540feb67091156b907c4700e580a99f5a9d","eb74393a3d2daeafbef4f5f27c0821cbdd67559c","4332ffcfc6765245e8e9151a2907b0e4b76f218f","7eceabd47f41328d6e894418ae167ce8377bda22","ecace12e5a3e309d82c5b3b1548a3251b3bc4e2a","afb167a417ed8379c008b070fb5c0b1bc84bbcba","2b4512809110033e5ec532167efd6fabf2dd596d","c2403c32dbf8a67870ab2ba7524c117fc0652256","4077c254a6ac99930d720a9b95709dbd2614bc61","1b755bf962ec1d29e9e5e66e2cc15704fac088e7","1c9de5b4d21b94499a1e91c9b94ba06831ac5393","e3184f97e040c3121502dc382d41ac58a98b685a","0dee9793d5efd9842a2e8890fa0f8981d20b196e","3e9299d6da5749b263fc3dc93d50b5c854fa199c","152107f44ae9e38b38609fdbc75ac6f9f56c4fed","623fe598e4d5e75e70440f45298eecec414788b3","e30793aed7a30772054abfb1b3f3f703f119b55b","0596e6384a586223c56c5ea7d14467ebf5d17247","42fed751fbab3f340461d06edb896cd10cd49812","e451df796aaa605413a0b84ddd1bf39ec4a751a0","b0eece8d7d945e1e7fc98c2ae3b7dd0a860a7c2a","5c246d038fc47b8d57a474e1b212ffe646764ee9","bfa67ab988f434fd6836c1868eb5d7d1d7864e8a","9bebc660423ca974192599a6a5ea8e016a6fe1fc","e22b58954324b3593737438032412f15ed9602e9","af371eae767ceb51b8804f212bf97584d876feb3","f61899ece3fc1da206a0eb28fada0595ab381887","0d0402712b5a13d1b54a345a63ec67982e2e0089","d1ae7cd67310f482af22de3abeb26d28e65274bf","9f2c67332f48c0050846ac86e01cb5dadbd1d8fe","62bdfc482d8edaa618b544fb2beafdf0c44dce5e","699429e60f23ab0fa3bdd97b6326316be08791ad","35c01f9eb3c228201a3fc5d2301d1fc7a00bde13","a72f710d89eaabf23dad7c084082bccb26e6336f","eb84dd1b73df035e6e64c8513daaa476c72dedfc","5b73860e65598203b26d57aabc96ae0f52c9f9ab","d64cfe5c05448935c75c92f65d604c751bbf5153","62626677876330d60fe3512f59f1fd8f82799ca5","43842efeccbd8077dba8f85fc9e772e0647b82cb","d6cd7ce43faa53d212052dbbcf209029ec2ec951","ebefcddc3c4b99ae312ac575c288856e177ed6ef","83add60f217d32561ff0ff62ebf1d6db6a2a11a3","14af6755f04233fbe55cb354a9351fe05afd43a0","8530167f7f5b5eb329f5377b6b74a904482a10ed","000d36e109f5d04bad5342bb779e02b2b9b252f7","1db687f4f480c06e6cadfdb0971985df4313ddc7","689e8ec9493a4294856dc1568f5ef667e106707c","0eb8a1aac3d903b3c7925208c34f09c02910e7aa","edb31ce0a6fd7956bffc0829000c60bdd56b9f32","53fce307557cbffdbc54647ef63956b2cb0cee86","c22d5c90cf907f4f34d2bc13cad9c82a7fce9077","ef1c1c4289559e818d3ec77ce9c1b6a77d2ac764","2da44f8c7b703f87e9c07164c9cc1cdd31031783","ee102305fb35a23668136b102ed4d0dd5b3d9ce5","3ca0e1ff95c54577c65b5fbb734c267c23782974","f115a5f6c8c2a3cc6340408e6644236a88dcaad0","29ba9b3179d014cc87129af5c51b1263443f387b","c1ca18404fa63209e0a65abf443669155991b4df","5bb81469895d669ddcb4b49e83809a980d57d6b1","6feb7bda04b3130e81cf9606ddb7a156d4a63f7a","7c8550af53b4d428d8f3a7c19c0c4a8ebca8ff21","7766c1e07bd49fdc290f0557268950d35b867823","4903df2ed52a01f08626739ad35937752de82a09","58feafa848d9657dda34e5ccc3a196e359566bda","9e787db1b108941edab18209a7468e6c555002ce","e7953c3609b62a25b0bfedcd9d3885ca1b99d2fb","8c3b6b18689796bc9625258258e8664746b24e85","dd3cb8822352fd4acc0b8b426bd86e47e98f6853","cc524f1b729cb5d7592d0a0b07cb3ff1fe6eda98","c22ac4876f0a218584ae862900f3058470be38a3","c1fb904d1047359e8c4dadafaa0ab065efe9e03e","1f176f3c0dae283d66df5360de8a93ec14b4fbd0","50f0faa795dc62773857a0cc3cfb6d5681ba3562","3fbf1856025f54b6eab6e73b7ff8aa4d1020e1c1","f4a4391e4ef7e886e56816ae59cbe99d8cff91d9","2d9ef3af72e89ad9df164bd0f435371aa4fa0dea","187792e35bb47c89fdfe34409162c814627daacc","b322073f27b0e9e60b2ab07eff7f4e96a24cb3f9","f78bf211f023d28392c6aa0d1934bb1001b3a180","20af7e70e2511b4da0e035bf2fa2d6295f198970","f8eb40433c4a8617a20ad36119973af6f9dd2cd0","d7dea0e925315bab640115053204c16718839b1e","295c70865d10d7c57ba13cbef45c1d276ebfa83e","5a87153824b838be92503b57e76e96519b84b522","fec4c5ab0a75d7e6a46955bda0818bed7f8fecf3","6a76ecb1ce53d9e623826b238033b86f072395a9","2c037b7fd98e1c03e0c67ceccfd8e3300457e07e","4ce8d973204ebace2970c662f6f841ab11a3cc13","870119e763b5976d7331fbd8656ed65207ba95ad","58fc93160e03387a4f41dcf4aed2e376c4a92db4","a3b0209cc61301941810e54bc3678ccff9af71c1","ec005e73b9169d17651618b91836a5d86eb7b24c","2fac2dad91e390acb8937ede6154c265b7011cf9","0195469398f4fc1d42c0c20172b51e03ccf9ff1a","8d0b06257ba659ee91fa3862ed358cecbee37f73","6516e6ce8c7c71e44f95332ef740ea4082cfee39","55d61e22c5e0e4dc00c99847ba20a8ffa1e3a3d4","ca73d7aede7eaa05f4a0acb4bd5cb17a9408cd27","43fabe36d18fa36326d9e5efd2cca8b9376a7fdf","c06f92353f4f74cdb1c66ee0bbae1cdbb46934ce","d6fae7bb26807a386f5dd9a1ec2dc5ac51c24498","bde8bf2ebc5630399c7d0965f58b502100180400","444cc2989aca50986b45a56bfd8a32bd7ea23c1c","f5dfd9a702ad163be35023fe08c9573a614d6121","6c2f20eeeca488b98a613e013712d7c9a3d1e619","cc42996625afaf38d281f2457b08551a3df0d7bc","903680701ad5cf25484d0ac3e78152807dfa90b3","69228248334a576549a9af9df389b3cbfe0c211c","6460fd79667466d2d9ec03f77f319a241c58d40b","7d9244eab20fc96230636a066f88ad5165c34bc7","9387ebb6ba5fca526aedb54c7df684102639caa3","b21b19e0607582cceb8d715b85d27ec113a0b799","c4821b6f3e0a41af6bf3ed1cfa168c13381b9554","397b675315d00a34a09f058dd7e462af6f715da3","c504f85aabbff0d7380ca9da3f6051c56905c7c0","0f8f0601ae5668510ab7bde03041dafd39b18ec6","c3ab8d0cb4b439b7691edf7b63fcecd169834250","22df5551ed7367eb9cbb0cc22aea46351d2495ad","d284fdfaa36d37cbba5749562d6f9303ebab7d2f","a9a503082e492575be352c9c82040c1f4ed468d1","5fedffd8fd387b24b25186622c9566325ab3db1b","dc827aa0ee51829d292524fdf3a7a163feadabe2","f925aa3503eeba9d372c74d1fe2b17c8ecd97960","bc1d229dbe94a0100f4530b47e9c918f27b8cecd","71a57166c1209103dcd4355d21c161bd0f09e481","a9644c209f7764f9155db0c4aeb4f690c0cdb585","bcfdee970e8a32d04b472cd2c5712e10a5e425fe","3c474b9e2aad7c577faefca6c35a8512140c0c65","c34b3d5ce90a6b2828d5b97f553f4b49f64081af","286fffa4eeda7745f3b36dc938dae3e155d1b204","d1f0d5705debbe4d4b1aed7e087d5c49300eb271","08fdb50b03dc810ca8c4386f4f8271a8d51d4445","c44ab12c86689065978950d2ed92bb131b2a932c","5df859ad240af502aebef01ca28da3ef24951e05","ef4efd065cb6c136c7fcbdd65285cff549b745ac","2f1b2ce204490854938fab57142b557caa4ab66d","a36d471a0ef4e119ecfb41257aad246464024a40","83663f82e3d76f57ea57faf80b8fd7eb96933b9b","e8f5b543010eb0db146fd2593284ed19af93eccd","c8512754166539461fd860451ff1a0af7491c197","dc4c502efd85727abfed95af7789caa7f10d020d","4940cee052ece5a8b2ea477699e7bb232de1e1f8","025e6be6c5dc3d535286461088416afa74c42927","b4cda7a6cabf1966daf67f291c2c41ff9a1369f4","074441b495052c456f4b96524bd7a80d00db42e8","5847aacb32742fd734fa2c0584cae65636bba370","f9590b0927744d22ad0e1b737eecd07a48bb4c2f","e05f807a8936b4491632290f13958ca26d0aaace","fd0087d3acdc4c5865de1829d4accee5e3ebb658","38f729e577e07b2c3333ed4b04146e1d64f665a8","8a8eb57746e5372080a5f5e5b6fb9dce178c8220","afa8443118347a1f909941aec2732039d28a9034","d6eb76f8a2184688489fc3a611d80de36ef50877","0f397d4e145fb4053792d42b3424dd2143fb23ad","ba613c5a847ff30d312726eeff444714f8e31cde","445bebc1b16b1f2646a3cae841fe0e1266d79ada","e2ed997ae5b675fc8e78e7d0f9e6918c8b87503c","3b95acdfa1e54de15cae2fc3083147a185a31792","cacc15360ec04abb4c45f918e83bf33203946e32","09809b551ce9f05e96fc3055ae7a23329604415b","2a9511a0266afd48251609a03533094afe22fce2","b6cf7a6c8520fd21e75f8b3becec6dc355d844b0","fc3981ea5c10fb21cae6d6a8e78755be5b169999","dc34fe188385f42198997f6aedc170487c57c7eb","e9f8f8528abef64b8e1b8bc046a008b009ab2417","fe9f7668957641a404b0d2c8850f104df591e7f2","8da9c6878fa29f33dcfd74b1146d457a576d738a","4622c8ac9541790365eda22b6ce65d038f4026fe","3977c892e78d91a0c6d2a34fd2512a6c53c8d924","1bd146ed82f771395f991851f7d896d9ae778f3c","77085907a44039fe1cf9fe24d9c7675aa53d2f9b","107bad0ee5141bb847257a6f57dff2469dd584da","2da159823d0a54756308e73dc0e58a420daffad4","94fb37f5573e1484ba686b195079684cace18eb0","5c6332687d5d7c902cdd954e4e6a107ed6c60848","8b77eba9a6b506c71d1542d2fab1495249a7f7b6","da32455210de558c829f089e8c3a3d1ed8c34a5b","e1c14b3ca245fd06ef538005cd3a250904be5b4c","f0d1a8fc27830b899c5789ba2f80dfa9458792a4","846e522ffc157c12ba244c2c8a2c6adb1ed789f7","2a452c17aa2417cd89b5e25e8549f9e09c94a0dc","3cd416efe1e5b7d1679a20a91a73d757d481633b","e0de51f53c6b2711f39f4f29eb58b63a9ebf2c5c","f7837f4f717a9f09cf34fc325061ee8e38d1100a","13a5703d853fbd311e1fcfc5c95d459021781951","2aebf7d849e47ca927de332b82983ba8fe03d062","56bc1485df0ac0c2fe8ae5e0499e50a0580f2522","8d0f911e1d9265a8f362a7a16b893f7c40aee434","dc82e30089dbba31a1d0cf459321486a9b546fa0","4d863b7bd0d7da6ca1108031fd7d7997bf504496","73ba097bf596249068513559225d6e18c1767b47","da109f3af037352af24f935b1ea57ba8a7f26cad","3c52181f613353cc3b8aefbbf637c15a11cb8242","c96cde4e5db0da7e798e2712c2312f2468720a98","52a8c004ca94cf98f6866536de828c71eb42d1ec","b89112c542edcc9cf5af75694c16af28a3e4f12b","c099a20eb8bd084c17d9348bd0f6bef066ea514f","8067e34ec01588d2952d57e21c8c637fd3d3d114","9d4f6b3d3d4feba35ea13097be415bf099b670ce","334b1963711b743bf014502c5513a82a23eb65cc","190e50b08dbd72fd1d9f21f20581fa27a498481c","4c43b0f49880840966cb5df13abeeb19aa8e16d7","9946e299af9e911a54c83626f245dff20127e442","9825a26db570697e058a4580ec3b71ab3d82fc24","f8daab8a96fe2c73974073696d00deb4ffb40d47","88989e66d3a1ab960deb37f3dd7f824d85e1b9bc","c5eef904604b7e22083927bb99ea0c196d4cb8b9","4661c239dc6394aba960ba73144f2a7e3859537f","9303a8f15f6e55931a08542636922c1bf041ad52","9d91f080ced0bbfcbd3c003e2a20c9cdc81bc4ff","99233fde8c4f58853a474a5831ef0bcf6bf866c5","14a7d2f468404e25577dced6982248e80ddce79a","b6a1b889852cd6b365833ce2b04a0c1092867f75","5d6c507d7cfeff97172deedf3db13b5295bcacef","b89cd0cf5cf5deec2ed6fdc0d8ed4e4f3167aeb4","be02944484da197166020d6b3f08a19d7d7d244c","c37b9125ecaad0c100b6851baacf97adfa2339d6","045e9ae4a0fa8bff397b3c4f2614a3e609e6dd66","9744d72c740dd8cdfbb8cb4c58fb235355e0a0b4","74005ed4e0cdbc87ce40c6b79edfd599ba2355e9","1d7207079fc6ab5b2cbfedda3fc8993bc4441b02","8961fd20e6e213bf967db90166e24d38da065807","dd5576b2b3f5667811f882d1f64a11e13164791a","8600e6f3158bafe927706f0613c1520971d16c32","e9c1b0144ae784df9d26f59bfadd8cb2fc3a1d69","6423c8d2613e5130e9c37620773d2173c76f0acd","b48acf4613cc5347ca10b6d6edd6e1b94a5378c4","6c285c1d4964662ac64f0b98620d154caf423d79","312f997de638b8c18f92a59596a984bdb1a06a4e","11d14f2621370a527d2401c8bba10d2408819131","a6044b701c166fe538fc760f9e2dcea3d737cd2a","91a3f162afc90339b1d8f8d2f22d9c4271eddb84","54301f55934f42598b8f7c88effc4bd588e5f3e7","29f5cb6b391eea625c512df1f2ae7d9efccfbae9","087caf69e8cabd8f1f66f6239079b60172c9fb78","21ed4766b1523373b0463af497ef1c6b3b98c2ca","30b33064169e09e1c5daacb38ed461ed5820d0d2","a8a798a7c9b1da5beea8acfec16409d015ad85a7","a4f2e1e1878c1ce541aec24e6e2a690855cc8003","d06a2dab9f185c8cd2c21c0c97342cbdb7b9f38b","12a63757dbde3b0be25b49bc9e7625059088d319","35ae1c48710ff5a4db20645bc98c719cfb695b9a","85cd86999f70339509692b92cf182ec36697edcf","10d49f830b52ed05d9b41e18c8e1ff4a44a85fb3","3f35b26b8b2dcd856b12b985f9091260d5c5bd71","1a37242fa2af5db30ea72b95f948285efcd63d52","b49bd705dcddd496aedb6e797ce8691d276236af","eb2ae34c80f6b8ffb1bdfc55287d967c6e18cd81","39fbf0a90423a1e6e31c6c042acd9aea00793a18","d658fb8a2566cab11600af4db164c5f1f8656116","f4cf808a3d184c556a51cd53d98a2f4ea05acee4","bdff595cad6a42ba9675f99505bebecdb28209f0","9377591781a5346ed84517688787c305ed6554c4","19099e065da7c810f93e83d68c0776c2336e5e03","a1ac9b101571477a81e1cb3c6999f818bbbf0738","54968f68bc2ba50f59a66fba9f6823215a0bc4f6","9455a8ce3aaccceb4c282ef6c84d7edb36dd0d4c","21c344a479a8fd359a9c875f3056a7e72fe4d5fb","00abcf89d9ad026ddce4af0038db7953b01d8b8b","1a246dd54326124df57cb0e8e051f57abb549c9f","07db66a6ef857edee2c731d1b66f42a4f32d9622","d4867a6583c17001a60590684d91237a580e786a","46573774a27c7a4d20d508f1f07ba72d34616bc3","9184d9473d7b5ecb0dddca4052171534523602be","f6593810da73cf8e1cc982d9020850260fc1ff52","a9442e6660e71fd2058310e6155de3ef5e4f5fdf","cee97cb0ccad90c369b10d6a9512d678a0535cac","aaca2848a1e1eefa71ce2987b19abae2d34cf3aa","3125b53b1aef485ed2239d514b131ef80ad577c1","2990f254f030e62ab15b9399e26368aa3e291d15","b19b8a9677ae9e657e0195ac85a4849a67729cf6","e3b14402ebded2a7ec8f38809bf907ac72692ede","37d229d0262b6fa7dfb96184eff3f7882ddd487e","8002fd226367c0882973c69673bf8379df2fc198","a1c3e0db94579f59cc821132f958187339e68d88","4fdec5a8e10f95a5dbfd84cf382f2755f0342fda","ef73d7e235c4d4ab41402835193ac9ba0c4cc485","ad3d14f1da33d00ee3506f12922fb3faf87b65d7","a1d509759b9195a1c022f2eb9585b74d07a0f084","b7e54b0b41757cd36dd03fb29367b385c5fa3be0","d909440c48b7b64b016478de1e6ee78e2faa9e13","2ca9dc306e8c667eb9f00376898be52d8b980c88","031524c73df6fd40b13e89c44e86d4a62d77075b","6fae0d4fa68a85a1d552c5ae3140dd39f7a05c88","fb27b4238cd6c33bd899e240ead4b5fb8a2a24b1","0890cc54a92627c03119654c94c584a2e3c744ca","339edce03ed7fe59ec4a778abff243fa4cabaa23","2329014b6dbc473326291fa6e101e6d63c4dbd25","872663148e00c4d272fc67e8d369a5012ccbac5a","0e3b1262a168d51512014c4f7df6c37edce0f05d","606d9064b0a6abd82da3731fda9f1558ec1f153c","4bd39999a06fa1f710daae54c6cc8ca7d5784f58","562cd20d05e0427e6b18daa279a3a5f3b08c889d","4bbd44784c7c4eede8e53011a2c4981c16598d1f","dc4bd4cece9a6de7926e85a09f152fe4697a8bc5","770e2583907fa38e2b78601a90799b6ae7ab15eb","f34b3b765fb964dee979ac7646b6d609adbeb2ba","aa10040b570386c1ae311c6245b9e21295b2b83a","fff015f4094ab80ff2eb4978f8cdb3711187c50a","5b2be7d9d8444e0a5b706944c878cd0048ef026a","2cd0ee8cf21eecaa9d39d699692284be44cf6ca2","451043367be65468dd96bbf5868af666b25f1663","4fc29224cf362988a741dc07804225f730a326ec","dd6bc28afb3bafdde93ad7ed9f58b3a0aec2be99","1597c68f7b941fd97881155d7f077852e2914e7b","e59984353acde7207aa1115e261847bf4ddd9a8f","ee1000e153e1b7c8f223bb573bb8169d2033f4af","1d3b2589d734dc94a1719a3af40b87ed8319f329"]},"severity":"critical","title":"Symlink Attack","type":"vuln","upgradePath":[],"url":"https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMDOCKERLIBCONTAINER-50012","version":"v1.4.0"}]},"licensesPolicy":null,"ok":false,"org":{"id":"689ce7f9-7943-4a71-b704-2ba575f01089","name":"atokeneduser"},"packageManager":"govendor"}}}}},"description":"OK","headers":{}}},"summary":"Test vendor.json File","tags":["Test"]}},"/test/gradle":{"post":{"description":"You can test your Gradle packages for issues according to their manifest file using this action. It takes a JSON object containing the \"target\" `build.gradle`.","operationId":"Test gradle file","requestBody":{"content":{"application/json":{"schema":{"example":{"encoding":"base64","files":{"target":{"contents":"dependencies { compile 'axis:axis:1.4' }"}}},"properties":{"encoding":{"default":"base64","description":"the encoding for the manifest files sent.","enum":["plain","base64"],"type":"string"},"files":{"description":"The manifest files:","properties":{"target":{"description":"the manifest file, encoded according the the \"encoding\" field.","properties":{"contents":{"description":"The contents of the file, encoded according to the `encoding` field.","type":"string"}},"required":["contents"],"type":"object"}},"required":["target"],"type":"object"}},"required":["files"],"type":"object"}}}},"responses":{"200":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":{"dependencyCount":6,"issues":{"licenses":[],"vulnerabilities":[{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","credit":["David Jorm","Arun Neelicattu"],"cvssScore":5.4,"description":"## Overview\n\n[axis:axis](https://search.maven.org/search?q=g:axis) is an implementation of the SOAP (\"Simple Object Access Protocol\") submission to W3C.\n\n\nAffected versions of this package are vulnerable to Man-in-the-Middle (MitM).\nIt does not verify the requesting server's hostname against existing domain names in the SSL Certificate. \r\n\r\n## Details\r\nThe `getCN` function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's `Common Name (CN)` or `subjectAltName` field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. \r\n\r\n**NOTE:** this issue exists because of an incomplete fix for [CVE-2012-5784](https://snyk.io/vuln/SNYK-JAVA-AXIS-30189).\n\n## Remediation\n\nThere is no fixed version for `axis:axis`.\n\n\n## References\n\n- [Axis Issue](https://issues.apache.org/jira/browse/AXIS-2905)\n\n- [NVD](https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3596)\n\n- [Redhat Bugzilla](https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3596)\n","disclosureTime":"2025-08-15T13:51:54.398Z","exploitMaturity":"no-known-exploit","from":["axis:axis@1.4"],"functions":[],"id":"SNYK-JAVA-AXIS-30071","identifiers":{"CVE":["CVE-2014-3596"],"CWE":["CWE-297"]},"isPatchable":false,"isPinnable":false,"isUpgradable":false,"language":"java","package":"axis:axis","packageManager":"maven","patches":[],"publicationTime":"2025-08-15T13:51:54.398Z","semver":{"vulnerable":["[0,]"]},"severity":"medium","title":"Man-in-the-Middle (MitM)","type":"vuln","upgradePath":[],"url":"https://snyk.io/vuln/SNYK-JAVA-AXIS-30071","version":"1.4"},{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","credit":["Alberto Fernández"],"cvssScore":5.4,"description":"## Overview\n\n[axis:axis](https://search.maven.org/search?q=g:axis) is an implementation of the SOAP (\"Simple Object Access Protocol\") submission to W3C.\n\n\nAffected versions of this package are vulnerable to Man-in-the-Middle (MitM).\nIt does not verify the requesting server's hostname against existing domain names in the SSL Certificate.\r\n\r\n## Details\r\nApache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's `Common Name (CN)` or `subjectAltName` field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.\n\n## Remediation\n\nThere is no fixed version for `axis:axis`.\n\n\n## References\n\n- [Jira Issue](https://issues.apache.org/jira/browse/AXIS-2883)\n\n- [NVD](https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5784)\n\n- [Texas University](http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf)\n","disclosureTime":"2025-08-15T13:51:54.398Z","exploitMaturity":"no-known-exploit","from":["axis:axis@1.4"],"functions":[],"id":"SNYK-JAVA-AXIS-30189","identifiers":{"CVE":["CVE-2012-5784"],"CWE":["CWE-20"]},"isPatchable":false,"isPinnable":false,"isUpgradable":false,"language":"java","package":"axis:axis","packageManager":"maven","patches":[],"publicationTime":"2025-08-15T13:51:54.398Z","semver":{"vulnerable":["[0,]"]},"severity":"medium","title":"Man-in-the-Middle (MitM)","type":"vuln","upgradePath":[],"url":"https://snyk.io/vuln/SNYK-JAVA-AXIS-30189","version":"1.4"}]},"licensesPolicy":null,"ok":false,"org":{"id":"4a18d42f-0706-4ad0-b127-24078731fbed","name":"atokeneduser"},"packageManager":"gradle"}}}}},"description":"OK","headers":{}}},"summary":"Test gradle file","tags":["Test"]}},"/test/gradle/{group}/{name}/{version}":{"get":{"description":"You can test `gradle` packages for issues according to their group, name and version. This is done via the maven endpoint (for Java), since the packages are hosted on maven central or a compatible repository. See \"Maven\" above for details.","operationId":"Test for issues in a public package by group, name and version","parameters":[{"description":"The package's group ID.","example":"org.apache.flex.blazeds","in":"path","name":"group","required":true,"schema":{"type":"string"}},{"description":"The package's artifact ID.","example":"blazeds","in":"path","name":"name","required":true,"schema":{"type":"string"}},{"description":"The package version to test.","example":"4.7.2","in":"path","name":"version","required":true,"schema":{"type":"string"}},{"description":"The organization to test the package with. See \"The Snyk organization for a request\" above.","example":"9695cbb1-3a87-4d6f-8ae1-61a1c37ee9f7","in":"query","name":"org","required":false,"schema":{"type":"string"}},{"description":"The repository hosting this package. The default value is Maven Central. More than one value is supported, in order.","example":"https://repo1.maven.org/maven2","in":"query","name":"repository","required":false,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":{"dependencyCount":1,"issues":{"licenses":[],"vulnerabilities":[{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","credit":["Markus Wulftange"],"cvssScore":9.8,"description":"## Overview\n\n[org.apache.flex.blazeds:blazeds](https://github.com/apache/flex-blazeds) is an application development framework for easily building Flash-based applications for mobile devices, web browsers, and desktops.\n\n\nAffected versions of this package are vulnerable to Arbitrary Code Execution.\nThe AMF deserialization implementation of Flex BlazeDS is vulnerable to Deserialization of Untrusted Data. By sending a specially crafted AMF message, it is possible to make the server establish a connection to an endpoint specified in the message and request an RMI remote object from that endpoint. This can result in the execution of arbitrary code on the server via Java deserialization.\r\n\r\nStarting with BlazeDS version `4.7.3`, Deserialization of XML is disabled completely per default, while the `ClassDeserializationValidator` allows deserialization of whitelisted classes only. BlazeDS internally comes with the following whitelist:\r\n```\r\nflex.messaging.io.amf.ASObject\r\nflex.messaging.io.amf.SerializedObject\r\nflex.messaging.io.ArrayCollection\r\nflex.messaging.io.ArrayList\r\nflex.messaging.messages.AcknowledgeMessage\r\nflex.messaging.messages.AcknowledgeMessageExt\r\nflex.messaging.messages.AsyncMessage\r\nflex.messaging.messages.AsyncMessageExt\r\nflex.messaging.messages.CommandMessage\r\nflex.messaging.messages.CommandMessageExt\r\nflex.messaging.messages.ErrorMessage\r\nflex.messaging.messages.HTTPMessage\r\nflex.messaging.messages.RemotingMessage\r\nflex.messaging.messages.SOAPMessage\r\njava.lang.Boolean\r\njava.lang.Byte\r\njava.lang.Character\r\njava.lang.Double\r\njava.lang.Float\r\njava.lang.Integer\r\njava.lang.Long\r\njava.lang.Object\r\njava.lang.Short\r\njava.lang.String\r\njava.util.ArrayList\r\njava.util.Date\r\njava.util.HashMap\r\norg.w3c.dom.Document\r\n```\n\n## Remediation\n\nUpgrade `org.apache.flex.blazeds:blazeds` to version 4.7.3 or higher.\n\n\n## References\n\n- [CVE-2017-3066](https://nvd.nist.gov/vuln/detail/CVE-2017-5641)\n\n- [Github Commit](https://github.com/apache/flex-blazeds/commit/f861f0993c35e664906609cad275e45a71e2aaf1)\n\n- [Github Release Notes](https://github.com/apache/flex-blazeds/blob/master/RELEASE_NOTES)\n\n- [Securitytracker Issue](http://www.securitytracker.com/id/1038364)\n","disclosureTime":"2025-08-15T13:51:54.399Z","exploitMaturity":"no-known-exploit","from":["org.apache.flex.blazeds:blazeds@4.7.2"],"functions":[],"id":"SNYK-JAVA-ORGAPACHEFLEXBLAZEDS-31455","identifiers":{"CVE":["CVE-2017-5641"],"CWE":["CWE-502"]},"isPatchable":false,"isPinnable":false,"isUpgradable":true,"language":"java","package":"org.apache.flex.blazeds:blazeds","packageManager":"maven","patches":[],"publicationTime":"2025-08-15T13:51:54.399Z","semver":{"vulnerable":["[,4.7.3)"]},"severity":"critical","title":"Arbitrary Code Execution","type":"vuln","upgradePath":["org.apache.flex.blazeds:blazeds@4.7.3"],"url":"https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEFLEXBLAZEDS-31455","version":"4.7.2"}]},"licensesPolicy":null,"ok":false,"org":{"id":"689ce7f9-7943-4a71-b704-2ba575f01089","name":"atokeneduser"},"packageManager":"maven"}}}}},"description":"OK","headers":{}}},"summary":"Test for issues in a public package by group, name and version","tags":["Test"]}},"/test/maven":{"post":{"description":"You can test your Maven packages for issues according to their manifest file using this action. It takes a JSON object containing a the \"target\" `pom.xml`.\n\nAdditional manifest files, if they are needed, like parent `pom.xml` files, child poms, etc., according the the definitions in the target `pom.xml` file, should be supplied in the `additional` body parameter.","operationId":"Test maven file","parameters":[{"description":"The organization to test the package with. See \"The Snyk organization for a request\" above.","example":"9695cbb1-3a87-4d6f-8ae1-61a1c37ee9f7","in":"query","name":"org","required":false,"schema":{"type":"string"}},{"description":"The Maven repository hosting this package. The default value is Maven Central. More than one value is supported, in order.","example":"https://repo1.maven.org/maven2","in":"query","name":"repository","required":false,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"example":{"encoding":"base64","files":{"additional":[{"contents":" 4.0.0 io.snyk.example parent 1.0-SNAPSHOT org.apache.zookeeper zookeeper 3.5 org.aspectj aspectjweaver 1.8.2 \\n"}],"target":{"contents":" 4.0.0 io.snyk.example parent 1.0-SNAPSHOT my-project axis axis 1.4 \\n"}}},"properties":{"encoding":{"default":"base64","description":"the encoding for the manifest files sent.","enum":["plain","base64"],"type":"string"},"files":{"description":"The manifest files:","properties":{"additional":{"description":"additional manifest files (if needed), encoded according the the \"encoding\" field.","items":{},"type":"array"},"target":{"description":"the main/root manifest file, encoded according the the \"encoding\" field.","properties":{"contents":{"description":"The contents of the file, encoded according to the `encoding` field.","type":"string"}},"required":["contents"],"type":"object"}},"required":["target"],"type":"object"}},"required":["files"],"type":"object"}}}},"responses":{"200":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":{"dependencyCount":8,"issues":{"licenses":[],"vulnerabilities":[{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","credit":["David Jorm","Arun Neelicattu"],"cvssScore":5.4,"description":"## Overview\n\n[axis:axis](https://search.maven.org/search?q=g:axis) is an implementation of the SOAP (\"Simple Object Access Protocol\") submission to W3C.\n\n\nAffected versions of this package are vulnerable to Man-in-the-Middle (MitM).\nIt does not verify the requesting server's hostname against existing domain names in the SSL Certificate. \r\n\r\n## Details\r\nThe `getCN` function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's `Common Name (CN)` or `subjectAltName` field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. \r\n\r\n**NOTE:** this issue exists because of an incomplete fix for [CVE-2012-5784](https://snyk.io/vuln/SNYK-JAVA-AXIS-30189).\n\n## Remediation\n\nThere is no fixed version for `axis:axis`.\n\n\n## References\n\n- [Axis Issue](https://issues.apache.org/jira/browse/AXIS-2905)\n\n- [NVD](https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3596)\n\n- [Redhat Bugzilla](https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3596)\n","disclosureTime":"2025-08-15T13:51:54.399Z","exploitMaturity":"no-known-exploit","from":["axis:axis@1.4"],"functions":[],"id":"SNYK-JAVA-AXIS-30071","identifiers":{"CVE":["CVE-2014-3596"],"CWE":["CWE-297"]},"isPatchable":false,"isPinnable":false,"isUpgradable":false,"language":"java","package":"axis:axis","packageManager":"maven","patches":[],"publicationTime":"2025-08-15T13:51:54.399Z","semver":{"vulnerable":["[0,]"]},"severity":"medium","title":"Man-in-the-Middle (MitM)","type":"vuln","upgradePath":[],"url":"https://snyk.io/vuln/SNYK-JAVA-AXIS-30071","version":"1.4"},{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","credit":["Alberto Fernández"],"cvssScore":5.4,"description":"## Overview\n\n[axis:axis](https://search.maven.org/search?q=g:axis) is an implementation of the SOAP (\"Simple Object Access Protocol\") submission to W3C.\n\n\nAffected versions of this package are vulnerable to Man-in-the-Middle (MitM).\nIt does not verify the requesting server's hostname against existing domain names in the SSL Certificate.\r\n\r\n## Details\r\nApache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's `Common Name (CN)` or `subjectAltName` field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.\n\n## Remediation\n\nThere is no fixed version for `axis:axis`.\n\n\n## References\n\n- [Jira Issue](https://issues.apache.org/jira/browse/AXIS-2883)\n\n- [NVD](https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5784)\n\n- [Texas University](http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf)\n","disclosureTime":"2025-08-15T13:51:54.399Z","exploitMaturity":"no-known-exploit","from":["axis:axis@1.4"],"functions":[],"id":"SNYK-JAVA-AXIS-30189","identifiers":{"CVE":["CVE-2012-5784"],"CWE":["CWE-20"]},"isPatchable":false,"isPinnable":false,"isUpgradable":false,"language":"java","package":"axis:axis","packageManager":"maven","patches":[],"publicationTime":"2025-08-15T13:51:54.399Z","semver":{"vulnerable":["[0,]"]},"severity":"medium","title":"Man-in-the-Middle (MitM)","type":"vuln","upgradePath":[],"url":"https://snyk.io/vuln/SNYK-JAVA-AXIS-30189","version":"1.4"},{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O","credit":["Harrison Neal"],"cvssScore":4.3,"description":"## Overview\n\n[org.apache.zookeeper:zookeeper](http://zookeeper.apache.org/) is a centralized service for maintaining configuration information, naming, providing distributed synchronization, and providing group services.\n\n\nAffected versions of this package are vulnerable to Access Control Bypass.\nZooKeeper’s `getACL()` method doesn’t check any permission when retrieving the ACLs of the requested node and returns all information contained in the ACL `Id` field as plain text string. \r\nIf Digest Authentication is in use, the unsalted hash value will be disclosed by the `getACL()` method for unauthenticated or unprivileged users.\n\n## Remediation\n\nUpgrade `org.apache.zookeeper:zookeeper` to version 3.4.14, 3.5.5 or higher.\n\n\n## References\n\n- [GitHub Commit](https://github.com/apache/zookeeper/commit/af741cb319d4760cfab1cd3b560635adacd8deca)\n\n- [Jira Issue](https://issues.apache.org/jira/browse/ZOOKEEPER-1392)\n\n- [ZooKeeper Security](https://zookeeper.apache.org/security.html#CVE-2019-0201)\n","disclosureTime":"2025-08-15T13:51:54.399Z","exploitMaturity":"proof-of-concept","from":["org.apache.zookeeper:zookeeper@3.5"],"functions":[],"id":"SNYK-JAVA-ORGAPACHEZOOKEEPER-174781","identifiers":{"CVE":["CVE-2019-0201"],"CWE":["CWE-288"]},"isPatchable":false,"isPinnable":false,"isUpgradable":true,"language":"java","package":"org.apache.zookeeper:zookeeper","packageManager":"maven","patches":[],"publicationTime":"2025-08-15T13:51:54.399Z","semver":{"vulnerable":["[,3.4.14)","[3.5.0-alpha, 3.5.5)"]},"severity":"medium","title":"Access Control Bypass","type":"vuln","upgradePath":["org.apache.zookeeper:zookeeper@3.5.5"],"url":"https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEZOOKEEPER-174781","version":"3.5"},{"CVSSv3":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","credit":["Unknown"],"cvssScore":4,"description":"## Overview\n\n[org.apache.zookeeper:zookeeper](http://zookeeper.apache.org/) is a centralized service for maintaining configuration information, naming, providing distributed synchronization, and providing group services.\n\n\nAffected versions of this package are vulnerable to Insufficiently Protected Credentials.\nThe logs cleartext admin passwords, which allows local users to obtain sensitive information by reading the log.\n\n## Remediation\n\nUpgrade `org.apache.zookeeper:zookeeper` to version 3.4.7, 3.5.1-alpha or higher.\n\n\n## References\n\n- [Jira Issue](https://issues.apache.org/jira/browse/ZOOKEEPER-1917)\n\n- [Redhat Bugzilla](https://bugzilla.redhat.com/show_bug.cgi?id=1067265)\n","disclosureTime":"2025-08-15T13:51:54.399Z","exploitMaturity":"no-known-exploit","from":["org.apache.zookeeper:zookeeper@3.5"],"functions":[],"id":"SNYK-JAVA-ORGAPACHEZOOKEEPER-31035","identifiers":{"CVE":["CVE-2014-0085"],"CWE":["CWE-522"]},"isPatchable":false,"isPinnable":false,"isUpgradable":true,"language":"java","package":"org.apache.zookeeper:zookeeper","packageManager":"maven","patches":[],"publicationTime":"2025-08-15T13:51:54.399Z","semver":{"vulnerable":["[3.3.0,3.4.7)","[3.5.0-alpha,3.5.1-alpha)"]},"severity":"medium","title":"Insufficiently Protected Credentials","type":"vuln","upgradePath":["org.apache.zookeeper:zookeeper@3.5.5"],"url":"https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEZOOKEEPER-31035","version":"3.5"},{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","credit":["Unknown"],"cvssScore":7.5,"description":"## Overview\n\n[org.apache.zookeeper:zookeeper](http://zookeeper.apache.org/) is a centralized service for maintaining configuration information, naming, providing distributed synchronization, and providing group services.\n\n\nAffected versions of this package are vulnerable to Denial of Service (DoS).\nFour letter zookeeper commands (such as `wchp`/`wchc` ) are not properly handled, which leads to the server unable to serve legitimate client requests.\n\n## Details\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.\r\n\r\nUnlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.\r\n\r\nOne popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.\r\n\r\nWhen it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.\r\n\r\nTwo common types of DoS vulnerabilities:\r\n\r\n* High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, [commons-fileupload:commons-fileupload](SNYK-JAVA-COMMONSFILEUPLOAD-30082).\r\n\r\n* Crash - An attacker sending crafted requests that could cause the system to crash. For Example, [npm `ws` package](npm:ws:20171108)\n\n## Remediation\n\nUpgrade `org.apache.zookeeper:zookeeper` to version 3.4.10, 3.5.3-beta or higher.