View exploits
An exploit is a demonstration of how a vulnerability can be taken advantage of. When an exploit is widely published, it is commonly referred to as an exploit "in the wild".
You can:
View exploits in Projects
In the Snyk web UI, go to the detailed Projects page for any of your projects; exploit information is available for each issue found in that Project:
Filter by exploit maturity
You can filter detected issues in your Projects by exploit maturity, to see whether a specific vulnerability has an exploit in the wild, and if so, how mature that exploit is.
This way, you can prioritize and attend to the most important and risky vulnerabilities first.
The filter appears as follows:
Mature: Snyk has a published code exploit for this vulnerability.
Proof of concept: Snyk has a proof-of-concept or detailed explanation of how to exploit this vulnerability. Note: Proof of Concept vulnerability patches cannot be disabled and will appear in fix PRs where they are found
No known exploit: Snyk did not find a proof-of-concept or a published exploit for this vulnerability.
No data: The issue is not a vulnerability (but rather, a license issue or a vulnerability advisory)
View exploits in Reports
You can also view exploit information from Reports
How it works: how exploits are determined
Information about the exploit's existence and status are collected from various sources.
The security analysts at Snyk hand-curated information on new exploits and an automated process that explores structured and unstructured data from multiple exploit sources.
Examples of structured data are the Known Exploited Vulnerabilities Catalog by CISA (Cybersecurity and Infrastructure Security Agency) Exploit DB, and others. Examples of unstructured data are blogs, forums, and social media sites like Twitter.
Last updated
Was this helpful?