Understand your vulnerabilities
Recap You have viewed and understood scanned Projects; now you can look at the details of vulnerabilities in that Project.

First, open a target to see your Snyk Projects:
Next, click on a Snyk Project in that list to see details of the vulnerabilities found in that Project.
For example, for a code analysis scanned by Snyk Code:
See View project information for more details.

Now, look at the vulnerability information for each Snyk Project, provided in Issue Cards:
Again, there's a lot of information for you to understand, so take the time to understand how all of this information relates to your vulnerability, to help you decide on what fix actions to take.
For details, see Issue card information (docs) and Understand issue components (training).

Snyk provides detailed resources for more information about vulnerabilities, accessible directly from the card:
  • Snyk Vulnerability Database: access details on a specific vulnerability.
  • Snyk Learn: access general information about that type of vulnerability.

For Open Source and Container vulnerabilities, click on the Snyk vulnerability Identifier (on the right of the Severity Level) to access detailed Snyk Vulnerability Database information for that vulnerability, as defined by Snyk. For example:
For this example, click on the Snyk vulnerability Identifier to see how Hibernate core and its libraries are vulnerable to SQL injection:
Snyk Code and Snyk IaC issue cards have separate information sets for these areas.

To research more about a vulnerability, click Learn about this type of vulnerability to access Snyk Learn security educational materials:
For example, see Snyk Learn SQL injection for more details about this type of vulnerability.

The Snyk Priority Score, ranging from 0 - 1,000, is our evaluation of the seriousness of the vulnerability. The Snyk Priority Score includes CVSS (Common Vulnerability Scoring System) information, and other factors such as attack complexity and known exploits. For example, this Hibernate vulnerability has no known exploit allowing attackers to take advantage of that vulnerability.
Other factors also affect the score. For example, SQL injections are easy to run (you just need a web browser and submit a form), so increasing the score, but it takes more work to understand and exploit the results for that attack, so decreasing the score.

For open source library scans by Snyk Open Source, you can also access fix and dependency information., in the Fixes and Dependencies tabs of you Project results.

Snyk's knowledge of the transitive dependencies in your project make it possible for Snyk to offer fix advice, in the Fixes tab:
See Fixing vulnerabilities for more details

Snyk uses the package manager of your application to build the dependency tree and display it in the Dependencies tab of the project view:
Click the file tree icon (
) to build the dependency tree, showing which components introduce a vulnerability. This helps you understand how the dependency was introduced to the application:
For example, the above screenshot shows a vulnerability based on the transitive dependency [email protected], brought in from the direct dependency [email protected] 1.9.0.

Now you understand your vulnerability information, you can decide how to fix it.
Export as PDF
Copy link
Edit on GitHub
On this page
See your vulnerabilities
View Issue Cards
Access more vulnerability information
Understand the Snyk Priority Score
Open source vulnerabilities: fixes and dependency information
What's next?