\n\n\n## References\n\n- [GitHub Commit](https://github.com/apache/zookeeper/pull/179/commits/b4c421d5f42d8af376b1d422e73cc210133d367f)\n\n- [Jira Issue](https://issues.apache.org/jira/browse/ZOOKEEPER-2693)\n\n- [NVD](https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5637)\n","disclosureTime":"2025-08-15T13:51:54.399Z","exploitMaturity":"no-known-exploit","from":["org.apache.zookeeper:zookeeper@3.5"],"functions":[{"functionId":{"className":"org.apache.zookeeper.server.NIOServerCnxn","functionName":"checkFourLetterWord"},"version":["[,3.3.7)"]},{"functionId":{"className":"org.apache.zookeeper.server.NettyServerCnxn","functionName":"checkFourLetterWord"},"version":["[3.3.7, 3.4.10)","[3.5,3.5.3)"]}],"id":"SNYK-JAVA-ORGAPACHEZOOKEEPER-31428","identifiers":{"CVE":["CVE-2017-5637"],"CWE":["CWE-400"]},"isPatchable":false,"isPinnable":false,"isUpgradable":true,"language":"java","package":"org.apache.zookeeper:zookeeper","packageManager":"maven","patches":[],"publicationTime":"2025-08-15T13:51:54.399Z","semver":{"vulnerable":["[3.4.6, 3.4.10)","[3.5.0-alpha, 3.5.3-beta)"]},"severity":"high","title":"Denial of Service (DoS)","type":"vuln","upgradePath":["org.apache.zookeeper:zookeeper@3.5.5"],"url":"https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEZOOKEEPER-31428","version":"3.5"},{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","credit":["Foldi Tamas","Eugene Koontz"],"cvssScore":7.5,"description":"## Overview\n\n[org.apache.zookeeper:zookeeper](http://zookeeper.apache.org/) is a centralized service for maintaining configuration information, naming, providing distributed synchronization, and providing group services.\n\n\nAffected versions of this package are vulnerable to Authentication Bypass.\nNo authentication/authorization is enforced when a server attempts to join a quorum, as a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader.\n\n## Remediation\n\nUpgrade `org.apache.zookeeper:zookeeper` to version 3.4.10, 3.5.4-beta or higher.\n\n\n## References\n\n- [Apache Mail Archives](https://lists.apache.org/thread.html/c75147028c1c79bdebd4f8fa5db2b77da85de2b05ecc0d54d708b393@%3Cdev.zookeeper.apache.org%3E)\n","disclosureTime":"2025-08-15T13:51:54.399Z","exploitMaturity":"no-known-exploit","from":["org.apache.zookeeper:zookeeper@3.5"],"functions":[],"id":"SNYK-JAVA-ORGAPACHEZOOKEEPER-32301","identifiers":{"CVE":["CVE-2018-8012"],"CWE":["CWE-592"]},"isPatchable":false,"isPinnable":false,"isUpgradable":true,"language":"java","package":"org.apache.zookeeper:zookeeper","packageManager":"maven","patches":[],"publicationTime":"2025-08-15T13:51:54.399Z","semver":{"vulnerable":["[,3.4.10)","[3.5.0-alpha, 3.5.4-beta)"]},"severity":"high","title":"Authentication Bypass","type":"vuln","upgradePath":["org.apache.zookeeper:zookeeper@3.5.5"],"url":"https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEZOOKEEPER-32301","version":"3.5"}]},"licensesPolicy":null,"ok":false,"org":{"id":"b94596b8-9d3e-45ae-ac1d-2bf7fa83d848","name":"mySnykOrganization"},"packageManager":"maven"}}}}},"description":"OK","headers":{}}},"summary":"Test maven file","tags":["Test"]}},"/test/maven/{groupId}/{artifactId}/{version}":{"get":{"description":"You can test `maven` packages for issues according to their [coordinates](https://maven.apache.org/pom.html#Maven_Coordinates): group ID, artifact ID and version. The repository hosting the package may also be customized (see the `repository` query parameter).","operationId":"Test for issues in a public package by group id, artifact id and version","parameters":[{"description":"The package's group ID.","example":"org.apache.flex.blazeds","in":"path","name":"groupId","required":true,"schema":{"type":"string"}},{"description":"The package's artifact ID.","example":"blazeds","in":"path","name":"artifactId","required":true,"schema":{"type":"string"}},{"description":"The package version to test.","example":"4.7.2","in":"path","name":"version","required":true,"schema":{"type":"string"}},{"description":"The organization to test the package with. See \"The Snyk organization for a request\" above.","example":"9695cbb1-3a87-4d6f-8ae1-61a1c37ee9f7","in":"query","name":"org","required":false,"schema":{"type":"string"}},{"description":"The Maven repository hosting this package. The default value is Maven Central. More than one value is supported, in order.","example":"https://repo1.maven.org/maven2","in":"query","name":"repository","required":false,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":{"dependencyCount":1,"issues":{"licenses":[],"vulnerabilities":[{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","credit":["Markus Wulftange"],"cvssScore":9.8,"description":"## Overview\n\n[org.apache.flex.blazeds:blazeds](https://github.com/apache/flex-blazeds) is an application development framework for easily building Flash-based applications for mobile devices, web browsers, and desktops.\n\n\nAffected versions of this package are vulnerable to Arbitrary Code Execution.\nThe AMF deserialization implementation of Flex BlazeDS is vulnerable to Deserialization of Untrusted Data. By sending a specially crafted AMF message, it is possible to make the server establish a connection to an endpoint specified in the message and request an RMI remote object from that endpoint. This can result in the execution of arbitrary code on the server via Java deserialization.\r\n\r\nStarting with BlazeDS version `4.7.3`, Deserialization of XML is disabled completely per default, while the `ClassDeserializationValidator` allows deserialization of whitelisted classes only. BlazeDS internally comes with the following whitelist:\r\n```\r\nflex.messaging.io.amf.ASObject\r\nflex.messaging.io.amf.SerializedObject\r\nflex.messaging.io.ArrayCollection\r\nflex.messaging.io.ArrayList\r\nflex.messaging.messages.AcknowledgeMessage\r\nflex.messaging.messages.AcknowledgeMessageExt\r\nflex.messaging.messages.AsyncMessage\r\nflex.messaging.messages.AsyncMessageExt\r\nflex.messaging.messages.CommandMessage\r\nflex.messaging.messages.CommandMessageExt\r\nflex.messaging.messages.ErrorMessage\r\nflex.messaging.messages.HTTPMessage\r\nflex.messaging.messages.RemotingMessage\r\nflex.messaging.messages.SOAPMessage\r\njava.lang.Boolean\r\njava.lang.Byte\r\njava.lang.Character\r\njava.lang.Double\r\njava.lang.Float\r\njava.lang.Integer\r\njava.lang.Long\r\njava.lang.Object\r\njava.lang.Short\r\njava.lang.String\r\njava.util.ArrayList\r\njava.util.Date\r\njava.util.HashMap\r\norg.w3c.dom.Document\r\n```\n\n## Remediation\n\nUpgrade `org.apache.flex.blazeds:blazeds` to version 4.7.3 or higher.\n\n\n## References\n\n- [CVE-2017-3066](https://nvd.nist.gov/vuln/detail/CVE-2017-5641)\n\n- [Github Commit](https://github.com/apache/flex-blazeds/commit/f861f0993c35e664906609cad275e45a71e2aaf1)\n\n- [Github Release Notes](https://github.com/apache/flex-blazeds/blob/master/RELEASE_NOTES)\n\n- [Securitytracker Issue](http://www.securitytracker.com/id/1038364)\n","disclosureTime":"2025-08-15T13:51:54.399Z","exploitMaturity":"no-known-exploit","from":["org.apache.flex.blazeds:blazeds@4.7.2"],"functions":[],"id":"SNYK-JAVA-ORGAPACHEFLEXBLAZEDS-31455","identifiers":{"CVE":["CVE-2017-5641"],"CWE":["CWE-502"]},"isPatchable":false,"isPinnable":false,"isUpgradable":true,"language":"java","package":"org.apache.flex.blazeds:blazeds","packageManager":"maven","patches":[],"publicationTime":"2025-08-15T13:51:54.399Z","semver":{"vulnerable":["[,4.7.3)"]},"severity":"critical","title":"Arbitrary Code Execution","type":"vuln","upgradePath":["org.apache.flex.blazeds:blazeds@4.7.3"],"url":"https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEFLEXBLAZEDS-31455","version":"4.7.2"}]},"licensesPolicy":null,"ok":false,"org":{"id":"689ce7f9-7943-4a71-b704-2ba575f01089","name":"atokeneduser"},"packageManager":"maven"}}}}},"description":"OK","headers":{}}},"summary":"Test for issues in a public package by group id, artifact id and version","tags":["Test"]}},"/test/npm":{"post":{"description":"You can test your npm packages for issues according to their manifest file & optional lockfile using this action. It takes a JSON object containing a \"target\" `package.json` and optionally a `package-lock.json`.","operationId":"Test package.json & package-lock.json File","requestBody":{"content":{"application/json":{"schema":{"example":{"encoding":"base64","files":{"additional":[{"contents":"eyAibmFtZSI6ICJzaGFsbG93LWdvb2YiLCAidmVyc2lvbiI6ICIwLjAuMSIsICJsb2NrZmlsZVZlcnNpb24iOiAxLCAicmVxdWlyZXMiOiB0cnVlLCAiZGVwZW5kZW5jaWVzIjogeyAibm9kZS11dWlkIjogeyAidmVyc2lvbiI6ICIxLjQuMCIsICJyZXNvbHZlZCI6ICJodHRwczovL3JlZ2lzdHJ5Lm5wbWpzLm9yZy9ub2RlLXV1aWQvLS9ub2RlLXV1aWQtMS40LjAudGd6IiwgImludGVncml0eSI6ICJzaGExLUIvbXlNM1Z5LzJKMXgzWGgxSVVUODZSZGVtVT0iIH0sICJxcyI6IHsgInZlcnNpb24iOiAiMC4wLjYiLCAicmVzb2x2ZWQiOiAiaHR0cHM6Ly9yZWdpc3RyeS5ucG1qcy5vcmcvcXMvLS9xcy0wLjAuNi50Z3oiLCAiaW50ZWdyaXR5IjogInNoYTEtU0JaWnQrVy9hbDZvbUFFTjVhN1RYclJwNFNRPSIgfSB9IH0K"}],"target":{"contents":"eyAibmFtZSI6ICJzaGFsbG93LWdvb2YiLCAidmVyc2lvbiI6ICIwLjAuMSIsICJkZXNjcmlwdGlvbiI6ICJBIHZ1bG5lcmFibGUgZGVtbyBhcHBsaWNhdGlvbiIsICJob21lcGFnZSI6ICJodHRwczovL3NueWsuaW8vIiwgInJlcG9zaXRvcnkiOiB7ICJ0eXBlIjogImdpdCIsICJ1cmwiOiAiaHR0cHM6Ly9naXRodWIuY29tL1NueWsvc2hhbGxvdy1nb29mIiB9LCAiZGVwZW5kZW5jaWVzIjogeyAibm9kZS11dWlkIjogIjEuNC4wIiwgInFzIjogIjAuMC42IiB9IH0K"}}},"properties":{"encoding":{"default":"base64","description":"the encoding for the manifest files sent.","enum":["plain","base64"],"type":"string"},"files":{"description":"The manifest files:","properties":{"additional":{"description":"a lockfile can be sent (if needed), encoded according the the \"encoding\" field.","items":{},"type":"array"},"target":{"description":"the `package.json` file, encoded according the the \"encoding\" field.","properties":{"contents":{"description":"the contents of `package.json` as a string.","type":"string"}},"required":["contents"],"type":"object"}},"required":["target"],"type":"object"}},"required":["files"],"type":"object"}}}},"responses":{"200":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":{"dependencyCount":2,"issues":{"licenses":[],"vulnerabilities":[{"CVSSv3":"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","credit":["Fedot Praslov"],"cvssScore":4.2,"description":"## Overview\n[`node-uuid`](https://github.com/kelektiv/node-uuid) is a Simple, fast generation of RFC4122 UUIDS.\n\nAffected versions of this package are vulnerable to Insecure Randomness. It uses the cryptographically insecure `Math.random` which can produce predictable values and should not be used in security-sensitive context.\n\n## Remediation\nUpgrade `node-uuid` to version 1.4.4 or greater.\n\n## References\n- [GitHub Issue](https://github.com/broofa/node-uuid/issues/108)\n- [GitHub Issue 2](https://github.com/broofa/node-uuid/issues/122)\n","disclosureTime":"2025-08-15T13:51:54.399Z","exploitMaturity":"no-known-exploit","from":["node-uuid@1.4.0"],"functions":[],"id":"npm:node-uuid:20160328","identifiers":{"ALTERNATIVE":["SNYK-JS-NODEUUID-10089"],"CVE":[],"CWE":["CWE-330"],"NSP":[93]},"isPatchable":false,"isPinnable":false,"isUpgradable":true,"language":"js","package":"node-uuid","packageManager":"npm","patches":[{"comments":[],"id":"patch:npm:node-uuid:20160328:0","modificationTime":"2025-08-15T13:51:54.399Z","urls":["https://snyk-patches.s3.amazonaws.com/npm/node-uuid/20160328/node-uuid_20160328_0_0_616ad3800f35cf58089215f420db9654801a5a02.patch"],"version":"<=1.4.3 >=1.4.2"}],"publicationTime":"2025-08-15T13:51:54.399Z","semver":{"vulnerable":["<1.4.4"]},"severity":"medium","title":"Insecure Randomness","type":"vuln","upgradePath":["node-uuid@1.4.6"],"url":"https://snyk.io/vuln/npm:node-uuid:20160328","version":"1.4.0"},{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","credit":["Dustin Shiver"],"cvssScore":7.5,"description":"## Overview\n\n[qs](https://www.npmjs.com/package/qs) is a querystring parser that supports nesting and arrays, with a depth limit.\n\n\nAffected versions of this package are vulnerable to Denial of Service (Memory Exhaustion).\nDuring parsing, the `qs` module may create a sparse area (an array where no elements are filled), and grow that array to the necessary size based on the indices used on it. An attacker can specify a high index value in a query string, thus making the server allocate a respectively big array. Truly large values can cause the server to run out of memory and cause it to crash - thus enabling a Denial-of-Service attack.\n\n## Remediation\n\nUpgrade `qs` to version 1.0.0 or higher.\n\n\n## Details\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.\r\n\r\nUnlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.\r\n\r\nOne popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.\r\n\r\nWhen it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.\r\n\r\nTwo common types of DoS vulnerabilities:\r\n\r\n* High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, [commons-fileupload:commons-fileupload](SNYK-JAVA-COMMONSFILEUPLOAD-30082).\r\n\r\n* Crash - An attacker sending crafted requests that could cause the system to crash. For Example, [npm `ws` package](npm:ws:20171108)\n\n## References\n\n- [GitHub Commit](https://github.com/tj/node-querystring/pull/114/commits/43a604b7847e56bba49d0ce3e222fe89569354d8)\n\n- [GitHub Issue](https://github.com/visionmedia/node-querystring/issues/104)\n\n- [NVD](https://nvd.nist.gov/vuln/detail/CVE-2014-7191)\n","disclosureTime":"2025-08-15T13:51:54.399Z","exploitMaturity":"no-known-exploit","from":["qs@0.0.6"],"functions":[{"functionId":{"filePath":"index.js","functionName":"compact"},"version":["<1.0.0"]}],"id":"npm:qs:20140806","identifiers":{"ALTERNATIVE":["SNYK-JS-QS-10019"],"CVE":["CVE-2014-7191"],"CWE":["CWE-400"],"NSP":[29]},"isPatchable":false,"isPinnable":false,"isUpgradable":true,"language":"js","package":"qs","packageManager":"npm","patches":[{"comments":[],"id":"patch:npm:qs:20140806:0","modificationTime":"2025-08-15T13:51:54.399Z","urls":["https://snyk-patches.s3.amazonaws.com/npm/qs/20140806/qs_20140806_0_0_43a604b7847e56bba49d0ce3e222fe89569354d8_snyk.patch"],"version":"<1.0.0 >=0.6.5"},{"comments":[],"id":"patch:npm:qs:20140806:1","modificationTime":"2025-08-15T13:51:54.399Z","urls":["https://snyk-patches.s3.amazonaws.com/npm/qs/20140806/qs_20140806_0_1_snyk_npm.patch"],"version":"=0.5.6"}],"publicationTime":"2025-08-15T13:51:54.399Z","semver":{"vulnerable":["<1.0.0"]},"severity":"high","title":"Denial of Service (Memory Exhaustion)","type":"vuln","upgradePath":["qs@1.0.0"],"url":"https://snyk.io/vuln/npm:qs:20140806","version":"0.0.6"},{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","credit":["Tom Steele"],"cvssScore":6.5,"description":"## Overview\n\n[qs](https://www.npmjs.com/package/qs) is a querystring parser that supports nesting and arrays, with a depth limit.\n\n\nAffected versions of this package are vulnerable to Denial of Service (Event Loop Blocking).\nWhen parsing a string representing a deeply nested object, qs will block the event loop for long periods of time. Such a delay may hold up the server's resources, keeping it from processing other requests in the meantime, thus enabling a Denial-of-Service attack.\n\n## Details\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.\r\n\r\nUnlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.\r\n\r\nOne popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.\r\n\r\nWhen it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.\r\n\r\nTwo common types of DoS vulnerabilities:\r\n\r\n* High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, [commons-fileupload:commons-fileupload](SNYK-JAVA-COMMONSFILEUPLOAD-30082).\r\n\r\n* Crash - An attacker sending crafted requests that could cause the system to crash. For Example, [npm `ws` package](npm:ws:20171108)\n\n## Remediation\n\nUpgrade `qs` to version 1.0.0 or higher.\n\n\n## References\n\n- [Node Security Advisory](https://nodesecurity.io/advisories/28)\n","disclosureTime":"2025-08-15T13:51:54.399Z","exploitMaturity":"no-known-exploit","from":["qs@0.0.6"],"functions":[],"id":"npm:qs:20140806-1","identifiers":{"ALTERNATIVE":["SNYK-JS-QS-10020"],"CVE":["CVE-2014-10064"],"CWE":["CWE-400"],"NSP":[28]},"isPatchable":false,"isPinnable":false,"isUpgradable":true,"language":"js","package":"qs","packageManager":"npm","patches":[{"comments":[],"id":"patch:npm:qs:20140806-1:1","modificationTime":"2025-08-15T13:51:54.399Z","urls":["https://snyk-patches.s3.amazonaws.com/npm/qs/20140806-1/qs_20140806-1_0_1_snyk.patch"],"version":"=0.5.6"},{"comments":[],"id":"patch:npm:qs:20140806-1:0","modificationTime":"2025-08-15T13:51:54.399Z","urls":["https://snyk-patches.s3.amazonaws.com/npm/qs/20140806-1/qs_20140806-1_0_0_snyk.patch"],"version":"<1.0.0 >=0.6.5"}],"publicationTime":"2025-08-15T13:51:54.399Z","semver":{"vulnerable":["<1.0.0"]},"severity":"medium","title":"Denial of Service (Event Loop Blocking)","type":"vuln","upgradePath":["qs@1.0.0"],"url":"https://snyk.io/vuln/npm:qs:20140806-1","version":"0.0.6"},{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","credit":["Snyk Security Research Team"],"cvssScore":7.5,"description":"## Overview\n\n[qs](https://www.npmjs.com/package/qs) is a querystring parser that supports nesting and arrays, with a depth limit.\n\n\nAffected versions of this package are vulnerable to Prototype Override Protection Bypass.\nBy default `qs` protects against attacks that attempt to overwrite an object's existing prototype properties, such as `toString()`, `hasOwnProperty()`,etc.\r\n\r\nFrom [`qs` documentation](https://github.com/ljharb/qs):\r\n> By default parameters that would overwrite properties on the object prototype are ignored, if you wish to keep the data from those fields either use plainObjects as mentioned above, or set allowPrototypes to true which will allow user input to overwrite those properties. WARNING It is generally a bad idea to enable this option as it can cause problems when attempting to use the properties that have been overwritten. Always be careful with this option.\r\n\r\nOverwriting these properties can impact application logic, potentially allowing attackers to work around security controls, modify data, make the application unstable and more.\r\n\r\nIn versions of the package affected by this vulnerability, it is possible to circumvent this protection and overwrite prototype properties and functions by prefixing the name of the parameter with `[` or `]`. e.g. `qs.parse(\"]=toString\")` will return `{toString = true}`, as a result, calling `toString()` on the object will throw an exception.\r\n\r\n**Example:**\r\n```js\r\nqs.parse('toString=foo', { allowPrototypes: false })\r\n// {}\r\n\r\nqs.parse(\"]=toString\", { allowPrototypes: false })\r\n// {toString = true} <== prototype overwritten\r\n```\r\n\r\nFor more information, you can check out our [blog](https://snyk.io/blog/high-severity-vulnerability-qs/).\r\n\r\n## Disclosure Timeline\r\n- February 13th, 2017 - Reported the issue to package owner.\r\n- February 13th, 2017 - Issue acknowledged by package owner.\r\n- February 16th, 2017 - Partial fix released in versions `6.0.3`, `6.1.1`, `6.2.2`, `6.3.1`.\r\n- March 6th, 2017 - Final fix released in versions `6.4.0`,`6.3.2`, `6.2.3`, `6.1.2` and `6.0.4`\n\n## Remediation\n\nUpgrade `qs` to version 6.0.4, 6.1.2, 6.2.3, 6.3.2 or higher.\n\n\n## References\n\n- [GitHub Commit](https://github.com/ljharb/qs/commit/beade029171b8cef9cee0d03ebe577e2dd84976d)\n\n- [Report of an insufficient fix](https://github.com/ljharb/qs/issues/200)\n","disclosureTime":"2025-08-15T13:51:54.399Z","exploitMaturity":"no-known-exploit","from":["qs@0.0.6"],"functions":[{"functionId":{"filePath":"lib/parse.js","functionName":"internals.parseObject"},"version":["<6.0.4"]},{"functionId":{"filePath":"lib/parse.js","functionName":"parseObject"},"version":[">=6.2.0 <6.2.3","6.3.0"]},{"functionId":{"filePath":"lib/parse.js","functionName":"parseObjectRecursive"},"version":[">=6.3.1 <6.3.2"]}],"id":"npm:qs:20170213","identifiers":{"ALTERNATIVE":["SNYK-JS-QS-10407"],"CVE":["CVE-2017-1000048"],"CWE":["CWE-20"]},"isPatchable":false,"isPinnable":false,"isUpgradable":true,"language":"js","package":"qs","packageManager":"npm","patches":[{"comments":[],"id":"patch:npm:qs:20170213:7","modificationTime":"2025-08-15T13:51:54.399Z","urls":["https://snyk-patches.s3.amazonaws.com/npm/qs/20170213/603_604.patch"],"version":"=6.0.3"},{"comments":[],"id":"patch:npm:qs:20170213:6","modificationTime":"2025-08-15T13:51:54.399Z","urls":["https://snyk-patches.s3.amazonaws.com/npm/qs/20170213/602_604.patch"],"version":"=6.0.2"},{"comments":[],"id":"patch:npm:qs:20170213:5","modificationTime":"2025-08-15T13:51:54.399Z","urls":["https://snyk-patches.s3.amazonaws.com/npm/qs/20170213/611_612.patch"],"version":"=6.1.1"},{"comments":[],"id":"patch:npm:qs:20170213:4","modificationTime":"2025-08-15T13:51:54.399Z","urls":["https://snyk-patches.s3.amazonaws.com/npm/qs/20170213/610_612.patch"],"version":"=6.1.0"},{"comments":[],"id":"patch:npm:qs:20170213:3","modificationTime":"2025-08-15T13:51:54.399Z","urls":["https://snyk-patches.s3.amazonaws.com/npm/qs/20170213/622_623.patch"],"version":"=6.2.2"},{"comments":[],"id":"patch:npm:qs:20170213:2","modificationTime":"2025-08-15T13:51:54.399Z","urls":["https://snyk-patches.s3.amazonaws.com/npm/qs/20170213/621_623.patch"],"version":"=6.2.1"},{"comments":[],"id":"patch:npm:qs:20170213:1","modificationTime":"2025-08-15T13:51:54.399Z","urls":["https://snyk-patches.s3.amazonaws.com/npm/qs/20170213/631_632.patch"],"version":"=6.3.1"},{"comments":[],"id":"patch:npm:qs:20170213:0","modificationTime":"2025-08-15T13:51:54.399Z","urls":["https://snyk-patches.s3.amazonaws.com/npm/qs/20170213/630_632.patch"],"version":"=6.3.0"}],"publicationTime":"2025-08-15T13:51:54.399Z","semver":{"vulnerable":["<6.0.4",">=6.1.0 <6.1.2",">=6.2.0 <6.2.3",">=6.3.0 <6.3.2"]},"severity":"high","title":"Prototype Override Protection Bypass","type":"vuln","upgradePath":["qs@6.0.4"],"url":"https://snyk.io/vuln/npm:qs:20170213","version":"0.0.6"}]},"licensesPolicy":null,"ok":false,"org":{"id":"4a18d42f-0706-4ad0-b127-24078731fbed","name":"atokeneduser"},"packageManager":"npm"}}}}},"description":"OK","headers":{}}},"summary":"Test package.json & package-lock.json File","tags":["Test"]}},"/test/npm/{packageName}/{version}":{"get":{"description":"You can test `npm` packages for issues according to their name and version.","operationId":"Test for issues in a public package by name and version","parameters":[{"description":"The package name. For scoped packages, **must** be url-encoded, so to test \"@angular/core\" version 4.3.2, one should `GET /test/npm/%40angular%2Fcore/4.3.2`.","example":"ms","in":"path","name":"packageName","required":true,"schema":{"type":"string"}},{"description":"The Package version to test.","example":"0.7.0","in":"path","name":"version","required":true,"schema":{"type":"string"}},{"description":"The organization to test the package with. See \"The Snyk organization for a request\" above.","example":"9695cbb1-3a87-4d6f-8ae1-61a1c37ee9f7","in":"query","name":"org","required":false,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":{"dependencyCount":1,"issues":{"licenses":[],"vulnerabilities":[{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","credit":["Adam Baldwin"],"cvssScore":5.3,"description":"## Overview\n\n[ms](https://www.npmjs.com/package/ms) is a tiny millisecond conversion utility.\n\n\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS)\nattack when converting a time period string (i.e. `\"2 days\"`, `\"1h\"`) into a milliseconds integer. A malicious user could pass extremely long strings to `ms()`, causing the server to take a long time to process, subsequently blocking the event loop for that extended period.\n\n## Details\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.\r\n\r\nThe Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.\r\n\r\nLet’s take the following regular expression as an example:\r\n```js\r\nregex = /A(B|C+)+D/\r\n```\r\n\r\nThis regular expression accomplishes the following:\r\n- `A` The string must start with the letter 'A'\r\n- `(B|C+)+` The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the `+` matches one or more times). The `+` at the end of this section states that we can look for one or more matches of this section.\r\n- `D` Finally, we ensure this section of the string ends with a 'D'\r\n\r\nThe expression would match inputs such as `ABBD`, `ABCCCCD`, `ABCBCCCD` and `ACCCCCD`\r\n\r\nIt most cases, it doesn't take very long for a regex engine to find a match:\r\n\r\n```bash\r\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD\")'\r\n0.04s user 0.01s system 95% cpu 0.052 total\r\n\r\n$ time node -e '/A(B|C+)+D/.test(\"ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX\")'\r\n1.79s user 0.02s system 99% cpu 1.812 total\r\n```\r\n\r\nThe entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.\r\n\r\nMost Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as _catastrophic backtracking_.\r\n\r\nLet's look at how our expression runs into this problem, using a shorter string: \"ACCCX\". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:\r\n1. CCC\r\n2. CC+C\r\n3. C+CC\r\n4. C+C+C.\r\n\r\nThe engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use [RegEx 101 debugger](https://regex101.com/debugger) to see the engine has to take a total of 38 steps before it can determine the string doesn't match.\r\n\r\nFrom there, the number of steps the engine must use to validate a string just continues to grow.\r\n\r\n| String | Number of C's | Number of steps |\r\n| -------|-------------:| -----:|\r\n| ACCCX | 3 | 38\r\n| ACCCCX | 4 | 71\r\n| ACCCCCX | 5 | 136\r\n| ACCCCCCCCCCCCCCX | 14 | 65,553\r\n\r\n\r\nBy the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.\n\n## Remediation\n\nUpgrade `ms` to version 0.7.1 or higher.\n\n\n## References\n\n- [OSS Security advisory](https://www.openwall.com/lists/oss-security/2016/04/20/11)\n\n- [OWASP - ReDoS](https://www.owasp.org/index.php/Regular_expression_Denial_of_Service_-_ReDoS)\n\n- [Security Focus](https://www.securityfocus.com/bid/96389)\n","disclosureTime":"2025-08-15T13:51:54.399Z","exploitMaturity":"no-known-exploit","from":["ms@0.7.0"],"functions":[{"functionId":{"filePath":"ms.js","functionName":"parse"},"version":[">0.1.0 <=0.3.0"]},{"functionId":{"filePath":"index.js","functionName":"parse"},"version":[">0.3.0 <0.7.1"]}],"id":"npm:ms:20151024","identifiers":{"ALTERNATIVE":["SNYK-JS-MS-10064"],"CVE":["CVE-2015-8315"],"CWE":["CWE-400"],"NSP":[46]},"isPatchable":true,"isPinnable":false,"isUpgradable":true,"language":"js","package":"ms","packageManager":"npm","patches":[{"comments":[],"id":"patch:npm:ms:20151024:5","modificationTime":"2025-08-15T13:51:54.399Z","urls":["https://snyk-patches.s3.amazonaws.com/npm/ms/20151024/ms_20151024_5_0_48701f029417faf65e6f5e0b61a3cebe5436b07b_snyk5.patch"],"version":"=0.1.0"},{"comments":[],"id":"patch:npm:ms:20151024:4","modificationTime":"2025-08-15T13:51:54.399Z","urls":["https://snyk-patches.s3.amazonaws.com/npm/ms/20151024/ms_20151024_4_0_48701f029417faf65e6f5e0b61a3cebe5436b07b_snyk4.patch"],"version":"=0.2.0"},{"comments":[],"id":"patch:npm:ms:20151024:3","modificationTime":"2025-08-15T13:51:54.399Z","urls":["https://snyk-patches.s3.amazonaws.com/npm/ms/20151024/ms_20151024_3_0_48701f029417faf65e6f5e0b61a3cebe5436b07b_snyk3.patch"],"version":"=0.3.0"},{"comments":[],"id":"patch:npm:ms:20151024:2","modificationTime":"2025-08-15T13:51:54.399Z","urls":["https://snyk-patches.s3.amazonaws.com/npm/ms/20151024/ms_20151024_2_0_48701f029417faf65e6f5e0b61a3cebe5436b07b_snyk2.patch"],"version":"<0.6.0 >0.3.0"},{"comments":[],"id":"patch:npm:ms:20151024:1","modificationTime":"2025-08-15T13:51:54.399Z","urls":["https://snyk-patches.s3.amazonaws.com/npm/ms/20151024/ms_20151024_1_0_48701f029417faf65e6f5e0b61a3cebe5436b07b_snyk.patch"],"version":"<0.7.0 >=0.6.0"},{"comments":[],"id":"patch:npm:ms:20151024:0","modificationTime":"2025-08-15T13:51:54.399Z","urls":["https://snyk-patches.s3.amazonaws.com/npm/ms/20151024/ms_20151024_0_0_48701f029417faf65e6f5e0b61a3cebe5436b07b.patch"],"version":"=0.7.0"}],"publicationTime":"2025-08-15T13:51:54.399Z","semver":{"vulnerable":["<0.7.1"]},"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)","type":"vuln","upgradePath":["ms@0.7.1"],"url":"https://snyk.io/vuln/npm:ms:20151024","version":"0.7.0"}]},"licensesPolicy":null,"ok":false,"org":{"id":"4a18d42f-0706-4ad0-b127-24078731fbed","name":"atokeneduser"},"packageManager":"npm"}}}}},"description":"OK","headers":{}}},"summary":"Test for issues in a public package by name and version","tags":["Test"]}},"/test/pip":{"post":{"description":"You can test your pip packages for issues according to their manifest file using this action. It takes a JSON object containing a the \"target\" `requirements.txt`.","operationId":"Test requirements.txt file","requestBody":{"content":{"application/json":{"schema":{"example":{"encoding":"base64","files":{"target":{"contents":"supervisor==3.1\\noauth2==1.5.211"}}},"properties":{"encoding":{"default":"base64","description":"the encoding for the manifest files sent.","enum":["plain","base64"],"type":"string"},"files":{"description":"The manifest files:","properties":{"target":{"description":"the `requirements.txt` file, encoded according the the \"encoding\" field.","properties":{"contents":{"description":"the contents of `requirements.txt` as a string, encoded according to `encoding` above.","type":"string"}},"required":["contents"],"type":"object"}},"required":["target"],"type":"object"}},"required":["files"],"type":"object"}}}},"responses":{"200":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":{"dependencyCount":4,"issues":{"licenses":[],"vulnerabilities":[{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","credit":["André Cruz"],"cvssScore":4.3,"description":"## Overview\r\n[`oauth2`](https://pypi.python.org/pypi/oauth2) is a library for OAuth version 1.9\r\nThe Server.verify_request function in SimpleGeo python-oauth2 does not check the nonce, which allows remote attackers to perform replay attacks via a signed URL.\r\n\r\n## Remediation\r\nUpgrade to version `1.9rc1` or greater.\r\n\r\n## References\r\n- [NVD](https://nvd.nist.gov/vuln/detail/CVE-2013-4346)\r\n- [Bugzilla redhat](https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4346)\r\n- [GitHub Issue](https://github.com/simplegeo/python-oauth2/issues/129)\r\n","disclosureTime":"2025-08-15T13:51:54.399Z","exploitMaturity":"no-known-exploit","from":["oauth2@1.5.211"],"functions":[],"id":"SNYK-PYTHON-OAUTH2-40013","identifiers":{"CVE":["CVE-2013-4346"],"CWE":["CWE-310"]},"isPatchable":false,"isPinnable":true,"isUpgradable":false,"language":"python","package":"oauth2","packageManager":"pip","patches":[],"publicationTime":"2025-08-15T13:51:54.399Z","semver":{"vulnerable":["[,1.9rc1)"]},"severity":"medium","title":"Replay Attack","type":"vuln","upgradePath":[],"url":"https://snyk.io/vuln/SNYK-PYTHON-OAUTH2-40013","version":"1.5.211"},{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","credit":["Unknown"],"cvssScore":5.4,"description":"## Overview\r\n[`oauth2`](https://pypi.python.org/pypi/oauth2) is a library for OAuth version 1.9\r\n\r\nAffected versions of this package are vulnerable to Insecure Randomness.\r\nThe (1) make_nonce, (2) generate_nonce, and (3) generate_verifier functions in SimpleGeo python-oauth2 uses weak random numbers to generate nonces, which makes it easier for remote attackers to guess the nonce via a brute force attack.\r\n\r\n## Remediation\r\nUpgrade to version `1.9rc1` or greater.\r\n\r\n## References\r\n- [Redhat Bugzilla](https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4347)\r\n- [GitHub Issue](https://github.com/simplegeo/python-oauth2/issues/9)\r\n- [Openwall](http://www.openwall.com/lists/oss-security/2013/09/12/7)\r\n- [GitHub PR](https://github.com/simplegeo/python-oauth2/pull/146)\r\n","disclosureTime":"2025-08-15T13:51:54.399Z","exploitMaturity":"no-known-exploit","from":["oauth2@1.5.211"],"functions":[],"id":"SNYK-PYTHON-OAUTH2-40014","identifiers":{"CVE":["CVE-2013-4347"],"CWE":["CWE-310"]},"isPatchable":false,"isPinnable":true,"isUpgradable":false,"language":"python","package":"oauth2","packageManager":"pip","patches":[],"publicationTime":"2025-08-15T13:51:54.400Z","semver":{"vulnerable":["[,1.9rc1)"]},"severity":"medium","title":"Insecure Randomness","type":"vuln","upgradePath":[],"url":"https://snyk.io/vuln/SNYK-PYTHON-OAUTH2-40014","version":"1.5.211"},{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C","credit":["Maor Shwartz"],"cvssScore":8.8,"description":"## Overview\r\n[`supervisor`](https://pypi.python.org/pypi/supervisor/) is a client/server system that allows its users to monitor and control a number of processes on UNIX-like operating systems.\r\n\r\nAffected versions of the package are vulnerable to Arbitrary Command Execution. A vulnerability has been found where an authenticated client can send a malicious XML-RPC request to `supervisord` that will run arbitrary shell commands on the server. The commands will be run as the same user as `supervisord`. Depending on how `supervisord` has been configured, this may be root.\r\n\r\n## Details\r\n* `supervisord` is the server component and is responsible for starting child processes, responding to commands from clients, and other commands.\r\n* `supervisorctl` is the command line component, providing a shell-like interface to the features provided by `supervisord`.\r\n\r\n`supervisord` can be configured to run an HTTP server on a TCP socket and/or a Unix domain socket. This HTTP server is how `supervisorctl` communicates with `supervisord`. If an HTTP server has been enabled, it will always serve both HTML pages and an XML-RPC interface. A vulnerability has been found where an authenticated client can send a malicious XML-RPC request to `supervisord` that will run arbitrary shell commands on the server. The commands will be run as the same user as `supervisord`. Depending on how `supervisord` has been configured, this may be root.