# Understand your vulnerabilities ## **Introduction: see vulnerability details** {% hint style="info" %} **Recap**\ You have [viewed and understood scanned Projects](https://docs.snyk.io/~/changes/m2hJeDrttXy2N83AnRjM/getting-started/walkthrough-code-repository-projects/view-your-first-snyk-projects); now you can look at the details of vulnerabilities in that Project. {% endhint %} ### See your vulnerabilities First, open a target to see your Snyk Projects:

Next, select a Project in that list, to see details of the vulnerabilities found in that Project. For example, for a **Code analysis** project scanned by Snyk Code:

See [View project information](https://docs.snyk.io/~/changes/m2hJeDrttXy2N83AnRjM/manage-issues/introduction-to-snyk-projects/view-project-information) for more details. ### View Issue Cards Now, look at the vulnerability information for each Snyk Project, provided in Issue Cards:

Again, there's a lot of information for you to understand, so take the time to understand how all of this information relates to your vulnerability, to help you decide on what fix actions to take. For details, see [Issue card information](https://docs.snyk.io/~/changes/m2hJeDrttXy2N83AnRjM/manage-issues/introduction-to-snyk-projects/issue-card-information). ### Access more vulnerability information Snyk provides detailed resources for more information about vulnerabilities, accessible directly from the card: * [**Snyk Vulnerability Database**](https://docs.snyk.io/~/changes/m2hJeDrttXy2N83AnRjM/scan-application-code/snyk-open-source/starting-to-fix-vulnerabilities/using-the-snyk-vulnerability-database): access details on a specific vulnerability. * [**Snyk Learn**](https://docs.snyk.io/~/changes/m2hJeDrttXy2N83AnRjM/more-info/more-resources/snyk-learn): access general information about that type of vulnerability. #### Access Snyk Vulnerability Database For Open Source and Container vulnerabilities, click on the Snyk vulnerability Identifier (on the right of the Severity Level) to access detailed [Snyk Vulnerability Database](https://docs.snyk.io/~/changes/m2hJeDrttXy2N83AnRjM/scan-application-code/snyk-open-source/starting-to-fix-vulnerabilities/using-the-snyk-vulnerability-database) information for that vulnerability, as defined by Snyk. For example:

For this example, click on the Snyk vulnerability Identifier to see how Hibernate core and its libraries are vulnerable to SQL injection:

Snyk Vulnerability Database example entry

{% hint style="info" %} [Snyk Code](https://docs.snyk.io/~/changes/m2hJeDrttXy2N83AnRjM/scan-application-code/snyk-code) and [Snyk IaC](https://docs.snyk.io/~/changes/m2hJeDrttXy2N83AnRjM/scan-cloud-deployment/snyk-infrastructure-as-code) issue cards have separate information sets for these areas. {% endhint %} #### Access Snyk Learn Click **Learn about this type of vulnerability** to access [Snyk Learn](https://learn.snyk.io/) security educational materials:

Access Snyk Learn from a vulnerability card

For example, see [Snyk Learn SQL injection](https://learn.snyk.io/lessons/sql-injection/javascript/) for more details about this type of vulnerability. {% hint style="info" %} Some cards may not have Snyk Learn lessons available - if so, no links are presented.. {% endhint %} ### Understand the Snyk Priority Score The [Snyk Priority Score](https://docs.snyk.io/~/changes/m2hJeDrttXy2N83AnRjM/manage-issues/issue-management/priority-score), ranging from 0 - 1,000, is our evaluation of the seriousness of the vulnerability. The Snyk Priority Score includes [CVSS](https://www.first.org/cvss/calculator/3.1) (Common Vulnerability Scoring System) information, plus other factors such as attack complexity and known exploits. For example, this **Hibernate** vulnerability has no known exploit allowing attackers to take advantage of that vulnerability. Other factors also affect the score. For example, SQL injections are easy to run (you just need a web browser and submit a form), so increasing the score, but it takes more work to understand and exploit the results for that attack, so decreasing the score. ### Open source vulnerabilities: fixes and dependency information For open-source library scans by Snyk Open Source, you can also access fix and dependency information., in the **Fixes** and **Dependencies** tabs of your Project results. #### Fixes tab Snyk's knowledge of the transitive dependencies in your project make it possible for Snyk to offer fix advice, in the **Fixes** tab:

Fix advice for Open Source vulnerabilities

See [Fix your first vulnerability](https://docs.snyk.io/~/changes/m2hJeDrttXy2N83AnRjM/getting-started/walkthrough-code-repository-projects/fix-your-first-vulnerability) for more details. #### Dependencies tab Snyk uses the package manager of your application to build the dependency tree and display it in the **Dependencies** tab of the project view:

Dependencies for Open Source vulnerabilities

Click the file tree icon (![](https://2533899886-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MdwVZ6HOZriajCf5nXH%2Fuploads%2FjZ1xohVJVLkcuCFiQgEt%2Fimage.png?alt=media\&token=81173326-799b-4fb8-9e16-92f375b7e3b4)) to build the dependency tree, showing which components introduce a vulnerability. This helps you understand how the dependency was introduced to the application:

For example, the above screenshot shows a vulnerability based on the transitive dependency **qs\@2.2.4**, brought in from the direct dependency **body-parser@ 1.9.0**. ### What's next? Now you understand your vulnerability information, you can decide how to fix it. See [Fix your first vulnerability](https://docs.snyk.io/~/changes/m2hJeDrttXy2N83AnRjM/getting-started/walkthrough-code-repository-projects/fix-your-first-vulnerability).