View exploits

An exploit is a demonstration of how a vulnerability can be taken advantage of. When an exploit is widely published, it is commonly referred to as an exploit "in the wild."

This page explains how to View exploits in Projects and View exploits in Reports as well as How exploits are determined.

View exploits in Projects

In the Snyk web UI, navigate to the Project detail page for any of your Projects. Exploit information is shown for each issue found in that Project:

You can filter detected issues in your Projects by exploit maturity, to see whether a specific vulnerability has an exploit in the wild, and if so, how mature that exploit is. This helps you prioritize and attend to the most important and risky vulnerabilities first.

The filter has the following options:

• Mature: Snyk has a published code exploit for this vulnerability.

• Proof of concept: Snyk has a proof-of-concept or detailed explanation of how to exploit this vulnerability. Proof of concept vulnerability patches cannot be disabled and will appear in fix PRs where they are found

• No known exploit: Snyk did not find a proof-of-concept or a published exploit for this vulnerability.

• No data: The issue is not a vulnerability, but a license issue or a vulnerability advisory.

View exploits in Reports

You can also view exploit information from Reports

How exploits are determined

Information about the existence and status of an exploit is collected from various sources.

The security analysts at Snyk curate information on new exploits and an automated process explores structured and unstructured data from multiple exploit sources.

Examples of structured data are the Known Exploited Vulnerabilities Catalog by CISA (Cybersecurity and Infrastructure Security Agency) Exploit DB. Examples of unstructured data include blogs, forums, and social media sites like Twitter.