\r\nThis vulnerability can only be exploited by an authenticated client or if `supervisord` has been configured to run an HTTP server without authentication. If authentication has not been enabled, `supervisord` will log a message at the critical level every time it starts.\r\n\r\n## PoC by Maor Shwartz\r\n\r\nCreate a config file `supervisord.conf`:\r\n\r\n```conf\r\n[supervisord]\r\nloglevel = trace\r\n\r\n[inet_http_server]\r\nport = 127.0.0.1:9001\r\n\r\n[rpcinterface:supervisor]\r\nsupervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface\r\n```\r\n\r\nStart supervisord in the foreground with that config file:\r\n\r\n```\r\n$ supervisord -n -c supervisord.conf\r\n```\r\n\r\nIn a new terminal:\r\n\r\n```py\r\n$ python2\r\n>>> from xmlrpclib import ServerProxy\r\n>>> server = ServerProxy('http://127.0.0.1:9001/RPC2')\r\n>>> server.supervisor.supervisord.options.execve('/bin/sh', [], {})\r\n ```\r\n\r\nIf the `supervisord` version is vulnerable, the `execve` will be executed and the `supervisord` process will be replaced with /bin/sh (or any other command given). If the `supervisord` version is not vulnerable, it will return an `UNKNOWN_METHOD` fault.\r\n\r\n\r\n## Remediation\r\nUpgrade `supervisor` to version 3.3.3 or higher.\r\n\r\n## References\r\n- [Github Issue](https://github.com/Supervisor/supervisor/issues/964)\r\n- [Github Commit 3.0.1](https://github.com/Supervisor/supervisor/commit/83060f3383ebd26add094398174f1de34cf7b7f0)\r\n- [Github Commit 3.1.4](https://github.com/Supervisor/supervisor/commit/dbe0f55871a122eac75760aef511efc3a8830b88)\r\n- [Github Commit 3.2.4](https://github.com/Supervisor/supervisor/commit/aac3c21893cab7361f5c35c8e20341b298f6462e)\r\n- [Github Commit 3.3.3](https://github.com/Supervisor/supervisor/commit/058f46141e346b18dee0497ba11203cb81ecb19e)","disclosureTime":"2025-08-15T13:51:54.400Z","exploitMaturity":"mature","from":["supervisor@3.1.0"],"functions":[],"id":"SNYK-PYTHON-SUPERVISOR-40610","identifiers":{"CVE":["CVE-2017-11610"],"CWE":["CWE-94"]},"isPatchable":false,"isPinnable":true,"isUpgradable":false,"language":"python","package":"supervisor","packageManager":"pip","patches":[],"publicationTime":"2025-08-15T13:51:54.400Z","semver":{"vulnerable":["[3.0a1,3.0.1)","[3.1.0,3.1.4)","[3.2.0,3.2.4)","[3.3.0,3.3.3)"]},"severity":"high","title":"Arbitrary Command Execution","type":"vuln","upgradePath":[],"url":"https://snyk.io/vuln/SNYK-PYTHON-SUPERVISOR-40610","version":"3.1.0"}]},"licensesPolicy":null,"ok":false,"org":{"id":"4a18d42f-0706-4ad0-b127-24078731fbed","name":"atokeneduser"},"packageManager":"pip"}}}}},"description":"OK","headers":{}}},"summary":"Test requirements.txt file","tags":["Test"]}},"/test/pip/{packageName}/{version}":{"get":{"description":"You can test `pip` packages for issues according to their name and version.","parameters":[{"description":"The package name.","example":"rsa","in":"path","name":"packageName","required":true,"schema":{"type":"string"}},{"description":"The Package version to test.","example":"3.3","in":"path","name":"version","required":true,"schema":{"type":"string"}},{"description":"The organization to test the package with. See \"The Snyk organization for a request\" above.","example":"9695cbb1-3a87-4d6f-8ae1-61a1c37ee9f7","in":"query","name":"org","required":false,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":{"dependencyCount":2,"issues":{"licenses":[],"vulnerabilities":[{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","credit":["Manuel Aude Morales"],"cvssScore":5.3,"description":"## Overview\n[`rsa`](https://pypi.python.org/pypi/rsa) is a Pure-Python RSA implementation.\n\nAffected versions of this package are vulnerable to Timing attacks.\n\n## References\n- [GitHub Issue](https://github.com/sybrenstuvel/python-rsa/issues/19)\n- [GitHub Commit](https://github.com/sybrenstuvel/python-rsa/commit/2310b34bdb530e0bad793d42f589c9f848ff181b)\n","disclosureTime":"2025-08-15T13:51:54.400Z","exploitMaturity":"no-known-exploit","from":["rsa@3.3"],"functions":[],"id":"SNYK-PYTHON-RSA-40541","identifiers":{"CVE":[],"CWE":["CWE-208"]},"isPatchable":false,"isPinnable":true,"isUpgradable":false,"language":"python","package":"rsa","packageManager":"pip","patches":[],"publicationTime":"2025-08-15T13:51:54.400Z","semver":{"vulnerable":["[3.0,3.4.0)"]},"severity":"medium","title":"Timing Attack","type":"vuln","upgradePath":[],"url":"https://snyk.io/vuln/SNYK-PYTHON-RSA-40541","version":"3.3"},{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","credit":["Sergio Lerner"],"cvssScore":7.5,"description":"## Overview\n[`rsa`](https://pypi.python.org/pypi/rsa) is a Pure-Python RSA implementation.\n\nAffected versions of this package are vulnerable to Authentication Bypass due to not implementing authentication encryption or use MACs to validate messages before decrypting public key encrypted messages.\n\n## References\n- [GitHub Issue](https://github.com/sybrenstuvel/python-rsa/issues/13)\n- [GitHub Commit](https://github.com/sybrenstuvel/python-rsa/commit/1681a0b2f84a4a252c71b87de870a2816de06fdf)\n","disclosureTime":"2025-08-15T13:51:54.400Z","exploitMaturity":"no-known-exploit","from":["rsa@3.3"],"functions":[],"id":"SNYK-PYTHON-RSA-40542","identifiers":{"CVE":[],"CWE":["CWE-287"]},"isPatchable":false,"isPinnable":true,"isUpgradable":false,"language":"python","package":"rsa","packageManager":"pip","patches":[],"publicationTime":"2025-08-15T13:51:54.400Z","semver":{"vulnerable":["[3.0,3.4)"]},"severity":"high","title":"Authentication Bypass","type":"vuln","upgradePath":[],"url":"https://snyk.io/vuln/SNYK-PYTHON-RSA-40542","version":"3.3"}]},"licensesPolicy":null,"ok":false,"org":{"id":"229b76f3-802c-4553-aa1d-01d4d86f7f61","name":"gitphill"},"packageManager":"pip"}}}}},"description":"OK","headers":{}}},"summary":"Test for issues in a public package by name and version","tags":["Test"]}},"/test/rubygems":{"post":{"description":"You can test your rubygems applications for issues according to their lockfile using this action. It takes a JSON object containing a the \"target\" `Gemfile.lock`.","operationId":"Test gemfile.lock file","requestBody":{"content":{"application/json":{"schema":{"example":{"encoding":"base64","files":{"target":{"contents":"GEM\\n remote: http://rubygems.org/\\n specs:\\n actionpack (4.2.5)\\n actionview (= 4.2.5)\\n activesupport (= 4.2.5)\\n rack (~> 1.6)\\n rack-test (~> 0.6.2)\\n rails-dom-testing (~> 1.0, >= 1.0.5)\\n rails-html-sanitizer (~> 1.0, >= 1.0.2)\\n actionview (4.2.5)\\n activesupport (= 4.2.5)\\n builder (~> 3.1)\\n erubis (~> 2.7.0)\\n rails-dom-testing (~> 1.0, >= 1.0.5)\\n rails-html-sanitizer (~> 1.0, >= 1.0.2)\\n activesupport (4.2.5)\\n i18n (~> 0.7)\\n json (~> 1.7, >= 1.7.7)\\n minitest (~> 5.1)\\n thread_safe (~> 0.3, >= 0.3.4)\\n tzinfo (~> 1.1)\\n builder (3.2.2)\\n erubis (2.7.0)\\n haml (3.1.4)\\n httparty (0.8.1)\\n multi_json\\n multi_xml\\n i18n (0.7.0)\\n json (1.8.3)\\n loofah (2.0.3)\\n nokogiri (>= 1.5.9)\\n mini_portile2 (2.1.0)\\n minitest (5.9.1)\\n multi_json (1.12.1)\\n multi_xml (0.5.5)\\n nokogiri (1.6.8.1)\\n mini_portile2 (~> 2.1.0)\\n rack (1.6.4)\\n rack-protection (1.5.3)\\n rack\\n rack-test (0.6.3)\\n rack (>= 1.0)\\n rails-deprecated_sanitizer (1.0.3)\\n activesupport (>= 4.2.0.alpha)\\n rails-dom-testing (1.0.7)\\n activesupport (>= 4.2.0.beta, < 5.0)\\n nokogiri (~> 1.6.0)\\n rails-deprecated_sanitizer (>= 1.0.1)\\n rails-html-sanitizer (1.0.3)\\n loofah (~> 2.0)\\n sinatra (1.3.2)\\n rack (~> 1.3, >= 1.3.6)\\n rack-protection (~> 1.2)\\n tilt (~> 1.3, >= 1.3.3)\\n thread_safe (0.3.5)\\n tilt (1.4.1)\\n tzinfo (1.2.2)\\n thread_safe (~> 0.1)\\n \\n PLATFORMS\\n ruby\\n \\n DEPENDENCIES\\n actionpack\\n haml\\n httparty\\n sinatra\\n \\n BUNDLED WITH\\n 1.13.2"}}},"properties":{"encoding":{"default":"base64","description":"the encoding for the manifest files sent.","enum":["plain","base64"],"type":"string"},"files":{"description":"The manifest files:","properties":{"target":{"description":"the `Gemfile.lock` file, encoded according the the \"encoding\" field.","properties":{"contents":{"description":"the contents of `Gemfile.lock` as a string.","type":"string"}},"required":["contents"],"type":"object"}},"required":["target"],"type":"object"}},"required":["files"],"type":"object"}}}},"responses":{"200":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":{"dependencyCount":6,"issues":{"licenses":[],"vulnerabilities":[{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","credit":["Unknown"],"cvssScore":7.5,"description":"## Overview\n\nThe [`json`](https://rubygems.org/gems/json) gem is a JSON implementation as a Ruby extension in C.\nAffected versions of this Gem contain an overflow condition. This is triggered when user-supplied input is not properly validated while handling specially crafted data. This can allow a remote attacker to cause a stack-based buffer overflow, resulting in a denial of service, or potentially allowing the [execution of arbitrary code](https://snyk.io/vuln/SNYK-RUBY-JSON-20209).\n\n## Details\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.\r\n\r\nUnlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.\r\n\r\nOne popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.\r\n\r\nWhen it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.\r\n\r\nTwo common types of DoS vulnerabilities:\r\n\r\n* High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, [commons-fileupload:commons-fileupload](SNYK-JAVA-COMMONSFILEUPLOAD-30082).\r\n\r\n* Crash - An attacker sending crafted requests that could cause the system to crash. For Example, [npm `ws` package](npm:ws:20171108)\n\n## References\n- http://rubysec.com/advisories/OSVDB-101157\n","disclosureTime":"2025-08-15T13:51:54.400Z","exploitMaturity":"no-known-exploit","from":["json@1.0.0"],"functions":[],"id":"SNYK-RUBY-JSON-20000","identifiers":{"CVE":[],"CWE":["CWE-400"],"OSVDB":["OSVDB-101157"]},"isPatchable":false,"isPinnable":false,"isUpgradable":true,"language":"ruby","package":"json","packageManager":"rubygems","patches":[],"publicationTime":"2025-08-15T13:51:54.400Z","semver":{"vulnerable":["< 1.1.0"]},"severity":"high","title":"Denial of Service (DoS)","type":"vuln","upgradePath":["json@1.1.0"],"url":"https://snyk.io/vuln/SNYK-RUBY-JSON-20000","version":"1.0.0"},{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","credit":["Thomas Hollstegge","Ben Murphy"],"cvssScore":7.3,"description":"## Overview\nThe [`json`](https://rubygems.org/gems/json) gem is a JSON implementation as a Ruby extension in C.\nAffected versions of this Gem are vulnerable to Denial of Service (DoS) attacks and unsafe object creation vulnerabilities. When parsing certain JSON documents, the JSON gem tricked into creating Ruby symbols in a target system.\n\n## Details\n\nWhen parsing certain JSON documents, the JSON gem can be coerced in to creating Ruby symbols in a target system. Since Ruby symbols are not garbage collected, this can result in a denial of service attack.\n\nThe same technique can be used to create objects in a target system that act like internal objects. These \"act alike\" objects can be used to bypass certain security mechanisms and can be used as a spring board for SQL injection attacks in Ruby on Rails.\n\nImpacted code looks like this:\n```js\nJSON.parse(user_input)\n```\nWhere the `user_input` variable will have a JSON document like this:\n```json\n{\"json_class\":\"foo\"}\n```\nThe JSON gem will attempt to look up the constant \"foo\". Looking up this constant will create a symbol.\n\nIn JSON version 1.7.x, objects with arbitrary attributes can be created using JSON documents like this:\n```json\n{\"json_class\":\"JSON::GenericObject\",\"foo\":\"bar\"}\n```\nThis document will result in an instance of `JSON::GenericObject`, with the attribute \"foo\" that has the value \"bar\". Instantiating these objects will result in arbitrary symbol creation and in some cases can be used to bypass security measures.\n\nPLEASE NOTE: this behavior *does not change* when using `JSON.load`. `JSON.load` should *never* be given input from unknown sources. If you are processing JSON from an unknown source, *always* use `JSON.parse`.\n\n## References\n- https://www.ruby-lang.org/en/news/2013/02/22/json-dos-cve-2013-0269/\n- https://gist.github.com/rsierra/4943505\n","disclosureTime":"2025-08-15T13:51:54.400Z","exploitMaturity":"no-known-exploit","from":["json@1.0.0"],"functions":[],"id":"SNYK-RUBY-JSON-20060","identifiers":{"CVE":["CVE-2013-0269"],"CWE":["CWE-400"],"OSVDB":["OSVDB-90074"]},"isPatchable":false,"isPinnable":false,"isUpgradable":true,"language":"ruby","package":"json","packageManager":"rubygems","patches":[],"publicationTime":"2025-08-15T13:51:54.400Z","semver":{"vulnerable":["< 1.7.7, >= 1.7","< 1.6.8, >= 1.6","< 1.5.5"]},"severity":"high","title":"Denial of Service (DoS)","type":"vuln","upgradePath":["json@1.5.5"],"url":"https://snyk.io/vuln/SNYK-RUBY-JSON-20060","version":"1.0.0"},{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","credit":["Unknown"],"cvssScore":7.5,"description":"## Overview\n\nThe [`json`](https://rubygems.org/gems/json) gem is a JSON implementation as a Ruby extension in C.\n\nAffected versions of this Gem contain an overflow condition. This is triggered when user-supplied input is not properly validated while handling specially crafted data. This can allow a remote attacker to cause a stack-based buffer overflow, resulting in a [denial of service](https://snyk.io/vuln/SNYK-RUBY-JSON-20000), or potentially allowing the execution of arbitrary code.\n\n## References\n\n- http://rubysec.com/advisories/OSVDB-101157\n","disclosureTime":"2025-08-15T13:51:54.400Z","exploitMaturity":"no-known-exploit","from":["json@1.0.0"],"functions":[],"id":"SNYK-RUBY-JSON-20209","identifiers":{"CVE":[],"CWE":["CWE-94"],"OSVDB":["OSVDB-101157-1"]},"isPatchable":false,"isPinnable":false,"isUpgradable":true,"language":"ruby","package":"json","packageManager":"rubygems","patches":[],"publicationTime":"2025-08-15T13:51:54.400Z","semver":{"vulnerable":["< 1.1.0"]},"severity":"high","title":"Arbitrary Code Execution","type":"vuln","upgradePath":["json@1.1.0"],"url":"https://snyk.io/vuln/SNYK-RUBY-JSON-20209","version":"1.0.0"},{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","credit":["Will Leinweber"],"cvssScore":5.3,"description":"## Overview\n\n[rack](https://rack.github.io/) is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between (the so-called middleware) into a single method call.\n\n\nAffected versions of this package are vulnerable to Information Exposure.\nAttackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a database that uses some kind of scheme for speeding up lookups of that session id. By carefully measuring the amount of time it takes to look up a session, an attacker may be able to find a valid session id and hijack the session.\n\n## Remediation\n\nUpgrade `rack` to version 1.6.12, 2.0.8 or higher.\n\n\n## References\n\n- [GitHub Fix Commit](https://github.com/rack/rack/commit/7fecaee81f59926b6e1913511c90650e76673b38)\n\n- [GitHub Security Advisory](https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3)\n","disclosureTime":"2025-08-15T13:51:54.400Z","exploitMaturity":"no-known-exploit","from":["redis-rack-cache@1.1","rack-cache@1.1","rack@2.0.1"],"functions":[],"id":"SNYK-RUBY-RACK-538324","identifiers":{"CVE":["CVE-2019-16782"],"CWE":["CWE-200"]},"isPatchable":false,"isPinnable":false,"isUpgradable":true,"language":"ruby","package":"rack","packageManager":"rubygems","patches":[],"publicationTime":"2025-08-15T13:51:54.400Z","semver":{"vulnerable":["<1.6.12",">=2.0.0.alpha, <2.0.8"]},"severity":"medium","title":"Information Exposure","type":"vuln","upgradePath":["redis-rack-cache@1.1","rack-cache@1.1","rack@2.0.8"],"url":"https://snyk.io/vuln/SNYK-RUBY-RACK-538324","version":"2.0.1"},{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","credit":["Aaron Patterson"],"cvssScore":6.1,"description":"## Overview\n\n[rack](https://rack.github.io/) is a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills the API for web servers, web frameworks, and software in between (the so-called middleware) into a single method call.\n\n\nAffected versions of this package are vulnerable to Cross-site Scripting (XSS)\nvia the `scheme` method on `Rack::Request`.\n\n## Remediation\n\nUpgrade `rack` to version 1.6.11, 2.0.6 or higher.\n\n\n## References\n\n- [GitHub Commit](https://github.com/rack/rack/commit/313dd6a05a5924ed6c82072299c53fed09e39ae7)\n\n- [Google Security Forum](https://groups.google.com/forum/#!msg/rubyonrails-security/GKsAFT924Ag/DYtk-Xl6AAAJ)\n\n- [RedHat Bugzilla Bug](https://bugzilla.redhat.com/show_bug.cgi?id=1646818)\n","disclosureTime":"2025-08-15T13:51:54.400Z","exploitMaturity":"no-known-exploit","from":["redis-rack-cache@1.1","rack-cache@1.1","rack@2.0.1"],"functions":[],"id":"SNYK-RUBY-RACK-72567","identifiers":{"CVE":["CVE-2018-16470"],"CWE":["CWE-79"]},"isPatchable":false,"isPinnable":false,"isUpgradable":true,"language":"ruby","package":"rack","packageManager":"rubygems","patches":[],"publicationTime":"2025-08-15T13:51:54.400Z","semver":{"vulnerable":["<1.6.11",">=2.0.0, <2.0.6"]},"severity":"medium","title":"Cross-site Scripting (XSS)","type":"vuln","upgradePath":["redis-rack-cache@1.1","rack-cache@1.1","rack@2.0.6"],"url":"https://snyk.io/vuln/SNYK-RUBY-RACK-72567","version":"2.0.1"},{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","credit":["Unknown"],"cvssScore":7.3,"description":"## Overview\n[rack-cache](https://rubygems.org/gems/rack-cache) enables HTTP caching for Rack-based applications.\nAffected versions of this gem contain a flaw related to the rubygem caching sensitive HTTP headers. This will result in a weakness that may make it easier for an attacker to gain access to a user's session via a specially crafted header.\n\n## References\n- http://rubysec.com/advisories/CVE-2012-2671\n","disclosureTime":"2025-08-15T13:51:54.400Z","exploitMaturity":"no-known-exploit","from":["redis-rack-cache@1.1","rack-cache@1.1"],"functions":[],"id":"SNYK-RUBY-RACKCACHE-20031","identifiers":{"CVE":["CVE-2012-2671"],"CWE":["CWE-444"],"OSVDB":["OSVDB-83077"]},"isPatchable":false,"isPinnable":false,"isUpgradable":true,"language":"ruby","package":"rack-cache","packageManager":"rubygems","patches":[],"publicationTime":"2025-08-15T13:51:54.400Z","semver":{"vulnerable":["< 1.2"]},"severity":"high","title":"HTTP Header Caching Weakness","type":"vuln","upgradePath":["redis-rack-cache@1.2","rack-cache@1.2"],"url":"https://snyk.io/vuln/SNYK-RUBY-RACKCACHE-20031","version":"1.1"},{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","credit":["Dylan Katz"],"cvssScore":9.8,"description":"## Overview\n[`redis-store`](https://rubygems.org/gems/redis-store) is a namespaced Rack::Session, Rack::Cache, I18n and cache Redis stores for Ruby web frameworks.\n\nAffected versions of the package are vulnerable to Deserialization of Untrusted Data.\n\n# Details\nSerialization is a process of converting an object into a sequence of bytes which can be persisted to a disk or database or can be sent through streams. The reverse process of creating object from sequence of bytes is called deserialization. Serialization is commonly used for communication (sharing objects between multiple hosts) and persistence (store the object state in a file or a database). It is an integral part of popular protocols like _Remote Method Invocation (RMI)_, _Java Management Extension (JMX)_, _Java Messaging System (JMS)_, _Action Message Format (AMF)_, _Java Server Faces (JSF) ViewState_, etc.\n\n_Deserialization of untrusted data_ ([CWE-502](https://cwe.mitre.org/data/definitions/502.html)), is when the application deserializes untrusted data without sufficiently verifying that the resulting data will be valid, letting the attacker to control the state or the flow of the execution.\n\nAn attacker just needs to identify a piece of software that has both a vulnerable class on its path, and performs deserialization on untrusted data. Then all they need to do is send the payload into the deserializer, getting the command executed.\n\n## Remediation\nUpgrade `redis-store` to version 1.4.0 or higher.\n\n## References\n- [NVD](https://nvd.nist.gov/vuln/detail/CVE-2017-1000248)\n- [GitHub PR](https://github.com/redis-store/redis-store/pull/290)\n- [GitHub Issue](https://github.com/redis-store/redis-store/issues/289)\n- [GitHub Commit](https://github.com/redis-store/redis-store/commit/e0c1398d54a9661c8c70267c3a925ba6b192142e)\n","disclosureTime":"2025-08-15T13:51:54.400Z","exploitMaturity":"no-known-exploit","from":["redis-rack-cache@1.1","redis-store@1.1.0"],"functions":[],"id":"SNYK-RUBY-REDISSTORE-20452","identifiers":{"CVE":["CVE-2017-1000248"],"CWE":["CWE-502"]},"isPatchable":false,"isPinnable":false,"isUpgradable":true,"language":"ruby","package":"redis-store","packageManager":"rubygems","patches":[],"publicationTime":"2025-08-15T13:51:54.400Z","semver":{"vulnerable":["<1.4.0"]},"severity":"critical","title":"Deserialization of Untrusted Data","type":"vuln","upgradePath":["redis-rack-cache@2.0.2","redis-store@1.4.0"],"url":"https://snyk.io/vuln/SNYK-RUBY-REDISSTORE-20452","version":"1.1.0"}]},"licensesPolicy":null,"ok":false,"org":{"id":"4a18d42f-0706-4ad0-b127-24078731fbed","name":"atokeneduser"},"packageManager":"rubygems"}}}}},"description":"OK","headers":{}}},"summary":"Test gemfile.lock file","tags":["Test"]}},"/test/rubygems/{gemName}/{version}":{"get":{"description":"You can test `rubygems` packages for issues according to their name and version.","operationId":"Test for issues in a public gem by name and version","parameters":[{"description":"The gem name.","example":"rails-html-sanitizer","in":"path","name":"gemName","required":true,"schema":{"type":"string"}},{"description":"The gem version to test.","example":"1.0.3","in":"path","name":"version","required":true,"schema":{"type":"string"}},{"description":"The organization to test the package with. See \"The Snyk organization for a request\" above.","example":"9695cbb1-3a87-4d6f-8ae1-61a1c37ee9f7","in":"query","name":"org","required":false,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":{"dependencyCount":5,"issues":{"licenses":[],"vulnerabilities":[{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","credit":["Kaarlo Haikonen"],"cvssScore":6.1,"description":"## Overview\n[rails-html-sanitizer](https://github.com/rails/rails-html-sanitizer)\n\nAffected versions of this package are vulnerable to Cross-site Scripting (XSS). The gem allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments, and these attributes can lead to an XSS attack on target applications.\n\nThis issue is similar to [CVE-2018-8048](https://snyk.io/vuln/SNYK-RUBY-LOOFAH-22023) in Loofah.\n\n## Details\nA cross-site scripting attack occurs when the attacker tricks a legitimate web-based application or site to accept a request as originating from a trusted source.\r\n\r\nThis is done by escaping the context of the web application; the web application then delivers that data to its users along with other trusted dynamic content, without validating it. The browser unknowingly executes malicious script on the client side (through client-side languages; usually JavaScript or HTML) in order to perform actions that are otherwise typically blocked by the browser’s Same Origin Policy.\r\n\r\nֿInjecting malicious code is the most prevalent manner by which XSS is exploited; for this reason, escaping characters in order to prevent this manipulation is the top method for securing code against this vulnerability.\r\n\r\nEscaping means that the application is coded to mark key characters, and particularly key characters included in user input, to prevent those characters from being interpreted in a dangerous context. For example, in HTML, `<` can be coded as `<`; and `>` can be coded as `>`; in order to be interpreted and displayed as themselves in text, while within the code itself, they are used for HTML tags. If malicious content is injected into an application that escapes special characters and that malicious content uses `<` and `>` as HTML tags, those characters are nonetheless not interpreted as HTML tags by the browser if they’ve been correctly escaped in the application code and in this way the attempted attack is diverted.\r\n \r\nThe most prominent use of XSS is to steal cookies (source: OWASP HttpOnly) and hijack user sessions, but XSS exploits have been used to expose sensitive information, enable access to privileged services and functionality and deliver malware. \r\n\r\n### Types of attacks\r\nThere are a few methods by which XSS can be manipulated:\r\n\r\n|Type|Origin|Description|\r\n|--|--|--|\r\n|**Stored**|Server|The malicious code is inserted in the application (usually as a link) by the attacker. The code is activated every time a user clicks the link.|\r\n|**Reflected**|Server|The attacker delivers a malicious link externally from the vulnerable web site application to a user. When clicked, malicious code is sent to the vulnerable web site, which reflects the attack back to the user’s browser.| \r\n|**DOM-based**|Client|The attacker forces the user’s browser to render a malicious page. The data in the page itself delivers the cross-site scripting data.|\r\n|**Mutated**| |The attacker injects code that appears safe, but is then rewritten and modified by the browser, while parsing the markup. An example is rebalancing unclosed quotation marks or even adding quotation marks to unquoted parameters.|\r\n\r\n### Affected environments\r\nThe following environments are susceptible to an XSS attack:\r\n\r\n* Web servers\r\n* Application servers\r\n* Web application environments\r\n\r\n### How to prevent\r\nThis section describes the top best practices designed to specifically protect your code: \r\n\r\n* Sanitize data input in an HTTP request before reflecting it back, ensuring all data is validated, filtered or escaped before echoing anything back to the user, such as the values of query parameters during searches. \r\n* Convert special characters such as `?`, `&`, `/`, `<`, `>` and spaces to their respective HTML or URL encoded equivalents. \r\n* Give users the option to disable client-side scripts.\r\n* Redirect invalid requests.\r\n* Detect simultaneous logins, including those from two separate IP addresses, and invalidate those sessions.\r\n* Use and enforce a Content Security Policy (source: Wikipedia) to disable any features that might be manipulated for an XSS attack.\r\n* Read the documentation for any of the libraries referenced in your code to understand which elements allow for embedded HTML.\n\n\n## Remediation\nUpgrade `rails-html-sanitizer` to version 1.0.4 or higher.\n\n## References\n- [Ruby on Rails Security Google Forum](https://groups.google.com/d/msg/rubyonrails-security/tP7W3kLc5u4/uDy2Br7xBgAJ)\n- [NVD](https://nvd.nist.gov/vuln/detail/CVE-2018-3741)\n","disclosureTime":"2025-08-15T13:51:54.400Z","exploitMaturity":"no-known-exploit","from":["rails-html-sanitizer@1.0.3"],"functions":[],"id":"SNYK-RUBY-RAILSHTMLSANITIZER-22025","identifiers":{"CVE":["CVE-2018-3741"],"CWE":["CWE-79"]},"isPatchable":false,"isPinnable":false,"isUpgradable":true,"language":"ruby","package":"rails-html-sanitizer","packageManager":"rubygems","patches":[],"publicationTime":"2025-08-15T13:51:54.400Z","semver":{"vulnerable":["<1.0.4"]},"severity":"medium","title":"Cross-site Scripting (XSS)","type":"vuln","upgradePath":["rails-html-sanitizer@1.0.4"],"url":"https://snyk.io/vuln/SNYK-RUBY-RAILSHTMLSANITIZER-22025","version":"1.0.3"}]},"licensesPolicy":null,"ok":false,"org":{"id":"4a18d42f-0706-4ad0-b127-24078731fbed","name":"atokeneduser"},"packageManager":"rubygems"}}}}},"description":"OK","headers":{}}},"summary":"Test for issues in a public gem by name and version","tags":["Test"]}},"/test/sbt":{"post":{"description":"You can test your `sbt` packages for issues according to their manifest file using this action. It takes a JSON object containing a the \"target\" `build.sbt`.","operationId":"Test sbt file","requestBody":{"content":{"application/json":{"schema":{"example":{"encoding":"base64","files":{"target":{"contents":"\\nname := \\\"subsearch\\\"\\n\\nassemblyJarName in assembly := s\\\"subsearch-0.2.0.jar\\\"\\n\\nscalaVersion := \\\"2.11.8\\\"\\n\\nscalacOptions ++= Seq(\\\"-unchecked\\\", \\\"-deprecation\\\")\\n\\nresolvers += Resolver.sonatypeRepo(\\\"public\\\")\\n\\nlibraryDependencies += \\\"org.scalatest\\\" % \\\"scalatest_2.11\\\" % \\\"2.2.1\\\" % \\\"test\\\"\\nlibraryDependencies += \\\"org.scalamock\\\" %% \\\"scalamock-scalatest-support\\\" % \\\"3.2.2\\\" % \\\"test\\\"\\nlibraryDependencies += \\\"net.databinder.dispatch\\\" %% \\\"dispatch-core\\\" % \\\"0.11.2\\\"\\nlibraryDependencies += \\\"org.slf4j\\\" % \\\"slf4j-simple\\\" % \\\"1.6.6\\\"\\nlibraryDependencies += \\\"com.github.scopt\\\" %% \\\"scopt\\\" % \\\"3.4.0\\\"\\nlibraryDependencies += \\\"pl.project13.scala\\\" %% \\\"rainbow\\\" % \\\"0.2\\\"\\nlibraryDependencies += \\\"dnsjava\\\" % \\\"dnsjava\\\" % \\\"2.1.7\\\"\\nlibraryDependencies += \\\"com.typesafe.akka\\\" %% \\\"akka-actor\\\" % \\\"2.4.1\\\"\\nlibraryDependencies += \\\"org.scala-lang.modules\\\" % \\\"scala-jline\\\" % \\\"2.12.1\\\"\\nlibraryDependencies += \\\"net.ruippeixotog\\\" %% \\\"scala-scraper\\\" % \\\"1.0.0\\\""}}},"properties":{"encoding":{"default":"base64","description":"the encoding for the manifest files sent.","enum":["plain","base64"],"type":"string"},"files":{"description":"The manifest files:","properties":{"target":{"description":"the manifest file, encoded according the the \"encoding\" field.","properties":{"contents":{"description":"The contents of the file, encoded according to the `encoding` field.","type":"string"}},"required":["contents"],"type":"object"}},"required":["target"],"type":"object"}},"required":["files"],"type":"object"}}}},"responses":{"200":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":{"dependencyCount":44,"issues":{"licenses":[{"from":["net.databinder.dispatch:dispatch-core_2.11@0.11.2"],"id":"snyk:lic:maven:net.databinder.dispatch:dispatch-core_2.11:LGPL-3.0","language":"java","package":"net.databinder.dispatch:dispatch-core_2.11","packageManager":"maven","semver":{"vulnerable":["[0,)"]},"severity":"medium","title":"LGPL-3.0 license","type":"license","url":"https://snyk.io/vuln/snyk:lic:maven:net.databinder.dispatch:dispatch-core_2.11:LGPL-3.0","version":"0.11.2"},{"from":["net.ruippeixotog:scala-scraper_2.11@1.0.0","net.sourceforge.htmlunit:htmlunit@2.20","net.sourceforge.cssparser:cssparser@0.9.18"],"id":"snyk:lic:maven:net.sourceforge.cssparser:cssparser:LGPL-2.0","language":"java","package":"net.sourceforge.cssparser:cssparser","packageManager":"maven","semver":{"vulnerable":["[0.9.6, 0.9.19)"]},"severity":"medium","title":"LGPL-2.0 license","type":"license","url":"https://snyk.io/vuln/snyk:lic:maven:net.sourceforge.cssparser:cssparser:LGPL-2.0","version":"0.9.18"},{"from":["net.ruippeixotog:scala-scraper_2.11@1.0.0","net.sourceforge.htmlunit:htmlunit@2.20","net.sourceforge.htmlunit:htmlunit-core-js@2.17"],"id":"snyk:lic:maven:net.sourceforge.htmlunit:htmlunit-core-js:MPL-2.0","language":"java","package":"net.sourceforge.htmlunit:htmlunit-core-js","packageManager":"maven","semver":{"vulnerable":["[2.11,)"]},"severity":"medium","title":"MPL-2.0 license","type":"license","url":"https://snyk.io/vuln/snyk:lic:maven:net.sourceforge.htmlunit:htmlunit-core-js:MPL-2.0","version":"2.17"}],"vulnerabilities":[{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","credit":["Unknown"],"cvssScore":4.3,"description":"## Overview\n[`com.ning:async-http-client`](http://search.maven.org/#search%7Cga%7C1%7Ca%3A%22async-http-client%22)\nAsync Http Client (aka AHC or async-http-client) before 1.9.0 skips X.509 certificate verification unless both a keyStore location and a trustStore location are explicitly set, which allows man-in-the-middle attackers to spoof HTTPS servers by presenting an arbitrary certificate during use of a typical AHC configuration, as demonstrated by a configuration that does not send client certificates.\n\n## References\n- [NVD](https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7397)\n- [OSS Security](http://openwall.com/lists/oss-security/2014/08/26/1)\n- [GitHub Issue](https://github.com/AsyncHttpClient/async-http-client/issues/352)\n- [GitHub Commit](https://github.com/AsyncHttpClient/async-http-client/commit/dfacb8e05d0822c7b2024c452554bd8e1d6221d8)\n","disclosureTime":"2025-08-15T13:51:54.400Z","exploitMaturity":"no-known-exploit","from":["net.databinder.dispatch:dispatch-core_2.11@0.11.2","com.ning:async-http-client@1.8.10"],"functions":[],"id":"SNYK-JAVA-COMNING-30317","identifiers":{"CVE":["CVE-2013-7397"],"CWE":["CWE-345"]},"isPatchable":false,"isPinnable":false,"isUpgradable":true,"language":"java","package":"com.ning:async-http-client","packageManager":"maven","patches":[],"publicationTime":"2025-08-15T13:51:54.400Z","semver":{"vulnerable":["[,1.9.0)"]},"severity":"medium","title":"Insufficient Verification of Data Authenticity","type":"vuln","upgradePath":["net.databinder.dispatch:dispatch-core_2.11@0.11.3","com.ning:async-http-client@1.9.11"],"url":"https://snyk.io/vuln/SNYK-JAVA-COMNING-30317","version":"1.8.10"},{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","credit":["Unknown"],"cvssScore":4.3,"description":"## Overview\n[`com.ning:async-http-client`](http://search.maven.org/#search%7Cga%7C1%7Ca%3A%22async-http-client%22)\nmain/java/com/ning/http/client/AsyncHttpClientConfig.java in Async Http Client (aka AHC or async-http-client) before 1.9.0 does not require a hostname match during verification of X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate.\n\n## References\n- [NVD](https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7398)\n- [GitHub Commit](https://github.com/AsyncHttpClient/async-http-client/issues/197)\n- [GitHub Commit](https://github.com/AsyncHttpClient/async-http-client/commit/dfacb8e05d0822c7b2024c452554bd8e1d6221d8)\n- [OSS Security](http://openwall.com/lists/oss-security/2014/08/26/1)\n","disclosureTime":"2025-08-15T13:51:54.400Z","exploitMaturity":"no-known-exploit","from":["net.databinder.dispatch:dispatch-core_2.11@0.11.2","com.ning:async-http-client@1.8.10"],"functions":[],"id":"SNYK-JAVA-COMNING-30318","identifiers":{"CVE":["CVE-2013-7398"],"CWE":["CWE-345"]},"isPatchable":false,"isPinnable":false,"isUpgradable":true,"language":"java","package":"com.ning:async-http-client","packageManager":"maven","patches":[],"publicationTime":"2025-08-15T13:51:54.400Z","semver":{"vulnerable":["[,1.9.0)"]},"severity":"medium","title":"Insufficient Verification of Data Authenticity","type":"vuln","upgradePath":["net.databinder.dispatch:dispatch-core_2.11@0.11.3","com.ning:async-http-client@1.9.11"],"url":"https://snyk.io/vuln/SNYK-JAVA-COMNING-30318","version":"1.8.10"},{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","credit":["Roman Shafigullin","Luca Carettoni","Mukul Khullar"],"cvssScore":7.5,"description":"## Overview\n\n[io.netty:netty](http://search.maven.org/#search%7Cga%7C1%7Ca%3A%22netty%22) is a NIO client server framework which enables quick and easy development of network applications such as protocol servers and clients.\n\n\nAffected versions of this package are vulnerable to Information Disclosure.\nIt does not validate cookie name and value characters, allowing attackers to potentially bypass the `httpOnly` flag on sensitive cookies.\n\n## Remediation\n\nUpgrade `io.netty:netty` to version 3.9.8.Final, 3.10.3.Final or higher.\n\n\n## References\n\n- [GitHub Commit 3.10.3](https://github.com/netty/netty/commit/2caa38a2795fe1f1ae6ceda4d69e826ed7c55e55)\n\n- [GitHub Commit 3.9.8](https://github.com/netty/netty/commit/31815598a2af37f0b71ea94eada70d6659c23752)\n\n- [GitHub Commit 4.0.8](https://github.com/netty/netty/pull/3748/commits/4ac519f534493bb0ca7a77e1c779138a54faa7b9)\n\n- [GitHub PR 3.9.8 and 3.10.3](https://github.com/netty/netty/pull/3754)\n\n- [GitHub PR 4.0.28](https://github.com/netty/netty/pull/3748)\n\n- [Linkedin Security Blog](https://engineering.linkedin.com/security/look-netty_s-recent-security-update-cve--2015--2156)\n\n- [Release Notes 3.9.8 and 3.10.3](http://netty.io/news/2015/05/08/3-9-8-Final-and-3.html)\n\n- [Release Notes 4.0.28](http://netty.io/news/2015/05/07/4-0-28-Final.html)\n","disclosureTime":"2025-08-15T13:51:54.400Z","exploitMaturity":"no-known-exploit","from":["net.databinder.dispatch:dispatch-core_2.11@0.11.2","com.ning:async-http-client@1.8.10","io.netty:netty@3.9.2.Final"],"functions":[{"functionId":{"className":"org.jboss.netty.handler.codec.http.CookieEncoder","functionName":"encode"},"version":["[3.10.0,3.10.2)","[3.3.0,3.9.7)"]},{"functionId":{"className":"org.jboss.netty.handler.codec.http.cookie.ServerCookieEncoder","functionName":"encode"},"version":["[3.9.7,3.9.8.Final)","[3.10.2,3.10.3.Final)"]}],"id":"SNYK-JAVA-IONETTY-30430","identifiers":{"CVE":["CVE-2015-2156"],"CWE":["CWE-200"]},"isPatchable":false,"isPinnable":false,"isUpgradable":true,"language":"java","package":"io.netty:netty","packageManager":"maven","patches":[],"publicationTime":"2025-08-15T13:51:54.400Z","semver":{"vulnerable":["[3.3.0.Final,3.9.8.Final)","[3.10.0.Final,3.10.3.Final)"]},"severity":"high","title":"Information Disclosure","type":"vuln","upgradePath":["net.databinder.dispatch:dispatch-core_2.11@0.11.4","com.ning:async-http-client@1.9.40","io.netty:netty@3.10.6.Final"],"url":"https://snyk.io/vuln/SNYK-JAVA-IONETTY-30430","version":"3.9.2.Final"},{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:R","credit":["axeBig"],"cvssScore":6.5,"description":"## Overview\n\n[io.netty:netty](http://search.maven.org/#search%7Cga%7C1%7Ca%3A%22netty%22) is a NIO client server framework which enables quick and easy development of network applications such as protocol servers and clients.\n\n\nAffected versions of this package are vulnerable to HTTP Request Smuggling.\nNetty mishandles whitespace before the colon in HTTP headers such as a `Transfer-Encoding : chunked` line. This can lead to HTTP request smuggling where an attacker can bypass security controls, gain unauthorized access to sensitive data, and directly compromise other application users.\n\n## Remediation\n\nThere is no fixed version for `io.netty:netty`.\n\n\n## References\n\n- [GitHub Fix Commit](https://github.com/netty/netty/commit/017a9658c97ff1a1355c31a6a1f8bd1ea6f21c8d)\n\n- [GitHub Issue](https://github.com/netty/netty/issues/9571)\n\n- [GitHub PR](https://github.com/netty/netty/pull/9585)\n","disclosureTime":"2025-08-15T13:51:54.400Z","exploitMaturity":"no-known-exploit","from":["net.databinder.dispatch:dispatch-core_2.11@0.11.2","com.ning:async-http-client@1.8.10","io.netty:netty@3.9.2.Final"],"functions":[],"id":"SNYK-JAVA-IONETTY-473694","identifiers":{"CVE":["CVE-2019-16869"],"CWE":["CWE-113"]},"isPatchable":false,"isPinnable":false,"isUpgradable":false,"language":"java","package":"io.netty:netty","packageManager":"maven","patches":[],"publicationTime":"2025-08-15T13:51:54.400Z","semver":{"vulnerable":["[0,]"]},"severity":"medium","title":"HTTP Request Smuggling","type":"vuln","upgradePath":[],"url":"https://snyk.io/vuln/SNYK-JAVA-IONETTY-473694","version":"3.9.2.Final"},{"CVSSv3":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:R","credit":["ICHIHARA Ryohei"],"cvssScore":5.6,"description":"## Overview\n\n[net.sourceforge.htmlunit:htmlunit](http://htmlunit.sourceforge.net) is a GUI-Less browser for Java programs\n\n\nAffected versions of this package are vulnerable to Remote Code Execution (RCE).\nIt initializes Rhino engine improperly, hence a malicious JavaScript code can execute arbitrary Java code on the application.\n\n## Remediation\n\nUpgrade `net.sourceforge.htmlunit:htmlunit` to version 2.37.0 or higher.\n\n\n## References\n\n- [GitHub Commit](https://github.com/HtmlUnit/htmlunit/commit/bc1f58d483cc8854a9c4c1739abd5e04a2eb0367)\n\n- [JvNDB](https://jvn.jp/en/jp/JVN34535327/)\n","disclosureTime":"2025-08-15T13:51:54.400Z","exploitMaturity":"no-known-exploit","from":["net.ruippeixotog:scala-scraper_2.11@1.0.0","net.sourceforge.htmlunit:htmlunit@2.20"],"functions":[],"id":"SNYK-JAVA-NETSOURCEFORGEHTMLUNIT-548471","identifiers":{"CVE":["CVE-2020-5529"],"CWE":["CWE-284","CWE-94"]},"isPatchable":false,"isPinnable":false,"isUpgradable":false,"language":"java","package":"net.sourceforge.htmlunit:htmlunit","packageManager":"maven","patches":[],"publicationTime":"2025-08-15T13:51:54.400Z","semver":{"vulnerable":["[,2.37.0)"]},"severity":"medium","title":"Remote Code Execution (RCE)","type":"vuln","upgradePath":[],"url":"https://snyk.io/vuln/SNYK-JAVA-NETSOURCEFORGEHTMLUNIT-548471","version":"2.20"},{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","credit":["James Kettle"],"cvssScore":5.3,"description":"## Overview\n\n[org.apache.httpcomponents:httpclient](http://hc.apache.org/) is a HttpClient component of the Apache HttpComponents project.\n\n\nAffected versions of this package are vulnerable to Directory Traversal.\nString input by user is not validated for the presence of leading character `/` and is passed to the constructor as `path` information, resulting in a Directory Traversal vulnerability.\n\n## Details\nA Directory Traversal attack (also known as path traversal) aims to access files and directories that are stored outside the intended folder. By manipulating files with \"dot-dot-slash (../)\" sequences and its variations, or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system, including application source code, configuration, and other critical system files.\r\n\r\nDirectory Traversal vulnerabilities can be generally divided into two types:\r\n\r\n- **Information Disclosure**: Allows the attacker to gain information about the folder structure or read the contents of sensitive files on the system.\r\n\r\n`st` is a module for serving static files on web pages, and contains a [vulnerability of this type](https://snyk.io/vuln/npm:st:20140206). In our example, we will serve files from the `public` route.\r\n\r\nIf an attacker requests the following URL from our server, it will in turn leak the sensitive private key of the root user.\r\n\r\n```\r\ncurl http://localhost:8080/public/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/root/.ssh/id_rsa\r\n```\r\n**Note** `%2e` is the URL encoded version of `.` (dot).\r\n\r\n- **Writing arbitrary files**: Allows the attacker to create or replace existing files. This type of vulnerability is also known as `Zip-Slip`. \r\n\r\nOne way to achieve this is by using a malicious `zip` archive that holds path traversal filenames. When each filename in the zip archive gets concatenated to the target extraction folder, without validation, the final path ends up outside of the target folder. If an executable or a configuration file is overwritten with a file containing malicious code, the problem can turn into an arbitrary code execution issue quite easily.\r\n\r\nThe following is an example of a `zip` archive with one benign file and one malicious file. Extracting the malicious file will result in traversing out of the target folder, ending up in `/root/.ssh/` overwriting the `authorized_keys` file:\r\n\r\n```\r\n2018-04-15 22:04:29 ..... 19 19 good.txt\r\n2018-04-15 22:04:42 ..... 20 20 ../../../../../../root/.ssh/authorized_keys\r\n```\n\n\n## Remediation\n\nUpgrade `org.apache.httpcomponents:httpclient` to version 4.5.3 or higher.\n\n\n## References\n\n- [Github Commit](https://github.com/apache/httpcomponents-client/commit/0554271750599756d4946c0d7ba43d04b1a7b220)\n\n- [Jira Issue](https://issues.apache.org/jira/browse/HTTPCLIENT-1803)\n\n- [Researcher blog post](http://blog.portswigger.net/2017/07/cracking-lens-targeting-https-hidden.html)\n","disclosureTime":"2025-08-15T13:51:54.400Z","exploitMaturity":"no-known-exploit","from":["net.ruippeixotog:scala-scraper_2.11@1.0.0","net.sourceforge.htmlunit:htmlunit@2.20","org.apache.httpcomponents:httpclient@4.5.2"],"functions":[{"functionId":{"className":"org.apache.http.client.utils.URIUtils","functionName":"normalizePath"},"version":["[4.1,4.1.3]"]},{"functionId":{"className":"org.apache.http.client.utils.URIBuilder","functionName":"normalizePath"},"version":["[4.2.1 ,4.5.2)"]}],"id":"SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-31517","identifiers":{"CVE":[],"CWE":["CWE-23"]},"isPatchable":false,"isPinnable":false,"isUpgradable":true,"language":"java","package":"org.apache.httpcomponents:httpclient","packageManager":"maven","patches":[],"publicationTime":"2025-08-15T13:51:54.400Z","semver":{"vulnerable":["[,4.5.3)"]},"severity":"medium","title":"Directory Traversal","type":"vuln","upgradePath":["net.ruippeixotog:scala-scraper_2.11@1.2.1","net.sourceforge.htmlunit:htmlunit@2.26"],"url":"https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-31517","version":"4.5.2"},{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","credit":["James Kettle"],"cvssScore":5.3,"description":"## Overview\n\n[org.apache.httpcomponents:httpclient](http://hc.apache.org/) is a HttpClient component of the Apache HttpComponents project.\n\n\nAffected versions of this package are vulnerable to Directory Traversal.\nString input by user is not validated for the presence of leading character `/` and is passed to the constructor as `path` information, resulting in a Directory Traversal vulnerability.\n\n## Details\nA Directory Traversal attack (also known as path traversal) aims to access files and directories that are stored outside the intended folder. By manipulating files with \"dot-dot-slash (../)\" sequences and its variations, or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system, including application source code, configuration, and other critical system files.\r\n\r\nDirectory Traversal vulnerabilities can be generally divided into two types:\r\n\r\n- **Information Disclosure**: Allows the attacker to gain information about the folder structure or read the contents of sensitive files on the system.\r\n\r\n`st` is a module for serving static files on web pages, and contains a [vulnerability of this type](https://snyk.io/vuln/npm:st:20140206). In our example, we will serve files from the `public` route.\r\n\r\nIf an attacker requests the following URL from our server, it will in turn leak the sensitive private key of the root user.\r\n\r\n```\r\ncurl http://localhost:8080/public/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/root/.ssh/id_rsa\r\n```\r\n**Note** `%2e` is the URL encoded version of `.` (dot).\r\n\r\n- **Writing arbitrary files**: Allows the attacker to create or replace existing files. This type of vulnerability is also known as `Zip-Slip`. \r\n\r\nOne way to achieve this is by using a malicious `zip` archive that holds path traversal filenames. When each filename in the zip archive gets concatenated to the target extraction folder, without validation, the final path ends up outside of the target folder. If an executable or a configuration file is overwritten with a file containing malicious code, the problem can turn into an arbitrary code execution issue quite easily.\r\n\r\nThe following is an example of a `zip` archive with one benign file and one malicious file. Extracting the malicious file will result in traversing out of the target folder, ending up in `/root/.ssh/` overwriting the `authorized_keys` file:\r\n\r\n```\r\n2018-04-15 22:04:29 ..... 19 19 good.txt\r\n2018-04-15 22:04:42 ..... 20 20 ../../../../../../root/.ssh/authorized_keys\r\n```\n\n\n## Remediation\n\nUpgrade `org.apache.httpcomponents:httpclient` to version 4.5.3 or higher.\n\n\n## References\n\n- [Github Commit](https://github.com/apache/httpcomponents-client/commit/0554271750599756d4946c0d7ba43d04b1a7b220)\n\n- [Jira Issue](https://issues.apache.org/jira/browse/HTTPCLIENT-1803)\n\n- [Researcher blog post](http://blog.portswigger.net/2017/07/cracking-lens-targeting-https-hidden.html)\n","disclosureTime":"2025-08-15T13:51:54.400Z","exploitMaturity":"no-known-exploit","from":["net.ruippeixotog:scala-scraper_2.11@1.0.0","net.sourceforge.htmlunit:htmlunit@2.20","org.apache.httpcomponents:httpmime@4.5.2","org.apache.httpcomponents:httpclient@4.5.2"],"functions":[{"functionId":{"className":"org.apache.http.client.utils.URIUtils","functionName":"normalizePath"},"version":["[4.1,4.1.3]"]},{"functionId":{"className":"org.apache.http.client.utils.URIBuilder","functionName":"normalizePath"},"version":["[4.2.1 ,4.5.2)"]}],"id":"SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-31517","identifiers":{"CVE":[],"CWE":["CWE-23"]},"isPatchable":false,"isPinnable":false,"isUpgradable":true,"language":"java","package":"org.apache.httpcomponents:httpclient","packageManager":"maven","patches":[],"publicationTime":"2025-08-15T13:51:54.400Z","semver":{"vulnerable":["[,4.5.3)"]},"severity":"medium","title":"Directory Traversal","type":"vuln","upgradePath":["net.ruippeixotog:scala-scraper_2.11@1.2.1","net.sourceforge.htmlunit:htmlunit@2.26","org.apache.httpcomponents:httpmime@4.5.3","org.apache.httpcomponents:httpclient@4.5.3"],"url":"https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-31517","version":"4.5.2"},{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:F","credit":["Unknown"],"cvssScore":4.7,"description":"## Overview\n\n[org.eclipse.jetty:jetty-util](https://www.eclipse.org/jetty) is a Web Container & Clients - supports HTTP/2, HTTP/1.1, HTTP/1.0, websocket, servlets, and more.\n\n\nAffected versions of this package are vulnerable to Cross-site Scripting (XSS)\nwhen a remote client uses a specially formatted URL against the `DefaultServlet` or `ResourceHandler` that is configured for showing a listing of directory contents.\n\n## Details\nA cross-site scripting attack occurs when the attacker tricks a legitimate web-based application or site to accept a request as originating from a trusted source.\r\n\r\nThis is done by escaping the context of the web application; the web application then delivers that data to its users along with other trusted dynamic content, without validating it. The browser unknowingly executes malicious script on the client side (through client-side languages; usually JavaScript or HTML) in order to perform actions that are otherwise typically blocked by the browser’s Same Origin Policy.\r\n\r\nֿInjecting malicious code is the most prevalent manner by which XSS is exploited; for this reason, escaping characters in order to prevent this manipulation is the top method for securing code against this vulnerability.\r\n\r\nEscaping means that the application is coded to mark key characters, and particularly key characters included in user input, to prevent those characters from being interpreted in a dangerous context. For example, in HTML, `<` can be coded as `<`; and `>` can be coded as `>`; in order to be interpreted and displayed as themselves in text, while within the code itself, they are used for HTML tags. If malicious content is injected into an application that escapes special characters and that malicious content uses `<` and `>` as HTML tags, those characters are nonetheless not interpreted as HTML tags by the browser if they’ve been correctly escaped in the application code and in this way the attempted attack is diverted.\r\n \r\nThe most prominent use of XSS is to steal cookies (source: OWASP HttpOnly) and hijack user sessions, but XSS exploits have been used to expose sensitive information, enable access to privileged services and functionality and deliver malware. \r\n\r\n### Types of attacks\r\nThere are a few methods by which XSS can be manipulated:\r\n\r\n|Type|Origin|Description|\r\n|--|--|--|\r\n|**Stored**|Server|The malicious code is inserted in the application (usually as a link) by the attacker. The code is activated every time a user clicks the link.|\r\n|**Reflected**|Server|The attacker delivers a malicious link externally from the vulnerable web site application to a user. When clicked, malicious code is sent to the vulnerable web site, which reflects the attack back to the user’s browser.| \r\n|**DOM-based**|Client|The attacker forces the user’s browser to render a malicious page. The data in the page itself delivers the cross-site scripting data.|\r\n|**Mutated**| |The attacker injects code that appears safe, but is then rewritten and modified by the browser, while parsing the markup. An example is rebalancing unclosed quotation marks or even adding quotation marks to unquoted parameters.|\r\n\r\n### Affected environments\r\nThe following environments are susceptible to an XSS attack:\r\n\r\n* Web servers\r\n* Application servers\r\n* Web application environments\r\n\r\n### How to prevent\r\nThis section describes the top best practices designed to specifically protect your code: \r\n\r\n* Sanitize data input in an HTTP request before reflecting it back, ensuring all data is validated, filtered or escaped before echoing anything back to the user, such as the values of query parameters during searches. \r\n* Convert special characters such as `?`, `&`, `/`, `<`, `>` and spaces to their respective HTML or URL encoded equivalents. \r\n* Give users the option to disable client-side scripts.\r\n* Redirect invalid requests.\r\n* Detect simultaneous logins, including those from two separate IP addresses, and invalidate those sessions.\r\n* Use and enforce a Content Security Policy (source: Wikipedia) to disable any features that might be manipulated for an XSS attack.\r\n* Read the documentation for any of the libraries referenced in your code to understand which elements allow for embedded HTML.\n\n## Remediation\n\nUpgrade `org.eclipse.jetty:jetty-util` to version 9.2.27.v20190403, 9.3.26.v20190403, 9.4.16.v20190411 or higher.\n\n\n## References\n\n- [Eclipse Report](https://bugs.eclipse.org/bugs/show_bug.cgi?id=546121)\n\n- [GitHub Commit](https://github.com/eclipse/jetty.project/commit/ca77bd384a2970cabbbdab25cf6251c6fb76cd21)\n","disclosureTime":"2025-08-15T13:51:54.400Z","exploitMaturity":"mature","from":["net.ruippeixotog:scala-scraper_2.11@1.0.0","net.sourceforge.htmlunit:htmlunit@2.20","org.eclipse.jetty.websocket:websocket-client@9.2.15.v20160210","org.eclipse.jetty:jetty-util@9.2.15.v20160210"],"functions":[],"id":"SNYK-JAVA-ORGECLIPSEJETTY-174479","identifiers":{"CVE":["CVE-2019-10241"],"CWE":["CWE-79"]},"isPatchable":false,"isPinnable":false,"isUpgradable":true,"language":"java","package":"org.eclipse.jetty:jetty-util","packageManager":"maven","patches":[],"publicationTime":"2025-08-15T13:51:54.400Z","semver":{"vulnerable":["[9.2.0.M0,9.2.27.v20190403)","[9.3.0.M0, 9.3.26.v20190403)","[9.4.15.v20190215, 9.4.16.v20190411)"]},"severity":"medium","title":"Cross-site Scripting (XSS)","type":"vuln","upgradePath":["net.ruippeixotog:scala-scraper_2.11@1.2.1","net.sourceforge.htmlunit:htmlunit@2.26","org.eclipse.jetty.websocket:websocket-client@9.4.3.v20170317","org.eclipse.jetty:jetty-util@9.4.3.v20170317"],"url":"https://snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-174479","version":"9.2.15.v20160210"},{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:F","credit":["Unknown"],"cvssScore":4.7,"description":"## Overview\n\n[org.eclipse.jetty:jetty-util](https://www.eclipse.org/jetty) is a Web Container & Clients - supports HTTP/2, HTTP/1.1, HTTP/1.0, websocket, servlets, and more.\n\n\nAffected versions of this package are vulnerable to Cross-site Scripting (XSS)\nwhen a remote client uses a specially formatted URL against the `DefaultServlet` or `ResourceHandler` that is configured for showing a listing of directory contents.\n\n## Details\nA cross-site scripting attack occurs when the attacker tricks a legitimate web-based application or site to accept a request as originating from a trusted source.\r\n\r\nThis is done by escaping the context of the web application; the web application then delivers that data to its users along with other trusted dynamic content, without validating it. The browser unknowingly executes malicious script on the client side (through client-side languages; usually JavaScript or HTML) in order to perform actions that are otherwise typically blocked by the browser’s Same Origin Policy.\r\n\r\nֿInjecting malicious code is the most prevalent manner by which XSS is exploited; for this reason, escaping characters in order to prevent this manipulation is the top method for securing code against this vulnerability.\r\n\r\nEscaping means that the application is coded to mark key characters, and particularly key characters included in user input, to prevent those characters from being interpreted in a dangerous context. For example, in HTML, `<` can be coded as `<`; and `>` can be coded as `>`; in order to be interpreted and displayed as themselves in text, while within the code itself, they are used for HTML tags. If malicious content is injected into an application that escapes special characters and that malicious content uses `<` and `>` as HTML tags, those characters are nonetheless not interpreted as HTML tags by the browser if they’ve been correctly escaped in the application code and in this way the attempted attack is diverted.\r\n \r\nThe most prominent use of XSS is to steal cookies (source: OWASP HttpOnly) and hijack user sessions, but XSS exploits have been used to expose sensitive information, enable access to privileged services and functionality and deliver malware. \r\n\r\n### Types of attacks\r\nThere are a few methods by which XSS can be manipulated:\r\n\r\n|Type|Origin|Description|\r\n|--|--|--|\r\n|**Stored**|Server|The malicious code is inserted in the application (usually as a link) by the attacker. The code is activated every time a user clicks the link.|\r\n|**Reflected**|Server|The attacker delivers a malicious link externally from the vulnerable web site application to a user. When clicked, malicious code is sent to the vulnerable web site, which reflects the attack back to the user’s browser.| \r\n|**DOM-based**|Client|The attacker forces the user’s browser to render a malicious page. The data in the page itself delivers the cross-site scripting data.|\r\n|**Mutated**| |The attacker injects code that appears safe, but is then rewritten and modified by the browser, while parsing the markup. An example is rebalancing unclosed quotation marks or even adding quotation marks to unquoted parameters.|\r\n\r\n### Affected environments\r\nThe following environments are susceptible to an XSS attack:\r\n\r\n* Web servers\r\n* Application servers\r\n* Web application environments\r\n\r\n### How to prevent\r\nThis section describes the top best practices designed to specifically protect your code: \r\n\r\n* Sanitize data input in an HTTP request before reflecting it back, ensuring all data is validated, filtered or escaped before echoing anything back to the user, such as the values of query parameters during searches. \r\n* Convert special characters such as `?`, `&`, `/`, `<`, `>` and spaces to their respective HTML or URL encoded equivalents. \r\n* Give users the option to disable client-side scripts.\r\n* Redirect invalid requests.\r\n* Detect simultaneous logins, including those from two separate IP addresses, and invalidate those sessions.\r\n* Use and enforce a Content Security Policy (source: Wikipedia) to disable any features that might be manipulated for an XSS attack.\r\n* Read the documentation for any of the libraries referenced in your code to understand which elements allow for embedded HTML.\n\n## Remediation\n\nUpgrade `org.eclipse.jetty:jetty-util` to version 9.2.27.v20190403, 9.3.26.v20190403, 9.4.16.v20190411 or higher.\n\n\n## References\n\n- [Eclipse Report](https://bugs.eclipse.org/bugs/show_bug.cgi?id=546121)\n\n- [GitHub Commit](https://github.com/eclipse/jetty.project/commit/ca77bd384a2970cabbbdab25cf6251c6fb76cd21)\n","disclosureTime":"2025-08-15T13:51:54.401Z","exploitMaturity":"mature","from":["net.ruippeixotog:scala-scraper_2.11@1.0.0","net.sourceforge.htmlunit:htmlunit@2.20","org.eclipse.jetty.websocket:websocket-client@9.2.15.v20160210","org.eclipse.jetty:jetty-io@9.2.15.v20160210","org.eclipse.jetty:jetty-util@9.2.15.v20160210"],"functions":[],"id":"SNYK-JAVA-ORGECLIPSEJETTY-174479","identifiers":{"CVE":["CVE-2019-10241"],"CWE":["CWE-79"]},"isPatchable":false,"isPinnable":false,"isUpgradable":true,"language":"java","package":"org.eclipse.jetty:jetty-util","packageManager":"maven","patches":[],"publicationTime":"2025-08-15T13:51:54.401Z","semver":{"vulnerable":["[9.2.0.M0,9.2.27.v20190403)","[9.3.0.M0, 9.3.26.v20190403)","[9.4.15.v20190215, 9.4.16.v20190411)"]},"severity":"medium","title":"Cross-site Scripting (XSS)","type":"vuln","upgradePath":["net.ruippeixotog:scala-scraper_2.11@1.2.1","net.sourceforge.htmlunit:htmlunit@2.26","org.eclipse.jetty.websocket:websocket-client@9.4.3.v20170317","org.eclipse.jetty:jetty-io@9.4.3.v20170317","org.eclipse.jetty:jetty-util@9.4.3.v20170317"],"url":"https://snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-174479","version":"9.2.15.v20160210"},{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:F","credit":["Unknown"],"cvssScore":4.7,"description":"## Overview\n\n[org.eclipse.jetty:jetty-util](https://www.eclipse.org/jetty) is a Web Container & Clients - supports HTTP/2, HTTP/1.1, HTTP/1.0, websocket, servlets, and more.\n\n\nAffected versions of this package are vulnerable to Cross-site Scripting (XSS)\nwhen a remote client uses a specially formatted URL against the `DefaultServlet` or `ResourceHandler` that is configured for showing a listing of directory contents.\n\n## Details\nA cross-site scripting attack occurs when the attacker tricks a legitimate web-based application or site to accept a request as originating from a trusted source.\r\n\r\nThis is done by escaping the context of the web application; the web application then delivers that data to its users along with other trusted dynamic content, without validating it. The browser unknowingly executes malicious script on the client side (through client-side languages; usually JavaScript or HTML) in order to perform actions that are otherwise typically blocked by the browser’s Same Origin Policy.\r\n\r\nֿInjecting malicious code is the most prevalent manner by which XSS is exploited; for this reason, escaping characters in order to prevent this manipulation is the top method for securing code against this vulnerability.\r\n\r\nEscaping means that the application is coded to mark key characters, and particularly key characters included in user input, to prevent those characters from being interpreted in a dangerous context. For example, in HTML, `<` can be coded as `<`; and `>` can be coded as `>`; in order to be interpreted and displayed as themselves in text, while within the code itself, they are used for HTML tags. If malicious content is injected into an application that escapes special characters and that malicious content uses `<` and `>` as HTML tags, those characters are nonetheless not interpreted as HTML tags by the browser if they’ve been correctly escaped in the application code and in this way the attempted attack is diverted.\r\n \r\nThe most prominent use of XSS is to steal cookies (source: OWASP HttpOnly) and hijack user sessions, but XSS exploits have been used to expose sensitive information, enable access to privileged services and functionality and deliver malware. \r\n\r\n### Types of attacks\r\nThere are a few methods by which XSS can be manipulated:\r\n\r\n|Type|Origin|Description|\r\n|--|--|--|\r\n|**Stored**|Server|The malicious code is inserted in the application (usually as a link) by the attacker. The code is activated every time a user clicks the link.|\r\n|**Reflected**|Server|The attacker delivers a malicious link externally from the vulnerable web site application to a user. When clicked, malicious code is sent to the vulnerable web site, which reflects the attack back to the user’s browser.| \r\n|**DOM-based**|Client|The attacker forces the user’s browser to render a malicious page. The data in the page itself delivers the cross-site scripting data.|\r\n|**Mutated**| |The attacker injects code that appears safe, but is then rewritten and modified by the browser, while parsing the markup. An example is rebalancing unclosed quotation marks or even adding quotation marks to unquoted parameters.|\r\n\r\n### Affected environments\r\nThe following environments are susceptible to an XSS attack:\r\n\r\n* Web servers\r\n* Application servers\r\n* Web application environments\r\n\r\n### How to prevent\r\nThis section describes the top best practices designed to specifically protect your code: \r\n\r\n* Sanitize data input in an HTTP request before reflecting it back, ensuring all data is validated, filtered or escaped before echoing anything back to the user, such as the values of query parameters during searches. \r\n* Convert special characters such as `?`, `&`, `/`, `<`, `>` and spaces to their respective HTML or URL encoded equivalents. \r\n* Give users the option to disable client-side scripts.\r\n* Redirect invalid requests.\r\n* Detect simultaneous logins, including those from two separate IP addresses, and invalidate those sessions.\r\n* Use and enforce a Content Security Policy (source: Wikipedia) to disable any features that might be manipulated for an XSS attack.\r\n* Read the documentation for any of the libraries referenced in your code to understand which elements allow for embedded HTML.\n\n## Remediation\n\nUpgrade `org.eclipse.jetty:jetty-util` to version 9.2.27.v20190403, 9.3.26.v20190403, 9.4.16.v20190411 or higher.\n\n\n## References\n\n- [Eclipse Report](https://bugs.eclipse.org/bugs/show_bug.cgi?id=546121)\n\n- [GitHub Commit](https://github.com/eclipse/jetty.project/commit/ca77bd384a2970cabbbdab25cf6251c6fb76cd21)\n","disclosureTime":"2025-08-15T13:51:54.401Z","exploitMaturity":"mature","from":["net.ruippeixotog:scala-scraper_2.11@1.0.0","net.sourceforge.htmlunit:htmlunit@2.20","org.eclipse.jetty.websocket:websocket-client@9.2.15.v20160210","org.eclipse.jetty.websocket:websocket-common@9.2.15.v20160210","org.eclipse.jetty:jetty-util@9.2.15.v20160210"],"functions":[],"id":"SNYK-JAVA-ORGECLIPSEJETTY-174479","identifiers":{"CVE":["CVE-2019-10241"],"CWE":["CWE-79"]},"isPatchable":false,"isPinnable":false,"isUpgradable":true,"language":"java","package":"org.eclipse.jetty:jetty-util","packageManager":"maven","patches":[],"publicationTime":"2025-08-15T13:51:54.401Z","semver":{"vulnerable":["[9.2.0.M0,9.2.27.v20190403)","[9.3.0.M0, 9.3.26.v20190403)","[9.4.15.v20190215, 9.4.16.v20190411)"]},"severity":"medium","title":"Cross-site Scripting (XSS)","type":"vuln","upgradePath":["net.ruippeixotog:scala-scraper_2.11@1.2.1","net.sourceforge.htmlunit:htmlunit@2.26","org.eclipse.jetty.websocket:websocket-client@9.4.3.v20170317","org.eclipse.jetty.websocket:websocket-common@9.4.3.v20170317","org.eclipse.jetty:jetty-util@9.4.3.v20170317"],"url":"https://snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-174479","version":"9.2.15.v20160210"},{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:F","credit":["Unknown"],"cvssScore":4.7,"description":"## Overview\n\n[org.eclipse.jetty:jetty-util](https://www.eclipse.org/jetty) is a Web Container & Clients - supports HTTP/2, HTTP/1.1, HTTP/1.0, websocket, servlets, and more.\n\n\nAffected versions of this package are vulnerable to Cross-site Scripting (XSS)\nwhen a remote client uses a specially formatted URL against the `DefaultServlet` or `ResourceHandler` that is configured for showing a listing of directory contents.\n\n## Details\nA cross-site scripting attack occurs when the attacker tricks a legitimate web-based application or site to accept a request as originating from a trusted source.\r\n\r\nThis is done by escaping the context of the web application; the web application then delivers that data to its users along with other trusted dynamic content, without validating it. The browser unknowingly executes malicious script on the client side (through client-side languages; usually JavaScript or HTML) in order to perform actions that are otherwise typically blocked by the browser’s Same Origin Policy.\r\n\r\nֿInjecting malicious code is the most prevalent manner by which XSS is exploited; for this reason, escaping characters in order to prevent this manipulation is the top method for securing code against this vulnerability.\r\n\r\nEscaping means that the application is coded to mark key characters, and particularly key characters included in user input, to prevent those characters from being interpreted in a dangerous context. For example, in HTML, `<` can be coded as `<`; and `>` can be coded as `>`; in order to be interpreted and displayed as themselves in text, while within the code itself, they are used for HTML tags. If malicious content is injected into an application that escapes special characters and that malicious content uses `<` and `>` as HTML tags, those characters are nonetheless not interpreted as HTML tags by the browser if they’ve been correctly escaped in the application code and in this way the attempted attack is diverted.\r\n \r\nThe most prominent use of XSS is to steal cookies (source: OWASP HttpOnly) and hijack user sessions, but XSS exploits have been used to expose sensitive information, enable access to privileged services and functionality and deliver malware. \r\n\r\n### Types of attacks\r\nThere are a few methods by which XSS can be manipulated:\r\n\r\n|Type|Origin|Description|\r\n|--|--|--|\r\n|**Stored**|Server|The malicious code is inserted in the application (usually as a link) by the attacker. The code is activated every time a user clicks the link.|\r\n|**Reflected**|Server|The attacker delivers a malicious link externally from the vulnerable web site application to a user. When clicked, malicious code is sent to the vulnerable web site, which reflects the attack back to the user’s browser.| \r\n|**DOM-based**|Client|The attacker forces the user’s browser to render a malicious page. The data in the page itself delivers the cross-site scripting data.|\r\n|**Mutated**| |The attacker injects code that appears safe, but is then rewritten and modified by the browser, while parsing the markup. An example is rebalancing unclosed quotation marks or even adding quotation marks to unquoted parameters.|\r\n\r\n### Affected environments\r\nThe following environments are susceptible to an XSS attack:\r\n\r\n* Web servers\r\n* Application servers\r\n* Web application environments\r\n\r\n### How to prevent\r\nThis section describes the top best practices designed to specifically protect your code: \r\n\r\n* Sanitize data input in an HTTP request before reflecting it back, ensuring all data is validated, filtered or escaped before echoing anything back to the user, such as the values of query parameters during searches. \r\n* Convert special characters such as `?`, `&`, `/`, `<`, `>` and spaces to their respective HTML or URL encoded equivalents. \r\n* Give users the option to disable client-side scripts.\r\n* Redirect invalid requests.\r\n* Detect simultaneous logins, including those from two separate IP addresses, and invalidate those sessions.\r\n* Use and enforce a Content Security Policy (source: Wikipedia) to disable any features that might be manipulated for an XSS attack.\r\n* Read the documentation for any of the libraries referenced in your code to understand which elements allow for embedded HTML.\n\n## Remediation\n\nUpgrade `org.eclipse.jetty:jetty-util` to version 9.2.27.v20190403, 9.3.26.v20190403, 9.4.16.v20190411 or higher.\n\n\n## References\n\n- [Eclipse Report](https://bugs.eclipse.org/bugs/show_bug.cgi?id=546121)\n\n- [GitHub Commit](https://github.com/eclipse/jetty.project/commit/ca77bd384a2970cabbbdab25cf6251c6fb76cd21)\n","disclosureTime":"2025-08-15T13:51:54.401Z","exploitMaturity":"mature","from":["net.ruippeixotog:scala-scraper_2.11@1.0.0","net.sourceforge.htmlunit:htmlunit@2.20","org.eclipse.jetty.websocket:websocket-client@9.2.15.v20160210","org.eclipse.jetty.websocket:websocket-common@9.2.15.v20160210","org.eclipse.jetty:jetty-io@9.2.15.v20160210","org.eclipse.jetty:jetty-util@9.2.15.v20160210"],"functions":[],"id":"SNYK-JAVA-ORGECLIPSEJETTY-174479","identifiers":{"CVE":["CVE-2019-10241"],"CWE":["CWE-79"]},"isPatchable":false,"isPinnable":false,"isUpgradable":true,"language":"java","package":"org.eclipse.jetty:jetty-util","packageManager":"maven","patches":[],"publicationTime":"2025-08-15T13:51:54.401Z","semver":{"vulnerable":["[9.2.0.M0,9.2.27.v20190403)","[9.3.0.M0, 9.3.26.v20190403)","[9.4.15.v20190215, 9.4.16.v20190411)"]},"severity":"medium","title":"Cross-site Scripting (XSS)","type":"vuln","upgradePath":["net.ruippeixotog:scala-scraper_2.11@1.2.1","net.sourceforge.htmlunit:htmlunit@2.26","org.eclipse.jetty.websocket:websocket-client@9.4.3.v20170317","org.eclipse.jetty.websocket:websocket-common@9.4.3.v20170317","org.eclipse.jetty:jetty-io@9.4.3.v20170317","org.eclipse.jetty:jetty-util@9.4.3.v20170317"],"url":"https://snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-174479","version":"9.2.15.v20160210"},{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","credit":["Unknown"],"cvssScore":7.5,"description":"## Overview\r\n[org.eclipse.jetty:jetty-util](https://github.com/eclipse/jetty.project) is a lightweight highly scalable java based web server and servlet engine.\r\n\r\nAffected versions of this package are vulnerable to Timing Attacks. A flaw in the `util/security/Password.java` class makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.\r\n\r\n## Remediation\r\nUpgrade `org.eclipse.jetty:jetty-util` to versions 9.2.22, 9.3.20, 9.4.6 or higher.\r\n\r\n## References\r\n- [NVD](https://nvd.nist.gov/vuln/detail/CVE-2017-9735)\r\n- [GitHub Issue](https://github.com/eclipse/jetty.project/issues/1556)","disclosureTime":"2025-08-15T13:51:54.401Z","exploitMaturity":"no-known-exploit","from":["net.ruippeixotog:scala-scraper_2.11@1.0.0","net.sourceforge.htmlunit:htmlunit@2.20","org.eclipse.jetty.websocket:websocket-client@9.2.15.v20160210","org.eclipse.jetty:jetty-util@9.2.15.v20160210"],"functions":[{"functionId":{"className":"org.eclipse.jetty.util.security.Credential","functionName":"check"},"version":["(8.0.4.v20111024 ,9.2.22.v20170606)","[9.3.0, 9.3.20.v20170531)","[9.4.0, 9.4.6.v20170531)"]},{"functionId":{"className":"org.eclipse.jetty.util.security.Password","functionName":"check"},"version":["(8.0.4.v20111024 ,9.2.22.v20170606)","[9.3.0, 9.3.20.v20170531)","[9.4.0, 9.4.6.v20170531)"]}],"id":"SNYK-JAVA-ORGECLIPSEJETTY-32151","identifiers":{"CVE":["CVE-2017-9735"],"CWE":["CWE-200"]},"isPatchable":false,"isPinnable":false,"isUpgradable":true,"language":"java","package":"org.eclipse.jetty:jetty-util","packageManager":"maven","patches":[],"publicationTime":"2025-08-15T13:51:54.401Z","semver":{"vulnerable":["[,9.2.22.v20170606)","[9.3.0.M0, 9.3.20.v20170531)","[9.4.0.M0, 9.4.6.v20170531)"]},"severity":"high","title":"Timing Attack","type":"vuln","upgradePath":["net.ruippeixotog:scala-scraper_2.11@2.1.0","net.sourceforge.htmlunit:htmlunit@2.29","org.eclipse.jetty.websocket:websocket-client@9.4.8.v20171121","org.eclipse.jetty:jetty-util@9.4.8.v20171121"],"url":"https://snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-32151","version":"9.2.15.v20160210"},{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","credit":["Unknown"],"cvssScore":7.5,"description":"## Overview\r\n[org.eclipse.jetty:jetty-util](https://github.com/eclipse/jetty.project) is a lightweight highly scalable java based web server and servlet engine.\r\n\r\nAffected versions of this package are vulnerable to Timing Attacks. A flaw in the `util/security/Password.java` class makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.\r\n\r\n## Remediation\r\nUpgrade `org.eclipse.jetty:jetty-util` to versions 9.2.22, 9.3.20, 9.4.6 or higher.\r\n\r\n## References\r\n- [NVD](https://nvd.nist.gov/vuln/detail/CVE-2017-9735)\r\n- [GitHub Issue](https://github.com/eclipse/jetty.project/issues/1556)","disclosureTime":"2025-08-15T13:51:54.401Z","exploitMaturity":"no-known-exploit","from":["net.ruippeixotog:scala-scraper_2.11@1.0.0","net.sourceforge.htmlunit:htmlunit@2.20","org.eclipse.jetty.websocket:websocket-client@9.2.15.v20160210","org.eclipse.jetty:jetty-io@9.2.15.v20160210","org.eclipse.jetty:jetty-util@9.2.15.v20160210"],"functions":[{"functionId":{"className":"org.eclipse.jetty.util.security.Credential","functionName":"check"},"version":["(8.0.4.v20111024 ,9.2.22.v20170606)","[9.3.0, 9.3.20.v20170531)","[9.4.0, 9.4.6.v20170531)"]},{"functionId":{"className":"org.eclipse.jetty.util.security.Password","functionName":"check"},"version":["(8.0.4.v20111024 ,9.2.22.v20170606)","[9.3.0, 9.3.20.v20170531)","[9.4.0, 9.4.6.v20170531)"]}],"id":"SNYK-JAVA-ORGECLIPSEJETTY-32151","identifiers":{"CVE":["CVE-2017-9735"],"CWE":["CWE-200"]},"isPatchable":false,"isPinnable":false,"isUpgradable":true,"language":"java","package":"org.eclipse.jetty:jetty-util","packageManager":"maven","patches":[],"publicationTime":"2025-08-15T13:51:54.401Z","semver":{"vulnerable":["[,9.2.22.v20170606)","[9.3.0.M0, 9.3.20.v20170531)","[9.4.0.M0, 9.4.6.v20170531)"]},"severity":"high","title":"Timing Attack","type":"vuln","upgradePath":["net.ruippeixotog:scala-scraper_2.11@2.1.0","net.sourceforge.htmlunit:htmlunit@2.29","org.eclipse.jetty.websocket:websocket-client@9.4.8.v20171121","org.eclipse.jetty:jetty-io@9.4.8.v20171121","org.eclipse.jetty:jetty-util@9.4.8.v20171121"],"url":"https://snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-32151","version":"9.2.15.v20160210"},{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","credit":["Unknown"],"cvssScore":7.5,"description":"## Overview\r\n[org.eclipse.jetty:jetty-util](https://github.com/eclipse/jetty.project) is a lightweight highly scalable java based web server and servlet engine.\r\n\r\nAffected versions of this package are vulnerable to Timing Attacks. A flaw in the `util/security/Password.java` class makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.\r\n\r\n## Remediation\r\nUpgrade `org.eclipse.jetty:jetty-util` to versions 9.2.22, 9.3.20, 9.4.6 or higher.\r\n\r\n## References\r\n- [NVD](https://nvd.nist.gov/vuln/detail/CVE-2017-9735)\r\n- [GitHub Issue](https://github.com/eclipse/jetty.project/issues/1556)","disclosureTime":"2025-08-15T13:51:54.401Z","exploitMaturity":"no-known-exploit","from":["net.ruippeixotog:scala-scraper_2.11@1.0.0","net.sourceforge.htmlunit:htmlunit@2.20","org.eclipse.jetty.websocket:websocket-client@9.2.15.v20160210","org.eclipse.jetty.websocket:websocket-common@9.2.15.v20160210","org.eclipse.jetty:jetty-util@9.2.15.v20160210"],"functions":[{"functionId":{"className":"org.eclipse.jetty.util.security.Credential","functionName":"check"},"version":["(8.0.4.v20111024 ,9.2.22.v20170606)","[9.3.0, 9.3.20.v20170531)","[9.4.0, 9.4.6.v20170531)"]},{"functionId":{"className":"org.eclipse.jetty.util.security.Password","functionName":"check"},"version":["(8.0.4.v20111024 ,9.2.22.v20170606)","[9.3.0, 9.3.20.v20170531)","[9.4.0, 9.4.6.v20170531)"]}],"id":"SNYK-JAVA-ORGECLIPSEJETTY-32151","identifiers":{"CVE":["CVE-2017-9735"],"CWE":["CWE-200"]},"isPatchable":false,"isPinnable":false,"isUpgradable":true,"language":"java","package":"org.eclipse.jetty:jetty-util","packageManager":"maven","patches":[],"publicationTime":"2025-08-15T13:51:54.401Z","semver":{"vulnerable":["[,9.2.22.v20170606)","[9.3.0.M0, 9.3.20.v20170531)","[9.4.0.M0, 9.4.6.v20170531)"]},"severity":"high","title":"Timing Attack","type":"vuln","upgradePath":["net.ruippeixotog:scala-scraper_2.11@2.1.0","net.sourceforge.htmlunit:htmlunit@2.29","org.eclipse.jetty.websocket:websocket-client@9.4.8.v20171121","org.eclipse.jetty.websocket:websocket-common@9.4.8.v20171121","org.eclipse.jetty:jetty-util@9.4.8.v20171121"],"url":"https://snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-32151","version":"9.2.15.v20160210"},{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","credit":["Unknown"],"cvssScore":7.5,"description":"## Overview\r\n[org.eclipse.jetty:jetty-util](https://github.com/eclipse/jetty.project) is a lightweight highly scalable java based web server and servlet engine.\r\n\r\nAffected versions of this package are vulnerable to Timing Attacks. A flaw in the `util/security/Password.java` class makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.\r\n\r\n## Remediation\r\nUpgrade `org.eclipse.jetty:jetty-util` to versions 9.2.22, 9.3.20, 9.4.6 or higher.\r\n\r\n## References\r\n- [NVD](https://nvd.nist.gov/vuln/detail/CVE-2017-9735)\r\n- [GitHub Issue](https://github.com/eclipse/jetty.project/issues/1556)","disclosureTime":"2025-08-15T13:51:54.401Z","exploitMaturity":"no-known-exploit","from":["net.ruippeixotog:scala-scraper_2.11@1.0.0","net.sourceforge.htmlunit:htmlunit@2.20","org.eclipse.jetty.websocket:websocket-client@9.2.15.v20160210","org.eclipse.jetty.websocket:websocket-common@9.2.15.v20160210","org.eclipse.jetty:jetty-io@9.2.15.v20160210","org.eclipse.jetty:jetty-util@9.2.15.v20160210"],"functions":[{"functionId":{"className":"org.eclipse.jetty.util.security.Credential","functionName":"check"},"version":["(8.0.4.v20111024 ,9.2.22.v20170606)","[9.3.0, 9.3.20.v20170531)","[9.4.0, 9.4.6.v20170531)"]},{"functionId":{"className":"org.eclipse.jetty.util.security.Password","functionName":"check"},"version":["(8.0.4.v20111024 ,9.2.22.v20170606)","[9.3.0, 9.3.20.v20170531)","[9.4.0, 9.4.6.v20170531)"]}],"id":"SNYK-JAVA-ORGECLIPSEJETTY-32151","identifiers":{"CVE":["CVE-2017-9735"],"CWE":["CWE-200"]},"isPatchable":false,"isPinnable":false,"isUpgradable":true,"language":"java","package":"org.eclipse.jetty:jetty-util","packageManager":"maven","patches":[],"publicationTime":"2025-08-15T13:51:54.401Z","semver":{"vulnerable":["[,9.2.22.v20170606)","[9.3.0.M0, 9.3.20.v20170531)","[9.4.0.M0, 9.4.6.v20170531)"]},"severity":"high","title":"Timing Attack","type":"vuln","upgradePath":["net.ruippeixotog:scala-scraper_2.11@2.1.0","net.sourceforge.htmlunit:htmlunit@2.29","org.eclipse.jetty.websocket:websocket-client@9.4.8.v20171121","org.eclipse.jetty.websocket:websocket-common@9.4.8.v20171121","org.eclipse.jetty:jetty-io@9.4.8.v20171121","org.eclipse.jetty:jetty-util@9.4.8.v20171121"],"url":"https://snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-32151","version":"9.2.15.v20160210"},{"CVSSv3":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","credit":["Unknown"],"cvssScore":7.8,"description":"## Overview\nAffected versions of [`org.scala-lang:scala-compiler`](https://scala-lang.org) are vulnerable to Arbitrary Code Execution.\n\nThe compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, and 2.12.x before 2.12.4 uses weak permissions for private files in /tmp/scala-devel/${USER:shared}/scalac-compile-server-port, which allows local users to write to arbitrary class files and consequently gain privileges.\n\n## Remediation\nUpgrade `org.scala-lang:scala-compiler` to version 2.12.4 or higher.\n\n## References\n- [NVD](https://nvd.nist.gov/vuln/detail/CVE-2017-15288)\n- [GitHub PR #1](https://github.com/scala/scala/pull/6108)\n- [GitHub PR #2](https://github.com/scala/scala/pull/6120)\n- [GitHub PR #3](https://github.com/scala/scala/pull/6128)\n- [GitHub Commit #1](https://github.com/scala/scala/commit/f3419fc358a8ea6e366538126279da88d4d1fb1f)\n- [GitHub Commit #2](https://github.com/scala/scala/commit/67fcf5ce4496000574676d81ed72e4a6cb9e7757)\n- [GitHub Commit #3](https://github.com/scala/scala/commit/0f624c5e5bdb39967e208c7c16067c3e6c903f1f)\n","disclosureTime":"2025-08-15T13:51:54.401Z","exploitMaturity":"no-known-exploit","from":["net.ruippeixotog:scala-scraper_2.11@1.0.0","org.scala-lang:scala-compiler@2.11.8"],"functions":[],"id":"SNYK-JAVA-ORGSCALALANG-31592","identifiers":{"CVE":["CVE-2017-15288"],"CWE":["CWE-94"]},"isPatchable":false,"isPinnable":false,"isUpgradable":true,"language":"java","package":"org.scala-lang:scala-compiler","packageManager":"maven","patches":[],"publicationTime":"2025-08-15T13:51:54.401Z","semver":{"vulnerable":["[,2.10.7),[2.11,2.11.12),[2.12,2.12.4)"]},"severity":"high","title":"Arbitrary Code Execution","type":"vuln","upgradePath":["net.ruippeixotog:scala-scraper_2.11@1.1.0"],"url":"https://snyk.io/vuln/SNYK-JAVA-ORGSCALALANG-31592","version":"2.11.8"}]},"licensesPolicy":null,"ok":false,"org":{"id":"4a18d42f-0706-4ad0-b127-24078731fbed","name":"atokeneduser"},"packageManager":"sbt"}}}}},"description":"OK","headers":{}}},"summary":"Test sbt file","tags":["Test"]}},"/test/sbt/{groupId}/{artifactId}/{version}":{"get":{"description":"You can test `sbt` packages for issues according to their group ID, artifact ID and version. This is done via the maven endpoint (for Java), since the packages are hosted on maven central or a compatible repository. See \"Maven\" above for details.","parameters":[{"description":"The package's group ID.","example":"org.apache.flex.blazeds","in":"path","name":"groupId","required":true,"schema":{"type":"string"}},{"description":"The package's artifact ID.","example":"blazeds","in":"path","name":"artifactId","required":true,"schema":{"type":"string"}},{"description":"The package version to test.","example":"4.7.2","in":"path","name":"version","required":true,"schema":{"type":"string"}},{"description":"The organization to test the package with. See \"The Snyk organization for a request\" above.","example":"9695cbb1-3a87-4d6f-8ae1-61a1c37ee9f7","in":"query","name":"org","required":false,"schema":{"type":"string"}},{"description":"The repository hosting this package. The default value is Maven Central. More than one value is supported, in order.","example":"https://repo1.maven.org/maven2","in":"query","name":"repository","required":false,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":{"dependencyCount":1,"issues":{"licenses":[],"vulnerabilities":[{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","credit":["Markus Wulftange"],"cvssScore":9.8,"description":"## Overview\n\n[org.apache.flex.blazeds:blazeds](https://github.com/apache/flex-blazeds) is an application development framework for easily building Flash-based applications for mobile devices, web browsers, and desktops.\n\n\nAffected versions of this package are vulnerable to Arbitrary Code Execution.\nThe AMF deserialization implementation of Flex BlazeDS is vulnerable to Deserialization of Untrusted Data. By sending a specially crafted AMF message, it is possible to make the server establish a connection to an endpoint specified in the message and request an RMI remote object from that endpoint. This can result in the execution of arbitrary code on the server via Java deserialization.\r\n\r\nStarting with BlazeDS version `4.7.3`, Deserialization of XML is disabled completely per default, while the `ClassDeserializationValidator` allows deserialization of whitelisted classes only. BlazeDS internally comes with the following whitelist:\r\n```\r\nflex.messaging.io.amf.ASObject\r\nflex.messaging.io.amf.SerializedObject\r\nflex.messaging.io.ArrayCollection\r\nflex.messaging.io.ArrayList\r\nflex.messaging.messages.AcknowledgeMessage\r\nflex.messaging.messages.AcknowledgeMessageExt\r\nflex.messaging.messages.AsyncMessage\r\nflex.messaging.messages.AsyncMessageExt\r\nflex.messaging.messages.CommandMessage\r\nflex.messaging.messages.CommandMessageExt\r\nflex.messaging.messages.ErrorMessage\r\nflex.messaging.messages.HTTPMessage\r\nflex.messaging.messages.RemotingMessage\r\nflex.messaging.messages.SOAPMessage\r\njava.lang.Boolean\r\njava.lang.Byte\r\njava.lang.Character\r\njava.lang.Double\r\njava.lang.Float\r\njava.lang.Integer\r\njava.lang.Long\r\njava.lang.Object\r\njava.lang.Short\r\njava.lang.String\r\njava.util.ArrayList\r\njava.util.Date\r\njava.util.HashMap\r\norg.w3c.dom.Document\r\n```\n\n## Remediation\n\nUpgrade `org.apache.flex.blazeds:blazeds` to version 4.7.3 or higher.\n\n\n## References\n\n- [CVE-2017-3066](https://nvd.nist.gov/vuln/detail/CVE-2017-5641)\n\n- [Github Commit](https://github.com/apache/flex-blazeds/commit/f861f0993c35e664906609cad275e45a71e2aaf1)\n\n- [Github Release Notes](https://github.com/apache/flex-blazeds/blob/master/RELEASE_NOTES)\n\n- [Securitytracker Issue](http://www.securitytracker.com/id/1038364)\n","disclosureTime":"2025-08-15T13:51:54.401Z","exploitMaturity":"no-known-exploit","from":["org.apache.flex.blazeds:blazeds@4.7.2"],"functions":[],"id":"SNYK-JAVA-ORGAPACHEFLEXBLAZEDS-31455","identifiers":{"CVE":["CVE-2017-5641"],"CWE":["CWE-502"]},"isPatchable":false,"isPinnable":false,"isUpgradable":true,"language":"java","package":"org.apache.flex.blazeds:blazeds","packageManager":"maven","patches":[],"publicationTime":"2025-08-15T13:51:54.401Z","semver":{"vulnerable":["[,4.7.3)"]},"severity":"critical","title":"Arbitrary Code Execution","type":"vuln","upgradePath":["org.apache.flex.blazeds:blazeds@4.7.3"],"url":"https://snyk.io/vuln/SNYK-JAVA-ORGAPACHEFLEXBLAZEDS-31455","version":"4.7.2"}]},"licensesPolicy":null,"ok":false,"org":{"id":"689ce7f9-7943-4a71-b704-2ba575f01089","name":"atokeneduser"},"packageManager":"maven"}}}}},"description":"OK","headers":{}}},"summary":"Test for issues in a public package by group id, artifact id and version","tags":["Test"]}},"/test/yarn":{"post":{"description":"You can test your yarn packages for issues according to their manifest file & lockfile using this action. It takes a JSON object containing a \"target\" `package.json` and a `yarn.lock`.","operationId":"Test package.json & yarn.lock File","requestBody":{"content":{"application/json":{"schema":{"example":{"encoding":"plain","files":{"additional":[{"contents":"# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.\\r\\n# yarn lockfile v1\\r\\n\\r\\n\\r\\nnode-uuid@1.4.0:\\r\\n version \\\"1.4.0\\\"\\r\\n resolved \\\"https:\\/\\/registry.yarnpkg.com\\/node-uuid\\/-\\/node-uuid-1.4.0.tgz#07f9b2337572ff6275c775e1d48513f3a45d7a65\\\"\\r\\n integrity sha1-B\\/myM3Vy\\/2J1x3Xh1IUT86RdemU=\\r\\n\\r\\nqs@0.0.6:\\r\\n version \\\"0.0.6\\\"\\r\\n resolved \\\"https:\\/\\/registry.yarnpkg.com\\/qs\\/-\\/qs-0.0.6.tgz#481659b7e5bf6a5ea898010de5aed35eb469e124\\\"\\r\\n integrity sha1-SBZZt+W\\/al6omAEN5a7TXrRp4SQ=\\r\\n"}],"target":{"contents":"{ \"name\": \"shallow-goof\", \"version\": \"0.0.1\", \"description\": \"A vulnerable demo application\", \"homepage\": \"https://snyk.io/\", \"repository\": { \"type\": \"git\", \"url\": \"https://github.com/Snyk/shallow-goof\" }, \"dependencies\": { \"node-uuid\": \"1.4.0\", \"qs\": \"0.0.6\" } }"}}},"properties":{"encoding":{"default":"plain","description":"the encoding for the manifest files sent.","enum":["plain","base64"],"type":"string"},"files":{"description":"The manifest files:","properties":{"additional":{"description":"a lockfile can be sent (if needed), encoded according the the \"encoding\" field.","items":{},"type":"array"},"target":{"description":"the `package.json` file, encoded according the the \"encoding\" field.","properties":{"contents":{"description":"the contents of `package.json` as a string.","type":"string"}},"required":["contents"],"type":"object"}},"required":["target"],"type":"object"}},"required":["files"],"type":"object"}}}},"responses":{"200":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":{"dependencyCount":2,"issues":{"licenses":[],"vulnerabilities":[{"CVSSv3":"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","credit":["Fedot Praslov"],"cvssScore":4.2,"description":"## Overview\n[`node-uuid`](https://github.com/kelektiv/node-uuid) is a Simple, fast generation of RFC4122 UUIDS.\n\nAffected versions of this package are vulnerable to Insecure Randomness. It uses the cryptographically insecure `Math.random` which can produce predictable values and should not be used in security-sensitive context.\n\n## Remediation\nUpgrade `node-uuid` to version 1.4.4 or greater.\n\n## References\n- [GitHub Issue](https://github.com/broofa/node-uuid/issues/108)\n- [GitHub Issue 2](https://github.com/broofa/node-uuid/issues/122)\n","disclosureTime":"2025-08-15T13:51:54.401Z","exploitMaturity":"no-known-exploit","from":["node-uuid@1.4.0"],"functions":[],"id":"npm:node-uuid:20160328","identifiers":{"ALTERNATIVE":["SNYK-JS-NODEUUID-10089"],"CVE":[],"CWE":["CWE-330"],"NSP":[93]},"isPatchable":false,"isPinnable":false,"isUpgradable":true,"language":"js","package":"node-uuid","packageManager":"npm","patches":[{"comments":[],"id":"patch:npm:node-uuid:20160328:0","modificationTime":"2025-08-15T13:51:54.401Z","urls":["https://snyk-patches.s3.amazonaws.com/npm/node-uuid/20160328/node-uuid_20160328_0_0_616ad3800f35cf58089215f420db9654801a5a02.patch"],"version":"<=1.4.3 >=1.4.2"}],"publicationTime":"2025-08-15T13:51:54.401Z","semver":{"vulnerable":["<1.4.4"]},"severity":"medium","title":"Insecure Randomness","type":"vuln","upgradePath":["node-uuid@1.4.6"],"url":"https://snyk.io/vuln/npm:node-uuid:20160328","version":"1.4.0"},{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","credit":["Dustin Shiver"],"cvssScore":7.5,"description":"## Overview\n\n[qs](https://www.npmjs.com/package/qs) is a querystring parser that supports nesting and arrays, with a depth limit.\n\n\nAffected versions of this package are vulnerable to Denial of Service (Memory Exhaustion).\nDuring parsing, the `qs` module may create a sparse area (an array where no elements are filled), and grow that array to the necessary size based on the indices used on it. An attacker can specify a high index value in a query string, thus making the server allocate a respectively big array. Truly large values can cause the server to run out of memory and cause it to crash - thus enabling a Denial-of-Service attack.\n\n## Remediation\n\nUpgrade `qs` to version 1.0.0 or higher.\n\n\n## Details\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.\r\n\r\nUnlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.\r\n\r\nOne popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.\r\n\r\nWhen it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.\r\n\r\nTwo common types of DoS vulnerabilities:\r\n\r\n* High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, [commons-fileupload:commons-fileupload](SNYK-JAVA-COMMONSFILEUPLOAD-30082).\r\n\r\n* Crash - An attacker sending crafted requests that could cause the system to crash. For Example, [npm `ws` package](npm:ws:20171108)\n\n## References\n\n- [GitHub Commit](https://github.com/tj/node-querystring/pull/114/commits/43a604b7847e56bba49d0ce3e222fe89569354d8)\n\n- [GitHub Issue](https://github.com/visionmedia/node-querystring/issues/104)\n\n- [NVD](https://nvd.nist.gov/vuln/detail/CVE-2014-7191)\n","disclosureTime":"2025-08-15T13:51:54.401Z","exploitMaturity":"no-known-exploit","from":["qs@0.0.6"],"functions":[{"functionId":{"filePath":"index.js","functionName":"compact"},"version":["<1.0.0"]}],"id":"npm:qs:20140806","identifiers":{"ALTERNATIVE":["SNYK-JS-QS-10019"],"CVE":["CVE-2014-7191"],"CWE":["CWE-400"],"NSP":[29]},"isPatchable":false,"isPinnable":false,"isUpgradable":true,"language":"js","package":"qs","packageManager":"npm","patches":[{"comments":[],"id":"patch:npm:qs:20140806:0","modificationTime":"2025-08-15T13:51:54.401Z","urls":["https://snyk-patches.s3.amazonaws.com/npm/qs/20140806/qs_20140806_0_0_43a604b7847e56bba49d0ce3e222fe89569354d8_snyk.patch"],"version":"<1.0.0 >=0.6.5"},{"comments":[],"id":"patch:npm:qs:20140806:1","modificationTime":"2025-08-15T13:51:54.401Z","urls":["https://snyk-patches.s3.amazonaws.com/npm/qs/20140806/qs_20140806_0_1_snyk_npm.patch"],"version":"=0.5.6"}],"publicationTime":"2025-08-15T13:51:54.401Z","semver":{"vulnerable":["<1.0.0"]},"severity":"high","title":"Denial of Service (Memory Exhaustion)","type":"vuln","upgradePath":["qs@1.0.0"],"url":"https://snyk.io/vuln/npm:qs:20140806","version":"0.0.6"},{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","credit":["Tom Steele"],"cvssScore":6.5,"description":"## Overview\n\n[qs](https://www.npmjs.com/package/qs) is a querystring parser that supports nesting and arrays, with a depth limit.\n\n\nAffected versions of this package are vulnerable to Denial of Service (Event Loop Blocking).\nWhen parsing a string representing a deeply nested object, qs will block the event loop for long periods of time. Such a delay may hold up the server's resources, keeping it from processing other requests in the meantime, thus enabling a Denial-of-Service attack.\n\n## Details\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.\r\n\r\nUnlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.\r\n\r\nOne popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.\r\n\r\nWhen it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.\r\n\r\nTwo common types of DoS vulnerabilities:\r\n\r\n* High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, [commons-fileupload:commons-fileupload](SNYK-JAVA-COMMONSFILEUPLOAD-30082).\r\n\r\n* Crash - An attacker sending crafted requests that could cause the system to crash. For Example, [npm `ws` package](npm:ws:20171108)\n\n## Remediation\n\nUpgrade `qs` to version 1.0.0 or higher.\n\n\n## References\n\n- [Node Security Advisory](https://nodesecurity.io/advisories/28)\n","disclosureTime":"2025-08-15T13:51:54.401Z","exploitMaturity":"no-known-exploit","from":["qs@0.0.6"],"functions":[],"id":"npm:qs:20140806-1","identifiers":{"ALTERNATIVE":["SNYK-JS-QS-10020"],"CVE":["CVE-2014-10064"],"CWE":["CWE-400"],"NSP":[28]},"isPatchable":false,"isPinnable":false,"isUpgradable":true,"language":"js","package":"qs","packageManager":"npm","patches":[{"comments":[],"id":"patch:npm:qs:20140806-1:1","modificationTime":"2025-08-15T13:51:54.401Z","urls":["https://snyk-patches.s3.amazonaws.com/npm/qs/20140806-1/qs_20140806-1_0_1_snyk.patch"],"version":"=0.5.6"},{"comments":[],"id":"patch:npm:qs:20140806-1:0","modificationTime":"2025-08-15T13:51:54.401Z","urls":["https://snyk-patches.s3.amazonaws.com/npm/qs/20140806-1/qs_20140806-1_0_0_snyk.patch"],"version":"<1.0.0 >=0.6.5"}],"publicationTime":"2025-08-15T13:51:54.401Z","semver":{"vulnerable":["<1.0.0"]},"severity":"medium","title":"Denial of Service (Event Loop Blocking)","type":"vuln","upgradePath":["qs@1.0.0"],"url":"https://snyk.io/vuln/npm:qs:20140806-1","version":"0.0.6"},{"CVSSv3":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","credit":["Snyk Security Research Team"],"cvssScore":7.5,"description":"## Overview\n\n[qs](https://www.npmjs.com/package/qs) is a querystring parser that supports nesting and arrays, with a depth limit.\n\n\nAffected versions of this package are vulnerable to Prototype Override Protection Bypass.\nBy default `qs` protects against attacks that attempt to overwrite an object's existing prototype properties, such as `toString()`, `hasOwnProperty()`,etc.\r\n\r\nFrom [`qs` documentation](https://github.com/ljharb/qs):\r\n> By default parameters that would overwrite properties on the object prototype are ignored, if you wish to keep the data from those fields either use plainObjects as mentioned above, or set allowPrototypes to true which will allow user input to overwrite those properties. WARNING It is generally a bad idea to enable this option as it can cause problems when attempting to use the properties that have been overwritten. Always be careful with this option.\r\n\r\nOverwriting these properties can impact application logic, potentially allowing attackers to work around security controls, modify data, make the application unstable and more.\r\n\r\nIn versions of the package affected by this vulnerability, it is possible to circumvent this protection and overwrite prototype properties and functions by prefixing the name of the parameter with `[` or `]`. e.g. `qs.parse(\"]=toString\")` will return `{toString = true}`, as a result, calling `toString()` on the object will throw an exception.\r\n\r\n**Example:**\r\n```js\r\nqs.parse('toString=foo', { allowPrototypes: false })\r\n// {}\r\n\r\nqs.parse(\"]=toString\", { allowPrototypes: false })\r\n// {toString = true} <== prototype overwritten\r\n```\r\n\r\nFor more information, you can check out our [blog](https://snyk.io/blog/high-severity-vulnerability-qs/).\r\n\r\n## Disclosure Timeline\r\n- February 13th, 2017 - Reported the issue to package owner.\r\n- February 13th, 2017 - Issue acknowledged by package owner.\r\n- February 16th, 2017 - Partial fix released in versions `6.0.3`, `6.1.1`, `6.2.2`, `6.3.1`.\r\n- March 6th, 2017 - Final fix released in versions `6.4.0`,`6.3.2`, `6.2.3`, `6.1.2` and `6.0.4`\n\n## Remediation\n\nUpgrade `qs` to version 6.0.4, 6.1.2, 6.2.3, 6.3.2 or higher.\n\n\n## References\n\n- [GitHub Commit](https://github.com/ljharb/qs/commit/beade029171b8cef9cee0d03ebe577e2dd84976d)\n\n- [Report of an insufficient fix](https://github.com/ljharb/qs/issues/200)\n","disclosureTime":"2025-08-15T13:51:54.402Z","exploitMaturity":"no-known-exploit","from":["qs@0.0.6"],"functions":[{"functionId":{"filePath":"lib/parse.js","functionName":"internals.parseObject"},"version":["<6.0.4"]},{"functionId":{"filePath":"lib/parse.js","functionName":"parseObject"},"version":[">=6.2.0 <6.2.3","6.3.0"]},{"functionId":{"filePath":"lib/parse.js","functionName":"parseObjectRecursive"},"version":[">=6.3.1 <6.3.2"]}],"id":"npm:qs:20170213","identifiers":{"ALTERNATIVE":["SNYK-JS-QS-10407"],"CVE":["CVE-2017-1000048"],"CWE":["CWE-20"]},"isPatchable":false,"isPinnable":false,"isUpgradable":true,"language":"js","package":"qs","packageManager":"npm","patches":[{"comments":[],"id":"patch:npm:qs:20170213:7","modificationTime":"2025-08-15T13:51:54.402Z","urls":["https://snyk-patches.s3.amazonaws.com/npm/qs/20170213/603_604.patch"],"version":"=6.0.3"},{"comments":[],"id":"patch:npm:qs:20170213:6","modificationTime":"2025-08-15T13:51:54.402Z","urls":["https://snyk-patches.s3.amazonaws.com/npm/qs/20170213/602_604.patch"],"version":"=6.0.2"},{"comments":[],"id":"patch:npm:qs:20170213:5","modificationTime":"2025-08-15T13:51:54.402Z","urls":["https://snyk-patches.s3.amazonaws.com/npm/qs/20170213/611_612.patch"],"version":"=6.1.1"},{"comments":[],"id":"patch:npm:qs:20170213:4","modificationTime":"2025-08-15T13:51:54.402Z","urls":["https://snyk-patches.s3.amazonaws.com/npm/qs/20170213/610_612.patch"],"version":"=6.1.0"},{"comments":[],"id":"patch:npm:qs:20170213:3","modificationTime":"2025-08-15T13:51:54.402Z","urls":["https://snyk-patches.s3.amazonaws.com/npm/qs/20170213/622_623.patch"],"version":"=6.2.2"},{"comments":[],"id":"patch:npm:qs:20170213:2","modificationTime":"2025-08-15T13:51:54.402Z","urls":["https://snyk-patches.s3.amazonaws.com/npm/qs/20170213/621_623.patch"],"version":"=6.2.1"},{"comments":[],"id":"patch:npm:qs:20170213:1","modificationTime":"2025-08-15T13:51:54.402Z","urls":["https://snyk-patches.s3.amazonaws.com/npm/qs/20170213/631_632.patch"],"version":"=6.3.1"},{"comments":[],"id":"patch:npm:qs:20170213:0","modificationTime":"2025-08-15T13:51:54.402Z","urls":["https://snyk-patches.s3.amazonaws.com/npm/qs/20170213/630_632.patch"],"version":"=6.3.0"}],"publicationTime":"2025-08-15T13:51:54.402Z","semver":{"vulnerable":["<6.0.4",">=6.1.0 <6.1.2",">=6.2.0 <6.2.3",">=6.3.0 <6.3.2"]},"severity":"high","title":"Prototype Override Protection Bypass","type":"vuln","upgradePath":["qs@6.0.4"],"url":"https://snyk.io/vuln/npm:qs:20170213","version":"0.0.6"}]},"licensesPolicy":null,"ok":false,"org":{"id":"689ce7f9-7943-4a71-b704-2ba575f01089","name":"atokeneduser"},"packageManager":"yarn"}}}}},"description":"OK","headers":{}}},"summary":"Test package.json & yarn.lock File","tags":["Test"]}},"/user/me":{"get":{"description":"","operationId":"Get My Details","responses":{"200":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":{"email":"","id":"","orgs":[],"username":""}}},"schema":{"properties":{"email":{"description":"The email of the user.","type":"string"},"id":{"description":"The id of the user.","type":"string"},"orgs":{"description":"The organizations that the user belongs to."},"username":{"description":"The username of the user.","type":"string"}},"type":"object"}}},"description":"OK","headers":{}},"401":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":{}}}}},"description":"`API_KEY` is invalid.","headers":{}}},"summary":"Get My Details","tags":["Users"]}},"/user/me/notification-settings/org/{orgId}":{"get":{"description":"","operationId":"Get organization notification settings","parameters":[{"description":"The organization ID. The `API_KEY` must have access to this organization.","example":"4a18d42f-0706-4ad0-b127-24078731fbed","in":"path","name":"orgId","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":{"new-issues-remediations":{"enabled":true,"inherited":false,"issueSeverity":"high","issueType":"vuln"},"project-imported":{"enabled":true,"inherited":false},"test-limit":{"enabled":true,"inherited":false},"weekly-report":{"enabled":true,"inherited":false}}}},"schema":{"properties":{"new-issues-remediations":{"properties":{"enabled":{"description":"Whether notifications should be sent","type":"boolean"},"inherited":{"description":"Whether the setting was found on the requested context directly or inherited from a parent","type":"boolean"},"issueSeverity":{"description":"The severity levels of issues to send notifications for (only applicable for `new-remediations-vulnerabilities` notificationType)","enum":["all","high"],"type":"string"},"issueType":{"description":"Filter the types of issue to include in notifications (only applicable for `new-remediations-vulnerabilities` notificationType)","enum":["all","vuln","license","none"],"type":"string"}},"required":["enabled","issueSeverity","issueType"],"type":"object"},"project-imported":{"properties":{"enabled":{"description":"Whether notifications should be sent","type":"boolean"},"inherited":{"description":"Whether the setting was found on the requested context directly or inherited from a parent","type":"boolean"}},"required":["enabled"],"type":"object"},"test-limit":{"properties":{"enabled":{"description":"Whether notifications should be sent","type":"boolean"},"inherited":{"description":"Whether the setting was found on the requested context directly or inherited from a parent","type":"boolean"}},"required":["enabled"],"type":"object"},"weekly-report":{"properties":{"enabled":{"description":"Whether notifications should be sent","type":"boolean"},"inherited":{"description":"Whether the setting was found on the requested context directly or inherited from a parent","type":"boolean"}},"required":["enabled"],"type":"object"}},"type":"object"}}},"description":"OK","headers":{}}},"summary":"Get organization notification settings","tags":["Users"]},"put":{"description":"","operationId":"Modify organization notification settings","parameters":[{"description":"Automatically added","in":"path","name":"orgId","required":true,"schema":{"type":"string"}}],"requestBody":{"$ref":"#/components/requestBodies/Modify_organization_notification_settingsBody"},"responses":{"200":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":{"new-issues-remediations":{"enabled":true,"inherited":false,"issueSeverity":"high","issueType":"vuln"},"project-imported":{"enabled":true,"inherited":false},"test-limit":{"enabled":true,"inherited":false},"weekly-report":{"enabled":true,"inherited":false}}}},"schema":{"properties":{"new-issues-remediations":{"properties":{"enabled":{"description":"Whether notifications should be sent","type":"boolean"},"inherited":{"description":"Whether the setting was found on the requested context directly or inherited from a parent","type":"boolean"},"issueSeverity":{"description":"The severity levels of issues to send notifications for (only applicable for `new-remediations-vulnerabilities` notificationType)","enum":["all","high"],"type":"string"},"issueType":{"description":"Filter the types of issue to include in notifications (only applicable for `new-remediations-vulnerabilities` notificationType)","enum":["all","vuln","license","none"],"type":"string"}},"required":["enabled","issueSeverity","issueType"],"type":"object"},"project-imported":{"properties":{"enabled":{"description":"Whether notifications should be sent","type":"boolean"},"inherited":{"description":"Whether the setting was found on the requested context directly or inherited from a parent","type":"boolean"}},"required":["enabled"],"type":"object"},"test-limit":{"properties":{"enabled":{"description":"Whether notifications should be sent","type":"boolean"},"inherited":{"description":"Whether the setting was found on the requested context directly or inherited from a parent","type":"boolean"}},"required":["enabled"],"type":"object"},"weekly-report":{"properties":{"enabled":{"description":"Whether notifications should be sent","type":"boolean"},"inherited":{"description":"Whether the setting was found on the requested context directly or inherited from a parent","type":"boolean"}},"required":["enabled"],"type":"object"}},"type":"object"}}},"description":"OK","headers":{}}},"summary":"Modify organization notification settings","tags":["Users"]}},"/user/me/notification-settings/org/{orgId}/project/{projectId}":{"get":{"description":"","operationId":"Get project notification settings","parameters":[{"description":"The organization ID. The `API_KEY` must have access to this organization.","example":"4a18d42f-0706-4ad0-b127-24078731fbed","in":"path","name":"orgId","required":true,"schema":{"type":"string"}},{"description":"The project ID to return notification settings for.","example":"6d5813be-7e6d-4ab8-80c2-1e3e2a454545","in":"path","name":"projectId","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":{"new-issues-remediations":{"enabled":true,"inherited":false,"issueSeverity":"high","issueType":"vuln"},"project-imported":{"enabled":true,"inherited":false},"test-limit":{"enabled":true,"inherited":false},"weekly-report":{"enabled":true,"inherited":false}}}},"schema":{"properties":{"new-issues-remediations":{"properties":{"enabled":{"description":"Whether notifications should be sent","type":"boolean"},"inherited":{"description":"Whether the setting was found on the requested context directly or inherited from a parent","type":"boolean"},"issueSeverity":{"description":"The severity levels of issues to send notifications for (only applicable for `new-remediations-vulnerabilities` notificationType)","enum":["all","high"],"type":"string"},"issueType":{"description":"Filter the types of issue to include in notifications (only applicable for `new-remediations-vulnerabilities` notificationType)","enum":["all","vuln","license","none"],"type":"string"}},"required":["enabled","issueSeverity","issueType"],"type":"object"},"project-imported":{"properties":{"enabled":{"description":"Whether notifications should be sent","type":"boolean"},"inherited":{"description":"Whether the setting was found on the requested context directly or inherited from a parent","type":"boolean"}},"required":["enabled"],"type":"object"},"test-limit":{"properties":{"enabled":{"description":"Whether notifications should be sent","type":"boolean"},"inherited":{"description":"Whether the setting was found on the requested context directly or inherited from a parent","type":"boolean"}},"required":["enabled"],"type":"object"},"weekly-report":{"properties":{"enabled":{"description":"Whether notifications should be sent","type":"boolean"},"inherited":{"description":"Whether the setting was found on the requested context directly or inherited from a parent","type":"boolean"}},"required":["enabled"],"type":"object"}},"type":"object"}}},"description":"OK","headers":{}}},"summary":"Get project notification settings","tags":["Users"]},"put":{"description":"","operationId":"Modify project notification settings","parameters":[{"description":"Automatically added","in":"path","name":"orgId","required":true,"schema":{"type":"string"}},{"description":"Automatically added","in":"path","name":"projectId","required":true,"schema":{"type":"string"}}],"requestBody":{"content":{"application/json":{"schema":{"example":{"new-issues-remediations":{"enabled":true,"issueSeverity":"high","issueType":"vuln"}},"properties":{"new-issues-remediations":{"properties":{"enabled":{"description":"Whether notifications should be sent","type":"boolean"},"issueSeverity":{"description":"The severity levels of issues to send notifications for (only applicable for `new-remediations-vulnerabilities` notificationType)","enum":["all","high"],"type":"string"},"issueType":{"description":"Filter the types of issue to include in notifications (only applicable for `new-remediations-vulnerabilities` notificationType)","enum":["all","vuln","license","none"],"type":"string"}},"required":["enabled","issueSeverity","issueType"],"type":"object"}},"type":"object"}}}},"responses":{"200":{"description":"OK","headers":{}}},"summary":"Modify project notification settings","tags":["Users"]}},"/user/{userId}":{"get":{"description":"","operationId":"Get User Details","parameters":[{"description":"The users ID. The `API_KEY` must have admin access to at least one group or organization where the requested user is a member and must have the `api` entitlement on their preferred organization.","example":"4a18d42f-0706-4ad0-b127-24078731fbed","in":"path","name":"userId","required":true,"schema":{"type":"string"}}],"responses":{"200":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":{"email":"","id":"","name":"","username":""}}},"schema":{"properties":{"email":{"description":"The email of the user.","type":"string"},"id":{"description":"The id of the user.","type":"string"},"name":{"description":"The name of the user.","type":"string"},"username":{"description":"The username of the user.","type":"string"}},"type":"object"}}},"description":"OK","headers":{}},"400":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":{}}}}},"description":"The provided `id` is not in a valid format.","headers":{}},"401":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":{}}}}},"description":"`API_KEY` is invalid.","headers":{}},"404":{"content":{"application/json; charset=utf-8":{"examples":{"response":{"value":{}}}}},"description":"The requested user could not be found or caller does not have sufficient permissions.","headers":{}}},"summary":"Get User Details","tags":["Users"]}}},"components":{"requestBodies":{"Add_a_tag_to_a_projectBody":{"content":{"application/json":{"schema":{"example":{"key":"example-tag-key","value":"example-tag-value"},"properties":{"key":{"description":"Alphanumeric including - and _ with a limit of 30 characters","type":"string"},"value":{"description":"Alphanumeric including - and _ with a limit of 50 characters","type":"string"}},"type":"object"}}}},"Get_latest_issue_countsBody":{"content":{"application/json":{"schema":{"example":{"filters":{"fixable":false,"ignored":false,"isPatchable":false,"isPinnable":false,"isUpgradable":false,"languages":["node","javascript","ruby","java","scala","python","golang","php","dotnet","swift-objective-c","elixir","docker","linux","dockerfile","terraform","kubernetes","helm","cloudformation"],"orgs":[],"patched":false,"priorityScore":{"max":1000,"min":0},"projects":[],"severity":["critical","high","medium","low"],"types":["vuln","license","configuration"]}},"properties":{"filters":{"properties":{"fixable":{"description":"If set to `true`, only include issues which are fixable, if set to `false`, only include issues which are not fixable. An issue is fixable if it is either upgradable, patchable or pinnable. Also see isUpgradable, isPatchable and isPinnable filters.","type":"boolean"},"ignored":{"description":"If set to `true`, only include issues which are ignored, if set to `false`, only include issues which are not ignored","type":"boolean"},"isPatchable":{"description":"If set to `true`, only include issues which are patchable, if set to `false`, only include issues which are not patchable","type":"boolean"},"isPinnable":{"description":"If set to `true`, only include issues which are pinnable, if set to `false`, only include issues which are not pinnable","type":"boolean"},"isUpgradable":{"description":"If set to `true`, only include issues which are upgradable, if set to `false`, only include issues which are not upgradable","type":"boolean"},"languages":{"description":"The type of languages to filter the results by","items":{},"type":"array"},"orgs":{"description":"The list of org IDs to filter the results by"},"patched":{"description":"If set to `true`, only include issues which are patched, if set to `false`, only include issues which are not patched","type":"boolean"},"priorityScore":{"description":"The priority score ranging between 0-1000","properties":{"max":{"type":"number"},"min":{"type":"number"}},"type":"object"},"projects":{"description":"The list of project IDs to filter issues by, max projects allowed is 1000"},"severity":{"description":"The severity levels of issues to filter the results by","items":{},"type":"array"},"types":{"description":"The type of issues to filter the results by","items":{},"type":"array"}},"required":["orgs"],"type":"object"}},"type":"object"}}}},"Get_latest_project_countsBody":{"content":{"application/json":{"schema":{"example":{"filters":{"languages":["node","javascript","ruby","java","scala","python","golang","php","dotnet","swift-objective-c","elixir","docker","linux","dockerfile","terraform","kubernetes","helm","cloudformation"],"orgs":[],"projects":[]}},"properties":{"filters":{"properties":{"languages":{"description":"The type of languages to filter the results by","items":{},"type":"array"},"orgs":{"description":"The list of org IDs to filter the results by"},"projects":{"description":"The list of project IDs to filter the results by, max projects allowed is 1000"}},"required":["orgs"],"type":"object"}},"type":"object"}}}},"Get_list_of_latest_issuesBody":{"content":{"application/json":{"schema":{"example":{"filters":{"exploitMaturity":["mature","proof-of-concept","no-known-exploit","no-data"],"fixable":false,"identifier":"","ignored":false,"isFixed":false,"isPatchable":false,"isPinnable":false,"isUpgradable":false,"issues":[],"languages":["node","javascript","ruby","java","scala","python","golang","php","dotnet","swift-objective-c","elixir","docker","linux","dockerfile","terraform","kubernetes","helm","cloudformation","arm"],"orgs":[],"patched":false,"priorityScore":{"max":1000,"min":0},"projects":[],"severity":["critical","high","medium","low"],"types":["vuln","license","configuration"]}},"properties":{"filters":{"properties":{"exploitMaturity":{"description":"The exploit maturity levels of issues to filter the results by","items":{},"type":"array"},"fixable":{"description":"If set to `true`, only include issues which are fixable, if set to `false`, only include issues which are not fixable. An issue is fixable if it is either upgradable, patchable or pinnable. Also see isUpgradable, isPatchable and isPinnable filters.","type":"boolean"},"identifier":{"description":"Search term to filter issue name by, or an exact CVE or CWE","type":"string"},"ignored":{"description":"If set to `true`, only include issues which are ignored, if set to `false`, only include issues which are not ignored","type":"boolean"},"isFixed":{"description":"If set to `true`, only include issues which are fixed, if set to `false`, only include issues which are not fixed","type":"boolean"},"isPatchable":{"description":"If set to `true`, only include issues which are patchable, if set to `false`, only include issues which are not patchable","type":"boolean"},"isPinnable":{"description":"If set to `true`, only include issues which are pinnable, if set to `false`, only include issues which are not pinnable","type":"boolean"},"isUpgradable":{"description":"If set to `true`, only include issues which are upgradable, if set to `false`, only include issues which are not upgradable","type":"boolean"},"issues":{"description":"The list of issue IDs to filter issues by"},"languages":{"description":"The type of languages to filter the results by","items":{},"type":"array"},"orgs":{"description":"The list of org IDs to filter the results by"},"patched":{"description":"If set to `true`, only include issues which are patched, if set to `false`, only include issues which are not patched","type":"boolean"},"priorityScore":{"description":"The priority score ranging between 0-1000","properties":{"max":{"type":"number"},"min":{"type":"number"}},"type":"object"},"projects":{"description":"The list of project IDs to filter issues by, max projects allowed is 1000"},"severity":{"description":"The severity levels of issues to filter the results by","items":{},"type":"array"},"types":{"description":"The type of issues to filter the results by","items":{},"type":"array"}},"required":["orgs"],"type":"object"}},"type":"object"}}}},"List_all_Aggregated_issuesBody":{"content":{"application/json":{"schema":{"example":{"includeDescription":false,"includeIntroducedThrough":false},"properties":{"filters":{"properties":{"exploitMaturity":{"description":"The exploit maturity levels of issues to filter the results by (Non-IaC projects only)","items":{},"type":"array"},"ignored":{"description":"If set to `true`, only include issues which are ignored, if set to `false`, only include issues which are not ignored","type":"boolean"},"patched":{"description":"If set to `true`, only include issues which are patched, if set to `false`, only include issues which are not patched (Non-IaC projects only)","type":"boolean"},"priority":{"description":"The priority to filter the issues by (Non-IaC projects only)","properties":{"score":{"description":"Include issues where the priority score is between min and max","properties":{"max":{"type":"number"},"min":{"type":"number"}},"type":"object"}},"type":"object"},"severities":{"description":"The severity levels of issues to filter the results by","items":{},"type":"array"},"types":{"description":"The type of issues to filter the results by (Non-IaC projects only)","items":{},"type":"array"}},"type":"object"},"includeDescription":{"description":"If set to `true`, Include issue's description, if set to `false` (by default), it won't (Non-IaC projects only)","type":"boolean"},"includeIntroducedThrough":{"description":"If set to `true`, Include issue's introducedThrough, if set to `false` (by default), it won't. It's for container only projects (Non-IaC projects only)","type":"boolean"}},"type":"object"}}}},"Modify_organization_notification_settingsBody":{"content":{"application/json":{"schema":{"example":{"new-issues-remediations":{"enabled":true,"issueSeverity":"high","issueType":"vuln"},"project-imported":{"enabled":true},"test-limit":{"enabled":true},"weekly-report":{"enabled":true}},"properties":{"new-issues-remediations":{"properties":{"enabled":{"description":"Whether notifications should be sent","type":"boolean"},"issueSeverity":{"description":"The severity levels of issues to send notifications for (only applicable for `new-remediations-vulnerabilities` notificationType)","enum":["all","high"],"type":"string"},"issueType":{"description":"Filter the types of issue to include in notifications (only applicable for `new-remediations-vulnerabilities` notificationType)","enum":["all","vuln","license","none"],"type":"string"}},"required":["enabled","issueSeverity","issueType"],"type":"object"},"project-imported":{"properties":{"enabled":{"description":"Whether notifications should be sent","type":"boolean"}},"required":["enabled"],"type":"object"},"test-limit":{"properties":{"enabled":{"description":"Whether notifications should be sent","type":"boolean"}},"required":["enabled"],"type":"object"},"weekly-report":{"properties":{"enabled":{"description":"Whether notifications should be sent","type":"boolean"}},"required":["enabled"],"type":"object"}},"type":"object"}}}}},"schemas":{"A_specific_entitlement_by_organization":{},"Activate_an_individual_project":{},"Add_member_body":{"properties":{"role":{"description":"The role of the user, \"admin\" or \"collaborator\".","type":"string"},"userId":{"description":"The id of the user.","type":"string"}},"type":"object"},"Aggregated_Project_Snapshot_Issues":{},"Aggregated_Project_issues":{},"Aggregated_project_issues":{"properties":{"issues":{"description":"An array of identified issues","items":{"properties":{"fixInfo":{"description":"Information about fix/upgrade/pinnable options for the issue (Non-IaC projects only)","properties":{"fixedIn":{"description":"The set of versions in which this issue has been fixed. If the issue spanned multiple versions (i.e. `1.x` and `2.x`) then there will be multiple `fixedIn` entries","items":{},"type":"array"},"isFixable":{"description":"Whether all of the issue's paths are fixable. Paths that are already patched are not considered fixable unless they have an alternative remediation (e.g. pinning or upgrading). An upgrade path where the only changes are in transitive dependencies is only considered fixable if the package manager supports it.","type":"boolean"},"isPartiallyFixable":{"description":"Whether any of the issue's paths can be fixed. Paths that are already patched are not considered fixable unless they have an alternative remediation (e.g. pinning or upgrading). An upgrade path where the only changes are in transitive dependencies is only considered fixable if the package manager supports it.","type":"boolean"},"isPatchable":{"description":"Whether all the of issue's paths are patchable","type":"boolean"},"isPinnable":{"description":"Whether the issue can be fixed by pinning a transitive","type":"boolean"},"isUpgradable":{"description":"Whether all of the issue's paths are upgradable","type":"boolean"},"nearestFixedInVersion":{"description":"Nearest version which includes a fix for the issue. This is populated for container projects only.","type":"string"}},"type":"object"},"id":{"description":"The identifier of the issue","type":"string"},"ignoreReasons":{"description":"The list of reasons why the issue was ignored","items":{},"type":"array"},"introducedThrough":{"description":"The list of what introduced the issue (it is available only for container project with Dockerfile)","items":{},"type":"array"},"isIgnored":{"description":"Whether the issue has been ignored","type":"boolean"},"isPatched":{"description":"Whether the issue has been patched (Non-IaC projects only)","type":"boolean"},"issueData":{"description":"The details of the issue","properties":{"CVSSv3":{"description":"The CVSS v3 string that signifies how the CVSS score was calculated (Non-IaC projects only)","type":"string"},"credit":{"description":"The list of people responsible for first uncovering or reporting the issue (Non-IaC projects only)","items":{},"type":"array"},"cvssScore":{"description":"The CVSS score that results from running the CVSSv3 string (Non-IaC projects only)","type":"number"},"description":{"type":"string"},"disclosureTime":{"description":"The date that the vulnerability was first disclosed","type":"string"},"exploitMaturity":{"description":"The exploit maturity of the issue","type":"string"},"id":{"description":"The identifier of the issue","type":"string"},"identifiers":{"description":"External identifiers assigned to the issue (Non-IaC projects only)","properties":{"CVE":{"description":"Common Vulnerability Enumeration identifiers","items":{},"type":"array"},"CWE":{"description":"Common Weakness Enumeration identifiers","items":{},"type":"array"},"OSVDB":{"description":"Identifiers assigned by the Open Source Vulnerability Database (OSVDB)","items":{},"type":"array"}},"type":"object"},"isMaliciousPackage":{"description":"Whether the issue is intentional, indicating a malicious package","type":"boolean"},"language":{"description":"The language of the issue (Non-IaC projects only)","type":"string"},"nearestFixedInVersion":{"description":"Nearest version which includes a fix for the issue. This is populated for container projects only. (Non-IaC projects only)","type":"string"},"originalSeverity":{"description":"The original severity status of the issue, as retrieved from Snyk Vulnerability database, before policies are applied","type":"string"},"patches":{"description":"A list of patches available for the given issue (Non-IaC projects only)","items":{},"type":"array"},"path":{"description":"Path to the resource property violating the policy within the scanned project. (IaC projects only)","type":"string"},"publicationTime":{"description":"The date that the vulnerability was first published by Snyk (Non-IaC projects only)","type":"string"},"semver":{"description":"The ranges that are vulnerable and unaffected by the issue (Non-IaC projects only)","properties":{"unaffected":{"description":"The ranges that are unaffected by the issue","type":"string"},"vulnerable":{"description":"The ranges that are vulnerable to the issue. May be an array or a string.","items":{},"type":"array"}},"type":"object"},"severity":{"description":"The severity status of the issue, after policies are applied","type":"string"},"title":{"description":"The issue title","type":"string"},"url":{"description":"URL to a page containing information about the issue","type":"string"},"violatedPolicyPublicId":{"description":"The ID of the violated policy in the issue (IaC projects only)","type":"string"}},"required":["id","title","severity","originalSeverity","url","exploitMaturity","path","violatedPolicyPublicId"],"type":"object"},"issueType":{"description":"type of the issue ('vuln', 'license' or 'configuration')","type":"string"},"links":{"description":"Onward links from this record (Non-IaC projects only)","properties":{"paths":{"description":"The URL for the dependency paths that introduce this issue","type":"string"}},"type":"object"},"pkgName":{"description":"The package name (Non-IaC projects only)","type":"string"},"pkgVersions":{"description":"List of affected package versions (Non-IaC projects only)","items":{"type":"string"},"type":"array"},"priority":{"description":"Information about the priority of the issue (Non-IaC projects only)","properties":{"factors":{"description":"The list of factors that contributed to the priority of the issue","items":{},"type":"array"},"score":{"description":"The priority score of the issue","type":"number"}},"type":"object"}},"required":["id","issueType","pkgName","pkgVersions","issueData","isPatched","isIgnored"],"type":"object"},"type":"array"}},"type":"object"},"Aggregated_project_issues_filters":{"properties":{"filters":{"properties":{"exploitMaturity":{"description":"The exploit maturity levels of issues to filter the results by (Non-IaC projects only)","items":{},"type":"array"},"ignored":{"description":"If set to `true`, only include issues which are ignored, if set to `false`, only include issues which are not ignored","type":"boolean"},"patched":{"description":"If set to `true`, only include issues which are patched, if set to `false`, only include issues which are not patched (Non-IaC projects only)","type":"boolean"},"priority":{"description":"The priority to filter the issues by (Non-IaC projects only)","properties":{"score":{"description":"Include issues where the priority score is between min and max","properties":{"max":{"type":"number"},"min":{"type":"number"}},"type":"object"}},"type":"object"},"severities":{"description":"The severity levels of issues to filter the results by","items":{},"type":"array"},"types":{"description":"The type of issues to filter the results by (Non-IaC projects only)","items":{},"type":"array"}},"type":"object"},"includeDescription":{"description":"If set to `true`, Include issue's description, if set to `false` (by default), it won't (Non-IaC projects only)","type":"boolean"},"includeIntroducedThrough":{"description":"If set to `true`, Include issue's introducedThrough, if set to `false` (by default), it won't. It's for container only projects (Non-IaC projects only)","type":"boolean"}},"type":"object"},"All_ignores":{"properties":{"issueId":{"description":"The issue ID that should be ignored.","items":{},"type":"array"}},"required":["issueId"],"type":"object"},"All_jira_issues":{"properties":{"issueId":{"description":"The issue ID and relating jira issue.","items":{},"type":"array"}},"required":["issueId"],"type":"object"},"All_projects":{},"AssignmentType":{"enum":["auto","manual"],"type":"string"},"AutoRemediationPrs":{"properties":{"backlogPrsEnabled":{"description":"If true, allows automatic remediation of newly identified issues, or older issues where a fix has been identified","type":"boolean"},"freshPrsEnabled":{"description":"If true, allows automatic remediation of prioritized backlog issues","type":"boolean"},"usePatchRemediation":{"description":"If true, allows using patched remediation","type":"boolean"}},"type":"object"},"BrokerSettings":{"properties":{"enabled":{"type":"boolean"}},"type":"object"},"ComposerLock":{"properties":{"contents":{"type":"string"}},"type":"object"},"Create_organization":{},"Create_organizations_body":{"properties":{"groupId":{"description":"The group ID. The `API_KEY` must have access to this group.","type":"string"},"name":{"description":"The name of the new organization","type":"string"},"sourceOrgId":{"description":"The id of an organization to copy settings from.\n\nIf provided, this organization must be associated with the same group.\n\nThe items that will be copied are: \nSource control integrations (GitHub, GitLab, BitBucket)\n\\+ Container registries integrations (ACR, Docker Hub, ECR, GCR)\n\\+ Container orchestrators integrations (Kubernetes)\n\\+ PaaS and Serverless Integrations (Heroku, AWS Lambda)\n\\+ Notification integrations (Slack, Jira)\n\\+ Policies\n\\+ Ignore settings\n\\+ Language settings\n\\+ Infrastructure as Code settings\n\\+ Snyk Code settings\n\nThe following will not be copied across:\nService accounts\n\\+ Members\n\\+ Projects\n\\+ Notification preferences","type":"string"}},"required":["name"],"type":"object"},"Deactivate_an_individual_project":{},"Delete_Tag_From_Group":{},"Delete_tag_body":{"properties":{"force":{"description":"force delete tag that has entities (default is `false`).","type":"boolean"},"key":{"description":"Valid tag key.","type":"string"},"value":{"description":"Valid tag value.","type":"string"}},"type":"object"},"DepGraph":{},"DepGraphData":{"properties":{"graph":{"$ref":"#/components/schemas/Graph"},"pkgManager":{"$ref":"#/components/schemas/PkgManager"},"pkgs":{"description":"Array of package dependencies.","items":{},"type":"array"},"schemaVersion":{"description":"Snyk DepGraph library schema version.","type":"string"}},"required":["schemaVersion","pkgManager","pkgs","graph"],"type":"object"},"Dep_Graph":{},"Dependencies":{"properties":{"results":{"description":"A list of issues","items":{"properties":{"copyright":{"description":"The copyright notices for the package","items":{},"type":"array"},"dependenciesWithIssues":{"description":"The identifiers of dependencies with issues that are depended upon as a result of this dependency","items":{},"type":"array"},"deprecatedVersions":{"description":"The numbers for those versions that are marked as deprecated","items":{},"type":"array"},"firstPublishedDate":{"description":"The timestamp for when the specified package was first published.","type":"string"},"id":{"description":"The identifier of the package","type":"string"},"isDeprecated":{"description":"True if the latest version of the package is marked as deprecated; False otherwise.","type":"boolean"},"issuesCritical":{"description":"The number of critical severity issues in this dependency","type":"number"},"issuesHigh":{"description":"The number of high severity issues in this dependency","type":"number"},"issuesLow":{"description":"The number of low severity issues in this dependency","type":"number"},"issuesMedium":{"description":"The number of medium severity issues in this dependency","type":"number"},"latestVersion":{"description":"The latest version available for the specified package","type":"string"},"latestVersionPublishedDate":{"description":"The timestamp for when the latest version of the specified package was published.","type":"string"},"licenses":{"description":"The licenses of the dependency","items":{"properties":{"id":{"description":"The identifier of the license","type":"string"},"license":{"description":"The type of the license","type":"string"},"title":{"description":"The title of the license","type":"string"}},"required":["id","title","license"],"type":"object"},"type":"array"},"name":{"description":"The name of the package","type":"string"},"projects":{"description":"The projects which depend on the dependency","items":{"properties":{"id":{"description":"The identifier of the project","type":"string"},"name":{"description":"The name of the project","type":"string"}},"required":["id","name"],"type":"object"},"type":"array"},"type":{"description":"The package type of the dependency","type":"string"},"version":{"description":"The version of the package","type":"string"}},"required":["id","name","version","type","licenses","projects"],"type":"object"},"type":"array"},"total":{"description":"The number of results returned","type":"number"}},"required":["results"],"type":"object"},"Dependencies_by_organization":{},"Dependencies_filters":{"properties":{"filters":{"properties":{"depStatus":{"description":"Status of the dependency. Requires reporting entitlement. Options: `deprecated` - Include only deprecated packages; `notDeprecated` - Include all packages that are not marked as deprecated; `any` - Include all packages (default)","type":"string"},"dependencies":{"description":"The list of dependency IDs to filter the results by (i.e amdefine@1.0.1 or org.javassist:javassist@3.18.1-GA)","items":{},"type":"array"},"languages":{"description":"The type of languages to filter the results by","items":{},"type":"array"},"licenses":{"description":"The list of license IDs to filter the results by","items":{},"type":"array"},"projects":{"description":"The list of project IDs to filter the results by","items":{},"type":"array"},"severity":{"description":"The severities to filter the results by","items":{},"type":"array"}},"type":"object"}},"type":"object"},"Entitlements_by_organization":{},"Error_Response":{"properties":{"code":{"description":"The error response code","type":"number"},"error":{"properties":{"innerErrors":{"description":"A list of additional reasons why the error occurred","items":{},"type":"array"},"name":{"description":"A descriptive message of the error","type":"string"}},"required":["name"],"type":"object"},"ok":{"type":"boolean"}},"required":["code","ok","error"],"type":"object"},"Function":{"properties":{"functionId":{"$ref":"#/components/schemas/FunctionId"},"version":{"description":"Versions this function relates to.","items":{},"type":"array"}},"type":"object"},"FunctionId":{"properties":{"className?":{"description":"Class name (Java only).","type":"string"},"filePath?":{"description":"Path to file (Javascript only).","type":"string"},"functionName":{"description":"Function name.","type":"string"}},"type":"object"},"GoPkgLock":{"properties":{"contents":{"type":"string"}},"type":"object"},"Gradle":{},"GradleFile":{"properties":{"contents":{"description":"The contents of the file, encoded according to the `encoding` field.","type":"string"}},"required":["contents"],"type":"object"},"Gradle_request_payload":{"properties":{"encoding":{"description":"the encoding for the manifest files sent.","enum":["plain","base64"],"type":"string"},"files":{"description":"The manifest files:","properties":{"target":{"$ref":"#/components/schemas/GradleFile"}},"required":["target"],"type":"object"}},"required":["files"],"type":"object"},"Graph":{"properties":{"nodes":{"description":"Array of node objects.","items":{},"type":"array"},"rootNodeId":{"description":"Root node id.","type":"string"}},"required":["rootNodeId","nodes"],"type":"object"},"GraphDependency":{"properties":{"nodeId":{"description":"Node id unique across the graph.","type":"string"}},"required":["nodeId"],"type":"object"},"Group_level_audit_logs":{},"Group_settings":{"properties":{"requestAccess":{"description":"Can only be updated if `API_KEY` has edit access to request access settings.","properties":{"enabled":{"description":"Choose whether a user may request access to Snyk orgs in this group that they are not a member of.","type":"boolean"}},"required":["enabled"],"type":"object"},"sessionLength":{"description":"The new session length for the group in minutes. This must be an integer between 1 and 43200 (30 days). Setting this value to null will result in this group inheriting from the global default of 30 days.","type":"number"}},"type":"object"},"Groups_Audit_logs_filters":{"properties":{"filters":{"properties":{"email":{"description":"User email address. Will fetch only audit logs originated from this user's actions. Ignored if the userId filter is set.","type":"string"},"event":{"description":"Will return only logs for this specific event. Only one of event and excludeEvent may be specified in a request.","enum":["api.access","group.cloud_config.settings.edit","group.create","group.delete","group.edit","group.feature_flags.edit","group.notification_settings.edit","group.org.add","group.org.remove","group.policy.create","group.policy.delete","group.policy.edit","group.request_access_settings.edit","group.role.create","group.role.edit","group.service_account.create","group.service_account.delete","group.service_account.edit","group.settings.edit","group.settings.feature_flag.edit","group.sso.auth0_connection.create","group.sso.auth0_connection.edit","group.sso.add","group.sso.create","group.sso.delete","group.sso.edit","group.sso.membership.sync","group.sso.remove","group.tag.create","group.tag.delete","group.user.add","group.user.provision.accept","group.user.provision.create","group.user.provision.delete","group.user.remove","group.user.role.edit"],"type":"string"},"excludeEvent":{"description":"Will return logs except logs for this event. Only one of event and excludeEvent may be specified in a request.","enum":["api.access","group.cloud_config.settings.edit","group.create","group.delete","group.edit","group.feature_flags.edit","group.notification_settings.edit","group.org.add","group.org.remove","group.policy.create","group.policy.delete","group.policy.edit","group.request_access_settings.edit","group.role.create","group.role.edit","group.service_account.create","group.service_account.delete","group.service_account.edit","group.settings.edit","group.settings.feature_flag.edit","group.sso.auth0_connection.create","group.sso.auth0_connection.edit","group.sso.add","group.sso.create","group.sso.delete","group.sso.edit","group.sso.membership.sync","group.sso.remove","group.tag.create","group.tag.delete","group.user.add","group.user.provision.accept","group.user.provision.create","group.user.provision.delete","group.user.remove","group.user.role.edit"],"type":"string"},"projectId":{"description":"Will return only logs for this specific project.","type":"string"},"userId":{"description":"User public ID. Will fetch only audit logs originated from this user's actions.","type":"string"}},"type":"object"}},"type":"object"},"Ignore":{"properties":{"ignorePath":{"description":"The path that should be ignored. Wildcards can be specified with a `*`.","properties":{"created":{"description":"The timestamp that the issue was ignored.","type":"string"},"disregardIfFixable":{"description":"Only ignore the issue if no upgrade or patch is available.","type":"boolean"},"expires":{"description":"The timestamp that the issue will no longer be ignored.","type":"string"},"ignoredBy":{"description":"The person who ignored the issue.","properties":{"email":{"description":"The email of the person who ignored the issue.","type":"string"},"id":{"description":"The user ID of the person who ignored the issue.","type":"string"},"name":{"description":"The name of the person who ignored the issue.","type":"string"}},"required":["name","email"],"type":"object"},"reason":{"description":"The reason that the issue was ignored.","type":"string"},"reasonType":{"description":"The classification of the ignore.","enum":["not-vulnerable","wont-fix","temporary-ignore"],"type":"string"}},"type":"object"}},"required":["ignorePath"],"type":"object"},"Ignore_rule":{"properties":{"disregardIfFixable":{"description":"Only ignore the issue if no upgrade or patch is available.","type":"boolean"},"expires":{"description":"The timestamp that the issue will no longer be ignored.","type":"string"},"ignorePath":{"description":"The path to ignore (default is `*` which represents all paths).","type":"string"},"reason":{"description":"The reason that the issue was ignored.","type":"string"},"reasonType":{"description":"The classification of the ignore.","enum":["not-vulnerable","wont-fix","temporary-ignore"],"type":"string"}},"required":["reasonType","disregardIfFixable"],"type":"object"},"Ignore_rules":{"items":{},"type":"array"},"Ignored_issues":{},"Ignores":{"items":{},"type":"array"},"Import":{},"Import_job":{},"Individual_project":{},"Integration":{},"IntegrationCredentials":{"properties":{},"type":"object"},"IntegrationType":{"enum":["acr","artifactory-cr","azure-repos","bitbucket-cloud","bitbucket-server","digitalocean-cr","docker-hub","ecr","gcr","github","github-cr","github-enterprise","gitlab","gitlab-cr","google-artifact-cr","harbor-cr","nexus-cr","quay-cr"],"type":"string"},"Integration_authentication":{},"Integration_broker_token_provisioning":{},"Integration_broker_token_switching":{},"Integration_by_type":{},"Integration_cloning":{},"Integration_settings":{"properties":{"autoDepUpgradeEnabled":{"description":"Defines if the functionality is enabled","type":"boolean"},"autoDepUpgradeIgnoredDependencies":{"description":"A list of strings defining what dependencies should be ignored","items":{},"type":"array"},"autoDepUpgradeLimit":{"description":"A limit on how many automatic dependency upgrade PRs can be opened simultaneously","type":"number"},"autoDepUpgradeMinAge":{"description":"The age (in days) that an automatic dependency check is valid for","type":"number"},"autoRemediationPrs":{"description":"Defines automatic remediation policies","properties":{"backlogPrsEnabled":{"description":"If true, allows automatic remediation of prioritized backlog issues","type":"boolean"},"freshPrsEnabled":{"description":"If true, allows automatic remediation of newly identified issues, or older issues where a fix has been identified","type":"boolean"},"usePatchRemediation":{"description":"If true, allows using patched remediation","type":"boolean"}},"type":"object"},"dockerfileSCMEnabled":{"description":"If true, will automatically detect and scan Dockerfiles in your Git repositories, surface base image vulnerabilities and recommend possible fixes","type":"boolean"},"manualRemediationPrs":{"description":"Defines manual remediation policies","properties":{"usePatchRemediation":{"description":"If true, allows using patched remediation","type":"boolean"}},"type":"object"},"pullRequestAssignment":{"$ref":"#/components/schemas/PullRequestAssignment"},"pullRequestFailOnAnyVulns":{"description":"If an opened PR should fail to be validated if any vulnerable dependencies have been detected","type":"boolean"},"pullRequestFailOnlyForHighSeverity":{"description":"If an opened PR only should fail its validation if any dependencies are marked as being of high severity","type":"boolean"},"pullRequestTestEnabled":{"description":"If opened PRs should be tested","type":"boolean"}},"type":"object"},"Integrations":{"properties":{"key":{"description":"The name of an integration","type":"string"},"value":{"description":"Alphanumeric UUID including - with a limit of 36 characters","type":"string"}},"type":"object"},"Integrations_body":{"properties":{},"type":"object"},"Issue_Counts":{"properties":{"results":{"description":"A list of issue counts by day","items":{"properties":{"count":{"description":"The number of issues","type":"number"},"day":{"description":"The date in the format `YYYY-MM-DD`","type":"string"},"fixable":{"properties":{"false":{"description":"The number of non-fixable issues","type":"number"},"true":{"description":"The number of fixable issues","type":"number"}},"type":"object"},"severity":{"properties":{"critical":{"description":"The number of critical severity issues","type":"number"},"high":{"description":"The number of high severity issues","type":"number"},"low":{"description":"The number of low severity issues","type":"number"},"medium":{"description":"The number of medium severity issues","type":"number"}},"type":"object"}},"required":["day","count"],"type":"object"},"type":"array"}},"required":["results"],"type":"object"},"Issue_Counts_Filters":{"properties":{"filters":{"properties":{"fixable":{"description":"If set to `true`, only include issues which are fixable, if set to `false`, only include issues which are not fixable. An issue is fixable if it is either upgradable, patchable or pinnable. Also see isUpgradable, isPatchable and isPinnable filters.","type":"boolean"},"ignored":{"description":"If set to `true`, only include issues which are ignored, if set to `false`, only include issues which are not ignored","type":"boolean"},"isPatchable":{"description":"If set to `true`, only include issues which are patchable, if set to `false`, only include issues which are not patchable","type":"boolean"},"isPinnable":{"description":"If set to `true`, only include issues which are pinnable, if set to `false`, only include issues which are not pinnable","type":"boolean"},"isUpgradable":{"description":"If set to `true`, only include issues which are upgradable, if set to `false`, only include issues which are not upgradable","type":"boolean"},"languages":{"description":"The type of languages to filter the results by","items":{},"type":"array"},"orgs":{"description":"The list of org IDs to filter the results by","items":{},"type":"array"},"patched":{"description":"If set to `true`, only include issues which are patched, if set to `false`, only include issues which are not patched","type":"boolean"},"priorityScore":{"$ref":"#/components/schemas/PriorityScore"},"projects":{"description":"The list of project IDs to filter issues by, max projects allowed is 1000","items":{},"type":"array"},"severity":{"description":"The severity levels of issues to filter the results by","items":{},"type":"array"},"types":{"description":"The type of issues to filter the results by","items":{},"type":"array"}},"required":["orgs"],"type":"object"}},"type":"object"},"Issue_counts_over_time":{},"Issue_paths":{"properties":{"links":{"description":"Onward links from this record","properties":{"last":{"description":"The URL of the last page of paths for the issue","type":"string"},"next":{"description":"The URL of the next page of paths for the issue, if not on the last page","type":"string"},"prev":{"description":"The URL of the previous page of paths for the issue, if not on the first page","type":"string"}},"type":"object"},"paths":{"description":"A list of the dependency paths that introduce the issue","items":{"items":{"properties":{"fixVersion":{"description":"The version to upgrade the package to in order to resolve the issue. This will only appear on the first element of the path, and only if the issue can be fixed by upgrading packages. Note that if the fix requires upgrading transitive dependencies, `fixVersion` will be the same as `version`.","type":"string"},"name":{"description":"The package name","type":"string"},"version":{"description":"The package version","type":"string"}},"type":"object"},"type":"array"},"type":"array"},"snapshotId":{"description":"The identifier of the snapshot for which the paths have been found","type":"string"},"total":{"description":"The total number of results","type":"number"}},"type":"object"},"Issues":{"properties":{"results":{"description":"A list of issues","items":{"properties":{"fixedDate":{"description":"The date that the issue was fixed","type":"string"},"introducedDate":{"description":"The date that the issue was introduced into the project","type":"string"},"isFixed":{"description":"Whether the issue has been fixed","type":"boolean"},"issue":{"properties":{"CVSSv3":{"description":"The CVSS v3 string that signifies how the CVSS score was calculated (not applicable to licenses)","type":"string"},"credit":{"description":"The list of people responsible for first uncovering or reporting the issue (not applicable to licenses)","items":{},"type":"array"},"cvssScore":{"description":"The CVSS score that results from running the CVSSv3 string (not applicable to licenses)","type":"number"},"disclosureTime":{"description":"The date that the vulnerability was first disclosed (not applicable to licenses)","type":"string"},"exploitMaturity":{"description":"The exploit maturity of the issue","type":"string"},"id":{"description":"The identifier of the issue","type":"string"},"identifiers":{"description":"External identifiers assigned to the issue (not applicable to licenses)","properties":{"CVE":{"description":"Common Vulnerability Enumeration identifiers","items":{},"type":"array"},"CWE":{"description":"Common Weakness Enumeration identifiers","items":{},"type":"array"},"OSVDB":{"description":"Identifiers assigned by the Open Source Vulnerability Database (OSVDB)","items":{},"type":"array"}},"type":"object"},"ignored":{"description":"The list of ignore rules that were applied to the issue (only present if issue was ignored and no `groupBy` in the API request)","items":{},"type":"array"},"isIgnored":{"description":"Whether the issue has been ignored (only present if there is no `groupBy` in the API request)","type":"boolean"},"isPatchable":{"description":"Whether the issue can be patched","type":"boolean"},"isPatched":{"description":"Whether the issue has been patched (not applicable to licenses and only present if there is no `groupBy` in the API request)","type":"boolean"},"isPinnable":{"description":"Whether the issue can be pinned","type":"boolean"},"isUpgradable":{"description":"Whether the issue can be fixed by upgrading to a later version of the dependency","type":"boolean"},"jiraIssueUrl":{"description":"The link to the Jira issue attached to the vulnerability","type":"string"},"language":{"description":"The language of the issue","type":"string"},"originalSeverity":{"description":"The original severity status of the issue, as retrieved from Snyk Vulnerability database, before policies are applied","type":"string"},"package":{"description":"The name of the package that the issue relates to","type":"string"},"packageManager":{"description":"The package manager of the issue","type":"string"},"patches":{"description":"A list of patches available for the given issue (not applicable to licenses)","items":{},"type":"array"},"priorityScore":{"description":"The priority score ranging between 0-1000","type":"number"},"publicationTime":{"description":"The date that the vulnerability was first published by Snyk (not applicable to licenses)","type":"string"},"semver":{"description":"The ranges that are vulnerable and unaffected by the issue","properties":{"unaffected":{"description":"The ranges that are unaffected by the issue","type":"string"},"vulnerable":{"description":"The ranges that are vulnerable to the issue","items":{},"type":"array"}},"type":"object"},"severity":{"description":"The severity status of the issue, after policies are applied","type":"string"},"title":{"description":"The issue title","type":"string"},"type":{"description":"The issue type, can be \"vuln\", \"license\"","type":"string"},"uniqueSeveritiesList":{"description":"A list of all severities in issue per projects","items":{},"type":"array"},"url":{"description":"URL to a page containing information about the issue","type":"string"},"version":{"description":"The version of the package that the issue relates to","type":"string"}},"required":["url","id","title","type","package","version","severity","originalSeverity","exploitMaturity"],"type":"object"},"patchedDate":{"description":"The date that the issue was patched","type":"string"}},"required":["issue","isFixed","introducedDate"],"type":"object"},"type":"array"},"total":{"description":"The total number of results found","type":"number"}},"required":["results","total"],"type":"object"},"Issues_Filters":{"properties":{"filters":{"properties":{"exploitMaturity":{"description":"The exploit maturity levels of issues to filter the results by","items":{},"type":"array"},"fixable":{"description":"If set to `true`, only include issues which are fixable, if set to `false`, only include issues which are not fixable. An issue is fixable if it is either upgradable, patchable or pinnable. Also see isUpgradable, isPatchable and isPinnable filters.","type":"boolean"},"identifier":{"description":"Search term to filter issue name by, or an exact CVE or CWE","type":"string"},"ignored":{"description":"If set to `true`, only include issues which are ignored, if set to `false`, only include issues which are not ignored","type":"boolean"},"isFixed":{"description":"If set to `true`, only include issues which are fixed, if set to `false`, only include issues which are not fixed","type":"boolean"},"isPatchable":{"description":"If set to `true`, only include issues which are patchable, if set to `false`, only include issues which are not patchable","type":"boolean"},"isPinnable":{"description":"If set to `true`, only include issues which are pinnable, if set to `false`, only include issues which are not pinnable","type":"boolean"},"isUpgradable":{"description":"If set to `true`, only include issues which are upgradable, if set to `false`, only include issues which are not upgradable","type":"boolean"},"issues":{"description":"The list of issue IDs to filter issues by","items":{},"type":"array"},"languages":{"description":"The type of languages to filter the results by","items":{},"type":"array"},"orgs":{"description":"The list of org IDs to filter the results by","items":{},"type":"array"},"patched":{"description":"If set to `true`, only include issues which are patched, if set to `false`, only include issues which are not patched","type":"boolean"},"priorityScore":{"$ref":"#/components/schemas/PriorityScore"},"projects":{"description":"The list of project IDs to filter issues by, max projects allowed is 1000","items":{},"type":"array"},"severity":{"description":"The severity levels of issues to filter the results by","items":{},"type":"array"},"types":{"description":"The type of issues to filter the results by","items":{},"type":"array"}},"required":["orgs"],"type":"object"}},"type":"object"},"Jira_issue":{"properties":{"jiraIssue":{"description":"The details about the jira issue.","properties":{"id":{"description":"The id of the issue in Jira.","type":"string"},"key":{"description":"The key of the issue in Jira.","type":"string"}},"type":"object"}},"type":"object"},"Jira_issue_request":{"properties":{"fields":{"properties":{"issuetype":{"description":"See https://developer.atlassian.com/cloud/jira/platform/rest/v3/api-group-issues/#api-rest-api-3-issue-post for details of what to send as fields.","properties":{},"type":"object"},"project":{"description":"See https://developer.atlassian.com/cloud/jira/platform/rest/v3/api-group-issues/#api-rest-api-3-issue-post for details of what to send as fields.","properties":{},"type":"object"},"summary":{"description":"See https://developer.atlassian.com/cloud/jira/platform/rest/v3/api-group-issues/#api-rest-api-3-issue-post for details of what to send as fields.","type":"string"}},"type":"object"}},"type":"object"},"Latest_Issues":{},"Latest_issue_counts":{},"Latest_project_counts":{},"Licenses":{"properties":{"results":{"description":"A list of licenses","items":{"properties":{"dependencies":{"description":"The dependencies of projects in the organization which have the license","items":{"properties":{"id":{"description":"The identifier of the package","type":"string"},"name":{"description":"The name of the package","type":"string"},"packageManager":{"description":"The package manager of the dependency","type":"string"},"version":{"description":"The version of the package","type":"string"}},"required":["id","name","version","packageManager"],"type":"object"},"type":"array"},"id":{"description":"The identifier of the license","type":"string"},"instructions":{"description":"Custom instructions assigned to this license","type":"string"},"projects":{"description":"The projects which contain the license","items":{"properties":{"id":{"description":"The identifier of the project","type":"string"},"name":{"description":"The name of the project","type":"string"}},"required":["id","name"],"type":"object"},"type":"array"},"severity":{"description":"The severity assigned to this license","enum":["none","high","medium","low"],"type":"string"}},"required":["id","dependencies","projects"],"type":"object"},"type":"array"},"total":{"description":"The number of results returned","type":"number"}},"required":["results"],"type":"object"},"Licenses_by_organization":{},"Licenses_filters":{"properties":{"filters":{"properties":{"dependencies":{"description":"The list of dependency IDs to filter the results by","items":{},"type":"array"},"languages":{"description":"The type of languages to filter the results by","items":{},"type":"array"},"licenses":{"description":"The list of license IDs to filter the results by","items":{},"type":"array"},"projects":{"description":"The list of project IDs to filter the results by","items":{},"type":"array"},"severity":{"description":"The severities to filter the results by","items":{},"type":"array"}},"type":"object"}},"type":"object"},"List_all_organizations_in_a_group":{},"List_all_projects":{"properties":{"org":{"properties":{"id":{"description":"The identifier of the org","type":"string"},"name":{"type":"string"}},"type":"object"},"projects":{"description":"A list of org's projects","items":{"$ref":"#/components/schemas/Project_without_remediation"},"type":"array"}},"type":"object"},"List_all_roles_in_a_group":{},"List_all_tags_in_a_group":{},"List_members_in_a_group":{},"Manage_organization":{},"Manage_roles_in_organization":{},"Maven":{},"MavenAdditionalFile":{"properties":{"contents":{"description":"The contents of the file, encoded according to the `encoding` field.","type":"string"}},"required":["contents"],"type":"object"},"MavenFile":{"properties":{"contents":{"description":"The contents of the file, encoded according to the `encoding` field.","type":"string"}},"required":["contents"],"type":"object"},"Maven_request_payload":{"properties":{"encoding":{"description":"the encoding for the manifest files sent.","enum":["plain","base64"],"type":"string"},"files":{"description":"The manifest files:","properties":{"additional":{"description":"additional manifest files (if needed), encoded according the the \"encoding\" field.","items":{},"type":"array"},"target":{"$ref":"#/components/schemas/MavenFile"}},"required":["target"],"type":"object"}},"required":["files"],"type":"object"},"Members_in_an_organization_of_a_group":{},"Members_in_organization":{},"MonitorDepGraphData":{"properties":{"graph":{"$ref":"#/components/schemas/MonitorGraph"},"pkgManager":{"$ref":"#/components/schemas/MonitorPkgManager"},"pkgs":{"description":"Array of package dependencies.","items":{},"type":"array"},"schemaVersion":{"description":"Snyk DepGraph library schema version.","type":"string"}},"required":["schemaVersion","pkgManager","pkgs","graph"],"type":"object"},"MonitorGraph":{"properties":{"nodes":{"description":"Array of node objects.","items":{},"type":"array"},"rootNodeId":{"description":"Root node id. Note the root node name is used as your project name.","type":"string"}},"required":["rootNodeId","nodes"],"type":"object"},"MonitorGraphDependency":{"properties":{"nodeId":{"description":"Node id unique across the graph.","type":"string"}},"required":["nodeId"],"type":"object"},"MonitorMetaData":{"properties":{"targetFramework":{"description":"Required for a NuGet or Paket DepGraph only. Specify the target framework in your project file using Target Framework Monikers (TFMs). For example, netstandard1.0, netcoreapp1.0 or net452. Test each framework separately if you have multiple defined.","type":"string"}},"type":"object"},"MonitorNode":{"properties":{"deps":{"description":"An array of package ids this package depends on.","items":{},"type":"array"},"nodeId":{"description":"Node id unique across the graph.","type":"string"},"pkgId":{"description":"Package id reference should match id in pkg array and take the format name@version.","type":"string"}},"required":["nodeId","pkgId"],"type":"object"},"MonitorPackage":{"properties":{"id":{"description":"Unique package identifier, should take the format name@version.","type":"string"},"info":{"$ref":"#/components/schemas/MonitorPackageInfo"}},"required":["id","info"],"type":"object"},"MonitorPackageInfo":{"properties":{"name":{"description":"Package name.","type":"string"},"version":{"description":"Package version.","type":"string"}},"required":["name","version"],"type":"object"},"MonitorPkgManager":{"properties":{"name":{"description":"Package manager name.","type":"string"},"repositories":{"description":"A list of package repositories (i.e. maven-central, or npm) that defaults to the canonical package registry for the given package manager.","items":{},"type":"array"}},"required":["name"],"type":"object"},"MonitorRepository":{"properties":{"alias":{"description":"deb, apk and rpm package managers should use an alias to indicate the target Operating System, for example 'debian:10'.","type":"string"}},"type":"object"},"Move_project":{},"My_User_Details":{},"New_issues_notification_setting_request":{"properties":{"enabled":{"description":"Whether notifications should be sent","type":"boolean"},"issueSeverity":{"description":"The severity levels of issues to send notifications for (only applicable for `new-remediations-vulnerabilities` notificationType)","enum":["all","high"],"type":"string"},"issueType":{"description":"Filter the types of issue to include in notifications (only applicable for `new-remediations-vulnerabilities` notificationType)","enum":["all","vuln","license","none"],"type":"string"}},"required":["enabled","issueSeverity","issueType"],"type":"object"},"Node":{"properties":{"deps":{"description":"An array of package ids this package depends on.","items":{},"type":"array"},"nodeId":{"description":"Node id unique across the graph.","type":"string"},"pkgId":{"description":"Package id reference should match id in pkg array and take the format name@version.","type":"string"}},"required":["nodeId","pkgId"],"type":"object"},"Notification_setting_response":{"allOf":[{"$ref":"#/components/schemas/New_issues_notification_setting_request"},{"properties":{"inherited":{"description":"Whether the setting was found on the requested context directly or inherited from a parent","type":"boolean"}},"type":"object"}]},"Notification_settings":{},"Notification_settings_request":{"properties":{"new-issues-remediations":{"$ref":"#/components/schemas/New_issues_notification_setting_request"},"project-imported":{"$ref":"#/components/schemas/Simple_notification_setting_request"},"test-limit":{"$ref":"#/components/schemas/Simple_notification_setting_request"},"weekly-report":{"$ref":"#/components/schemas/Simple_notification_setting_request"}},"type":"object"},"Notification_settings_response":{"properties":{"new-issues-remediations":{"$ref":"#/components/schemas/Notification_setting_response"},"project-imported":{"$ref":"#/components/schemas/Simple_notification_setting_response"},"test-limit":{"$ref":"#/components/schemas/Simple_notification_setting_response"},"weekly-report":{"$ref":"#/components/schemas/Simple_notification_setting_response"}},"type":"object"},"Org_Audit_logs_filters":{"properties":{"filters":{"properties":{"email":{"description":"User email address. Will fetch only audit logs originated from this user's actions. Ignored if the userId filter is set.","type":"string"},"event":{"description":"Will return only logs for this specific event. Only one of event and excludeEvent may be specified in a request.","enum":["api.access","org.cloud_config.settings.edit","org.create","org.delete","org.edit","org.ignore_policy.edit","org.integration.create","org.integration.delete","org.integration.edit","org.integration.settings.edit","org.language_settings.edit","org.license_rule.create","org.license_rule.delete","org.license_rule.edit","org.notification_settings.edit","org.org_source.create","org.org_source.delete","org.org_source.edit","org.policy.edit","org.project.add","org.project.attributes.edit","org.project.delete","org.project.edit","org.project.fix_pr.auto_open","org.project.fix_pr.manual_open","org.project.ignore.create","org.project.ignore.delete","org.project.ignore.edit","org.project.monitor","org.project.pr_check.edit","org.project.remove","org.project.settings.delete","org.project.settings.edit","org.project.stop_monitor","org.project.tag.add","org.project.tag.remove","org.project.test","org.request_access_settings.edit","org.sast_settings.edit","org.service_account.create","org.service_account.delete","org.service_account.edit","org.service_account.membership.upsert","org.settings.feature_flag.edit","org.target.create","org.target.delete","org.user.add","org.user.invite","org.user.invite.accept","org.user.invite.revoke","org.user.invite_link.accept","org.user.invite_link.create","org.user.invite_link.revoke","org.user.leave","org.user.provision.accept","org.user.provision.create","org.user.provision.delete","org.user.remove","org.user.role.create","org.user.role.delete","org.user.role.details.edit","org.user.role.edit","org.user.role.permissions.edit","org.webhook.add","org.webhook.delete"],"type":"string"},"excludeEvent":{"description":"Will return logs except logs for this event. Only one of event and excludeEvent may be specified in a request.","enum":["api.access","org.cloud_config.settings.edit","org.create","org.delete","org.edit","org.ignore_policy.edit","org.integration.create","org.integration.delete","org.integration.edit","org.integration.settings.edit","org.language_settings.edit","org.license_rule.create","org.license_rule.delete","org.license_rule.edit","org.notification_settings.edit","org.org_source.create","org.org_source.delete","org.org_source.edit","org.policy.edit","org.project.add","org.project.attributes.edit","org.project.delete","org.project.edit","org.project.fix_pr.auto_open","org.project.fix_pr.manual_open","org.project.ignore.create","org.project.ignore.delete","org.project.ignore.edit","org.project.monitor","org.project.pr_check.edit","org.project.remove","org.project.settings.delete","org.project.settings.edit","org.project.stop_monitor","org.project.tag.add","org.project.tag.remove","org.project.test","org.request_access_settings.edit","org.sast_settings.edit","org.service_account.create","org.service_account.delete","org.service_account.edit","org.service_account.membership.upsert","org.settings.feature_flag.edit","org.target.create","org.target.delete","org.user.add","org.user.invite","org.user.invite.accept","org.user.invite.revoke","org.user.invite_link.accept","org.user.invite_link.create","org.user.invite_link.revoke","org.user.leave","org.user.provision.accept","org.user.provision.create","org.user.provision.delete","org.user.remove","org.user.role.create","org.user.role.delete","org.user.role.details.edit","org.user.role.edit","org.user.role.permissions.edit","org.webhook.add","org.webhook.delete"],"type":"string"},"projectId":{"description":"Will return only logs for this specific project.","type":"string"},"userId":{"description":"User public ID. Will fetch only audit logs originated from this user's actions.","type":"string"}},"type":"object"}},"type":"object"},"Org_settings_request":{"properties":{"requestAccess":{"description":"Can only be updated if `API_KEY` has edit access to request access settings.","properties":{"enabled":{"description":"Whether requesting access to the organization is enabled.","type":"boolean"}},"required":["enabled"],"type":"object"}},"type":"object"},"Org_settings_response":{"properties":{"requestAccess":{"description":"Will only be returned if `API_KEY` has read access to request access settings.","properties":{"enabled":{"description":"Whether requesting access to the organization is enabled.","type":"boolean"}},"required":["enabled"],"type":"object"}},"type":"object"},"Organization_level_audit_logs":{},"Organization_settings":{},"Organizations_in_a_group":{},"Package":{"properties":{"id":{"description":"Unique package identifier, should take the format name@version.","type":"string"},"info":{"$ref":"#/components/schemas/PackageInfo"}},"required":["id","info"],"type":"object"},"PackageInfo":{"properties":{"name":{"description":"Package name.","type":"string"},"version":{"description":"Package version.","type":"string"}},"required":["name","version"],"type":"object"},"PackageLockJsonFile":{"properties":{"contents":{"description":"The contents of the file, encoded according to the `encoding` field.","type":"string"}},"type":"object"},"Patch":{"properties":{"comments":{"items":{},"type":"array"},"id":{"type":"string"},"modificationTime":{"type":"string"},"urls":{"description":"Links to patch files to fix an issue.","items":{},"type":"array"},"version":{"description":"Versions this patch is applicable to, in semver format.","type":"string"}},"type":"object"},"Ping":{},"PkgManager":{"properties":{"name":{"description":"Package manager name.","type":"string"},"repositories":{"description":"A list of package repositories (i.e. maven-central, or npm) that defaults to the canonical package registry for the given package manager.","items":{},"type":"array"}},"required":["name"],"type":"object"},"PriorityScore":{"properties":{"max":{"type":"number"},"min":{"type":"number"}},"type":"object"},"Project":{"properties":{"attributes":{"$ref":"#/components/schemas/Project_attributes"},"branch":{"description":"The monitored branch (if available)","nullable":true,"type":"string"},"browseUrl":{"description":"URL with project overview","type":"string"},"created":{"description":"The date that the project was created on","type":"string"},"hostname":{"description":"The hostname for a CLI project, null if not set","nullable":true,"type":"string"},"id":{"description":"The project identifier","type":"string"},"imageBaseImage":{"description":"For docker projects shows the base image","type":"string"},"imageCluster":{"description":"For Kubernetes projects shows the origin cluster name","type":"string"},"imageId":{"description":"For docker projects shows the ID of the image","type":"string"},"imagePlatform":{"description":"For docker projects shows the platform of the image","type":"string"},"imageTag":{"description":"For docker projects shows the tag of the image","type":"string"},"importingUser":{"description":"The user who imported the project","properties":{"email":{"description":"The email of the user.","type":"string"},"id":{"description":"The ID of the user.","type":"string"},"name":{"description":"The name of the user.","type":"string"},"username":{"description":"The username of the user.","type":"string"}},"type":"object"},"isMonitored":{"description":"Describes if a project is currently monitored or it is de-activated","type":"boolean"},"issueCountsBySeverity":{"description":"Number of known vulnerabilities in the project, not including ignored issues","properties":{"critical":{"description":"Number of critical severity vulnerabilities","type":"number"},"high":{"description":"Number of high severity vulnerabilities","type":"number"},"low":{"description":"Number of low severity vulnerabilities","type":"number"},"medium":{"description":"Number of medium severity vulnerabilities","type":"number"}},"type":"object"},"lastTestedDate":{"description":"The date on which the most recent test was conducted for this project","type":"string"},"name":{"type":"string"},"origin":{"description":"The origin the project was added from","type":"string"},"owner":{"description":"The user who owns the project, null if not set\n\n{\n \"id\": \"e713cf94-bb02-4ea0-89d9-613cce0caed2\",\n \"name\": \"example-user@snyk.io\",\n \"username\": \"exampleUser\",\n \"email\": \"example-user@snyk.io\"\n}","nullable":true,"properties":{},"type":"object"},"readOnly":{"description":"Whether the project is read-only","type":"boolean"},"remediation":{"description":"Remediation data (if available)","properties":{"patch":{"description":"Recommended patches to apply to the project\n\n(object)\n paths (array) - List of paths to the vulnerable dependency that can be patched","properties":{},"type":"object"},"pin":{"description":"Recommended pins to apply to the project (Python only)\n\n(object)\n + upgradeTo (string, required) - `package@version` to upgrade to\n + vulns (array[string], required) - List of vulnerability ids that will be fixed as part of this upgrade\n + isTransitive (boolean) - Describes if the dependency to be pinned is a transitive dependency","properties":{},"type":"object"},"upgrade":{"description":"Recommended upgrades to apply to the project\n\n(object)\n + upgradeTo (string, required) - `package@version` to upgrade to\n + upgrades (array[string], required) - List of `package@version` that will be upgraded as part of this upgrade\n + vulns (array[string], required) - List of vulnerability ids that will be fixed as part of this upgrade","properties":{},"type":"object"}},"type":"object"},"remoteRepoUrl":{"description":"The project remote repository url. Only set for projects imported via the Snyk CLI tool.","type":"string"},"tags":{"description":"List of applied tags","items":{},"type":"array"},"targetReference":{"description":"The identifier for which revision of the resource is scanned by Snyk. For example this may be a branch for SCM project, or a tag for a container image","nullable":true,"type":"string"},"testFrequency":{"description":"The frequency of automated Snyk re-test. Can be 'daily', 'weekly or 'never'","type":"string"},"totalDependencies":{"description":"Number of dependencies of the project","type":"number"},"type":{"description":"The package manager of the project","type":"string"}},"type":"object"},"Project_Attributes":{},"Project_Counts":{"properties":{"results":{"description":"A list of project counts by day","items":{"properties":{"count":{"description":"The number of projects","type":"number"},"day":{"description":"The date in the format `YYYY-MM-DD`","type":"string"}},"required":["day","count"],"type":"object"},"type":"array"}},"required":["results"],"type":"object"},"Project_Counts_Filters":{"properties":{"filters":{"properties":{"languages":{"description":"The type of languages to filter the results by","items":{},"type":"array"},"orgs":{"description":"The list of org IDs to filter the results by","items":{},"type":"array"},"projects":{"description":"The list of project IDs to filter the results by, max projects allowed is 1000","items":{},"type":"array"}},"required":["orgs"],"type":"object"}},"type":"object"},"Project_History":{},"Project_Issue_Paths":{},"Project_Snapshot_Issue_Paths":{},"Project_attributes":{"properties":{"criticality":{"items":{},"type":"array"},"environment":{"items":{},"type":"array"},"lifecycle":{"items":{},"type":"array"}},"type":"object"},"Project_counts_over_time":{},"Project_dependency_graph":{"properties":{"depGraph":{"description":"The dependency-graph object","properties":{"graph":{"description":"A directional graph of the packages in the project","properties":{"nodes":{"description":"A list of the first-level packages","items":{"properties":{"deps":{"description":"A list of the direct dependencies of the package","items":{"properties":{"nodeId":{"description":"The id of the node","type":"string"}},"required":["nodeId"],"type":"object"},"type":"array"},"nodeId":{"description":"The internal id of the node","type":"string"},"pkgId":{"description":"The id of the package","type":"string"}},"required":["nodeId","pkgId","deps"],"type":"object"},"type":"array"},"rootNodeId":{"description":"The internal id of the root node","type":"string"}},"required":["rootNodeId"],"type":"object"},"pkgManager":{"description":"The package manager of the project","properties":{"name":{"description":"The name of the package manager","type":"string"},"repositories":{"items":{"properties":{"alias":{"type":"string"}},"required":["alias"],"type":"object"},"type":"array"},"version":{"description":"The version of the package manager","type":"string"}},"required":["name"],"type":"object"},"pkgs":{"description":"A list of dependencies in the project","items":{"properties":{"id":{"description":"The internal id of the package","type":"string"},"info":{"properties":{"name":{"description":"The name of the package","type":"string"},"version":{"description":"The version of the package","type":"string"}},"required":["name"],"type":"object"}},"required":["id","info"],"type":"object"},"type":"array"},"schemaVersion":{"description":"The scheme version of the depGraph object","type":"string"}},"required":["schemaVersion","pkgManager","pkgs","graph"],"type":"object"}},"required":["depGraph"],"type":"object"},"Project_ignores":{},"Project_issues_filters":{"properties":{"filters":{"properties":{"exploitMaturity":{"description":"The exploit maturity levels of issues to filter the results by","items":{},"type":"array"},"ignored":{"description":"If set to `true`, only include issues which are ignored, if set to `false`, only include issues which are not ignored","type":"boolean"},"patched":{"description":"If set to `true`, only include issues which are patched, if set to `false`, only include issues which are not patched","type":"boolean"},"priorityScore":{"description":"Include issues that have a priority score between `min` and `max`","properties":{"max":{"type":"number"},"min":{"type":"number"}},"type":"object"},"severities":{"description":"The severity levels of issues to filter the results by","items":{},"type":"array"},"types":{"description":"The type of issues to filter the results by","items":{},"type":"array"}},"type":"object"}},"type":"object"},"Project_jira_issues":{},"Project_move":{"properties":{"targetOrgId":{"description":"The ID of the organization that the project should be moved to. The API_KEY must have group admin permissions. If the project is moved to a new group, a personal level API key is needed.","type":"string"}},"type":"object"},"Project_settings":{"properties":{"autoDepUpgradeEnabled":{"description":"If set to `true`, Snyk will raise dependency upgrade PRs automatically.","type":"boolean"},"autoDepUpgradeIgnoredDependencies":{"description":"An array of comma-separated strings with names of dependencies you wish Snyk to ignore to upgrade.","items":{},"type":"array"},"autoDepUpgradeLimit":{"description":"The limit on auto dependency upgrade PRs.","type":"number"},"autoDepUpgradeMinAge":{"description":"The age (in days) that an automatic dependency check is valid for","type":"number"},"autoRemediationPrs":{"$ref":"#/components/schemas/AutoRemediationPrs"},"pullRequestAssignment":{"$ref":"#/components/schemas/PullRequestAssignment"},"pullRequestFailOnAnyVulns":{"description":"If set to `true`, fail Snyk Test if the repo has any vulnerabilities. Otherwise, fail only when the PR is adding a vulnerable dependency.","type":"boolean"},"pullRequestFailOnlyForHighSeverity":{"description":"If set to `true`, fail Snyk Test only for high and critical severity vulnerabilities","type":"boolean"},"pullRequestTestEnabled":{"description":"If set to `true`, Snyk Test checks PRs for vulnerabilities.:cq","type":"boolean"}},"type":"object"},"Project_snapshots":{"properties":{"snapshots":{"description":"A list of the project's snapshots, ordered according to date (latest first).","items":{"properties":{"created":{"description":"The date that the snapshot was taken","type":"string"},"id":{"description":"The snapshot identifier","type":"string"},"imageBaseImage":{"type":"string"},"imageId":{"type":"string"},"imagePlatform":{"type":"string"},"imageTag":{"type":"string"},"issueCounts":{"description":"Number of known vulnerabilities in the project, not including ignored issues","properties":{"license":{"properties":{"critical":{"description":"Number of critical severity vulnerabilities","type":"number"},"high":{"description":"Number of high severity vulnerabilities","type":"number"},"low":{"description":"Number of low severity vulnerabilities","type":"number"},"medium":{"description":"Number of medium severity vulnerabilities","type":"number"}},"required":["low","medium","high","critical"],"type":"object"},"sast":{"properties":{"critical":{"description":"Number of critical severity vulnerabilities","type":"number"},"high":{"description":"Number of high severity vulnerabilities","type":"number"},"low":{"description":"Number of low severity vulnerabilities","type":"number"},"medium":{"description":"Number of medium severity vulnerabilities","type":"number"}},"required":["low","medium","high","critical"],"type":"object"},"vuln":{"properties":{"critical":{"description":"Number of critical severity vulnerabilities","type":"number"},"high":{"description":"Number of high severity vulnerabilities","type":"number"},"low":{"description":"Number of low severity vulnerabilities","type":"number"},"medium":{"description":"Number of medium severity vulnerabilities","type":"number"}},"required":["low","medium","high","critical"],"type":"object"}},"type":"object"},"method":{"description":"The method by which this snapshot was created.","enum":["api","cli","recurring","web","web-test","wizard"],"type":"string"},"totalDependencies":{"description":"Number of dependencies of the project","type":"number"}},"required":["id","created","totalDependencies","issueCounts"],"type":"object"},"type":"array"},"total":{"description":"The total number of results","type":"number"}},"type":"object"},"Project_snapshots_filters":{"properties":{"filters":{"properties":{"imageId":{"description":"For container projects, filter by the ID of the image","type":"string"}},"type":"object"}},"type":"object"},"Project_tags":{},"Project_without_remediation":{"properties":{"attributes":{"$ref":"#/components/schemas/Project_attributes"},"branch":{"description":"The monitored branch (if available)","nullable":true,"type":"string"},"browseUrl":{"description":"URL with project overview","type":"string"},"created":{"description":"The date that the project was created on","type":"string"},"id":{"description":"The project identifier","type":"string"},"imageBaseImage":{"description":"For docker projects shows the base image","type":"string"},"imageCluster":{"description":"For Kubernetes projects shows the origin cluster name","type":"string"},"imageId":{"description":"For docker projects shows the ID of the image","type":"string"},"imagePlatform":{"description":"For docker projects shows the platform of the image","type":"string"},"imageTag":{"description":"For docker projects shows the tag of the image","type":"string"},"importingUser":{"description":"The user who imported the project","properties":{"email":{"description":"The email of the user.","type":"string"},"id":{"description":"The ID of the user.","type":"string"},"name":{"description":"The name of the user.","type":"string"},"username":{"description":"The username of the user.","type":"string"}},"type":"object"},"isMonitored":{"description":"Describes if a project is currently monitored or it is de-activated","type":"boolean"},"issueCountsBySeverity":{"description":"Number of known vulnerabilities in the project, not including ignored issues","properties":{"critical":{"description":"Number of critical severity vulnerabilities","type":"number"},"high":{"description":"Number of high severity vulnerabilities","type":"number"},"low":{"description":"Number of low severity vulnerabilities","type":"number"},"medium":{"description":"Number of medium severity vulnerabilities","type":"number"}},"type":"object"},"lastTestedDate":{"description":"The date on which the most recent test was conducted for this project","type":"string"},"name":{"type":"string"},"origin":{"description":"The origin the project was added from","type":"string"},"owner":{"description":"The user who owns the project, null if not set\n\n{\n \"id\": \"e713cf94-bb02-4ea0-89d9-613cce0caed2\",\n \"name\": \"example-user@snyk.io\",\n \"username\": \"exampleUser\",\n \"email\": \"example-user@snyk.io\"\n}","nullable":true,"properties":{},"type":"object"},"readOnly":{"description":"Whether the project is read-only","type":"boolean"},"remoteRepoUrl":{"description":"The project remote repository url. Only set for projects imported via the Snyk CLI tool.","type":"string"},"tags":{"description":"List of applied tags","items":{},"type":"array"},"targetReference":{"description":"The identifier for which revision of the resource is scanned by Snyk. For example this may be a branch for SCM project, or a tag for a container image","nullable":true,"type":"string"},"testFrequency":{"description":"The frequency of automated Snyk re-test. Can be 'daily', 'weekly or 'never'","type":"string"},"totalDependencies":{"description":"Number of dependencies of the project","type":"number"},"type":{"description":"The package manager of the project","type":"string"}},"type":"object"},"Projects_filters":{"properties":{"filters":{"properties":{"attributes":{"$ref":"#/components/schemas/Project_attributes"},"isMonitored":{"description":"If set to `true`, only include projects which are monitored, if set to `false`, only include projects which are not monitored","type":"boolean"},"name":{"description":"If supplied, only projects that have a name that **starts with** this value will be returned","type":"string"},"origin":{"description":"If supplied, only projects that exactly match this origin will be returned","type":"string"},"tags":{"properties":{"includes":{"description":"A project must have all provided tags in order to be included in the response. A maximum of 3 tags can be supplied.","items":{},"type":"array"}},"type":"object"},"type":{"description":"If supplied, only projects that exactly match this type will be returned","type":"string"}},"type":"object"}},"type":"object"},"Provision_user":{},"PullRequestAssignment":{"properties":{"assignees":{"description":"an array of usernames that have contributed to the organization's project(s).","items":{},"type":"array"},"enabled":{"description":"if the organization's project(s) will assign Snyk pull requests.","type":"boolean"},"type":{"$ref":"#/components/schemas/AssignmentType"}},"type":"object"},"Remove_project_tag":{},"Repository":{"properties":{"alias":{"description":"deb, apk and rpm package managers should use an alias to indicate the target Operating System, for example 'debian:10'.","type":"string"}},"type":"object"},"SBTFile":{"properties":{"contents":{"description":"The contents of the file, encoded according to the `encoding` field.","type":"string"}},"required":["contents"],"type":"object"},"SemverObject":{"properties":{"unaffected":{"description":"The (semver) range of versions NOT vulnerable to this issue. *Deprecated* and should not be used.","type":"string"},"vulnerable":{"description":"The (semver) range of versions vulnerable to this issue.","type":"string"}},"type":"object"},"Simple_notification_setting_request":{"properties":{"enabled":{"description":"Whether notifications should be sent","type":"boolean"}},"required":["enabled"],"type":"object"},"Simple_notification_setting_response":{"allOf":[{"$ref":"#/components/schemas/Simple_notification_setting_request"},{"properties":{"inherited":{"description":"Whether the setting was found on the requested context directly or inherited from a parent","type":"boolean"}},"type":"object"}]},"Tag":{"properties":{"key":{"description":"Alphanumeric including - and _ with a limit of 30 characters","type":"string"},"value":{"description":"Alphanumeric including - and _ with a limit of 50 characters","type":"string"}},"type":"object"},"Tag_body":{"properties":{"key":{"description":"Valid tag key.","type":"string"},"value":{"description":"Valid tag value.","type":"string"}},"type":"object"},"Test_Counts":{"properties":{"results":{"description":"A list of test counts","items":{"properties":{"count":{"description":"The number of tests conducted","type":"number"},"isPrivate":{"properties":{"false":{"description":"The number of tests conducted against public projects","type":"number"},"true":{"description":"The number of tests conducted against private projects","type":"number"}},"type":"object"},"issuesPrevented":{"properties":{"false":{"description":"The number of tests that did not prevent issues from being introduced","type":"number"},"true":{"description":"The number of tests that prevented issues from being introduced","type":"number"}},"type":"object"}},"required":["count"],"type":"object"},"type":"array"}},"required":["results"],"type":"object"},"Test_counts":{},"Tests_Filters":{"properties":{"filters":{"properties":{"isPrivate":{"description":"If set to `true`, only include tests which were conducted against private projects, if set to `false` only include tests which were conducted against public projects","type":"boolean"},"issuesPrevented":{"description":"If set to `true`, only include tests which prevented issues from being introduced, if set to `false` only include tests which did not prevent issues from being introduced","type":"boolean"},"orgs":{"description":"The list of org IDs to filter the results by","items":{},"type":"array"},"projects":{"description":"The list of project IDs to filter issues by, max projects allowed is 1000","items":{},"type":"array"}},"required":["orgs"],"type":"object"}},"type":"object"},"The_Snyk_organization_for_a_request":{},"Update_member_roles_in_your_organization":{},"User_Details":{},"User_invitation_to_organization":{},"User_organization_notification_settings":{},"User_project_notification_settings":{},"Vulnerability":{"properties":{"CVSSv3":{"description":"Common Vulnerability Scoring System (CVSS) provides a way to capture the principal characteristics of a vulnerability, and produce a numerical score reflecting its severity, as well as a textual representation of that score.","type":"string"},"alternativeIds":{"properties":{},"type":"object"},"creationTime":{"type":"string"},"credit":{"description":"The reporter of the vulnerability","properties":{},"type":"object"},"cvssScore":{"description":"CVSS Score.","type":"number"},"description":{"description":"The description of the vulnerability","type":"string"},"disclosureTime":{"type":"string"},"exploitMaturity":{"description":"Snyk exploit maturity for this issue. One of: `mature`, `proof-of-concept`, `no-known-exploit` or `no-data`.","type":"string"},"from":{"description":"Paths from which the vulnerable package is required in the code base.","properties":{},"type":"object"},"functions":{"description":"List of vulnerable functions inside the vulnerable packages.","items":{},"type":"array"},"identifiers":{"description":"Additional identifiers for this issue (CVE, CWE, etc).","properties":{},"type":"object"},"isPatchable":{"description":"Is a patch by Snyk available to fix this vulnerability?","type":"boolean"},"isPinnable":{"description":"Will pinning this package to a newer version fix the vulnerability?","type":"boolean"},"isUpgradable":{"description":"Will upgrading a top-level dependency fix the vulnerability?","type":"boolean"},"language":{"description":"The programming language for this package.","type":"string"},"modificationTime":{"type":"string"},"packageManager `npm`":{"type":"string"},"packageName":{"description":"The name of the vulnerable package.","type":"string"},"patches":{"description":"Patches to fix this issue, by Snyk.","items":{},"type":"array"},"publicationTime":{"type":"string"},"semver":{"$ref":"#/components/schemas/SemverObject"},"severity":{"description":"Snyk severity for this issue. One of: `critical`, `medium`, `high`, `medium` or `low`.","type":"string"},"title":{"description":"The title of the vulnerability","type":"string"},"upgradePath":{"properties":{},"type":"object"}},"type":"object"},"Webhook":{},"Webhook_Collection":{},"YarnLockFile":{"properties":{"contents":{"type":"string"}},"type":"object"},"composer":{},"composer_request_payload":{"properties":{"encoding":{"description":"the encoding for the manifest files sent.","enum":["plain","base64"],"type":"string"},"files":{"description":"The manifest files:","properties":{"additional":{"description":"a lockfile encoded according the the \"encoding\" field.","items":{},"type":"array"},"target":{"description":"the `composer.json` file, encoded according the the \"encoding\" field.","properties":{"contents":{"type":"string"}},"type":"object"}},"required":["target","additional"],"type":"object"}},"required":["files"],"type":"object"},"dep":{},"golangdep_request_payload":{"properties":{"encoding":{"description":"the encoding for the manifest files sent.","enum":["plain","base64"],"type":"string"},"files":{"description":"The manifest files:","properties":{"additional":{"description":"a lockfile encoded according the the \"encoding\" field.","items":{},"type":"array"},"target":{"description":"the `Gopkg.toml` file, encoded according the the \"encoding\" field.","properties":{"contents":{"type":"string"}},"type":"object"}},"required":["target","additional"],"type":"object"}},"required":["files"],"type":"object"},"govendor_request_payload":{"properties":{"encoding":{"description":"the encoding for the manifest files sent.","enum":["plain","base64"],"type":"string"},"files":{"description":"The manifest files:","properties":{"target":{"description":"the `vendor.json` file, encoded according the the \"encoding\" field.","properties":{"contents":{"type":"string"}},"type":"object"}},"required":["target"],"type":"object"}},"required":["files"],"type":"object"},"graph_request_payload":{"properties":{"depGraph":{"$ref":"#/components/schemas/DepGraphData"}},"required":["depGraph"],"type":"object"},"ignorePath":{},"issueId":{},"monitor_graph_payload":{"properties":{"depGraph":{"$ref":"#/components/schemas/MonitorDepGraphData"},"meta":{"$ref":"#/components/schemas/MonitorMetaData"}},"required":["depGraph"],"type":"object"},"npm":{},"npm_request_payload":{"properties":{"encoding":{"description":"the encoding for the manifest files sent.","enum":["plain","base64"],"type":"string"},"files":{"description":"The manifest files:","properties":{"additional":{"description":"a lockfile can be sent (if needed), encoded according the the \"encoding\" field.","items":{},"type":"array"},"target":{"description":"the `package.json` file, encoded according the the \"encoding\" field.","properties":{"contents":{"description":"the contents of `package.json` as a string.","type":"string"}},"required":["contents"],"type":"object"}},"required":["target"],"type":"object"}},"required":["files"],"type":"object"},"pip":{},"pip_request_payload":{"properties":{"encoding":{"description":"the encoding for the manifest files sent.","enum":["plain","base64"],"type":"string"},"files":{"description":"The manifest files:","properties":{"target":{"description":"the `requirements.txt` file, encoded according the the \"encoding\" field.","properties":{"contents":{"description":"the contents of `requirements.txt` as a string, encoded according to `encoding` above.","type":"string"}},"required":["contents"],"type":"object"}},"required":["target"],"type":"object"}},"required":["files"],"type":"object"},"rubygems":{},"rubygems_request_payload":{"properties":{"encoding":{"description":"the encoding for the manifest files sent.","enum":["plain","base64"],"type":"string"},"files":{"description":"The manifest files:","properties":{"target":{"description":"the `Gemfile.lock` file, encoded according the the \"encoding\" field.","properties":{"contents":{"description":"the contents of `Gemfile.lock` as a string.","type":"string"}},"required":["contents"],"type":"object"}},"required":["target"],"type":"object"}},"required":["files"],"type":"object"},"sbt":{},"sbt_request_payload":{"properties":{"encoding":{"description":"the encoding for the manifest files sent.","enum":["plain","base64"],"type":"string"},"files":{"description":"The manifest files:","properties":{"target":{"$ref":"#/components/schemas/SBTFile"}},"required":["target"],"type":"object"}},"required":["files"],"type":"object"},"vendor":{},"yarn":{},"yarn_request_payload":{"properties":{"encoding":{"description":"the encoding for the manifest files sent.","enum":["plain","base64"],"type":"string"},"files":{"description":"The manifest files:","properties":{"additional":{"description":"a lockfile can be sent (if needed), encoded according the the \"encoding\" field.","items":{},"type":"array"},"target":{"description":"the `package.json` file, encoded according the the \"encoding\" field.","properties":{"contents":{"description":"the contents of `package.json` as a string.","type":"string"}},"required":["contents"],"type":"object"}},"required":["target"],"type":"object"}},"required":["files"],"type":"object"}}}}