Snyk Intel Vulnerability DB

Empowering agile development teams with trusted data and insights to rapidly secure open source code

sign up for free
Snyk Intel Vulnerability DB is the most advanced and accurate open source vulnerability database in the industry. Continuously curated by an experienced Security Research Team, the Snyk Intel Vulnerability DB maintains its high standards which enable your teams to be optimally efficient at containing open source security issues while maintaining their focus on development.

Comprehensive security coverage

Best Coverage

The Snyk Intel database goes far beyond CVE vulnerabilities and other public databases, including many additional non-CVE vulnerabilities derived from numerous sources

%
More vulnerabilities covered than the next largest publicly available commercial database
Know Sooner

Snyk exposes many vulnerabilities before they are added to public databases.

%
of the JavaScript vulnerabilities in NVD were added first to the Snyk database
Detect Faster

Because Snyk exposes many vulnerabilities before other sources you can detect and correct issues faster.

days
faster identification of vulnerabilities in Snyk database than the next largest commercial database

Database sources

  • 01
    Enriched data from over 10 vulnerability databases

    Such as CVE, NVD and more. Data derived from these resources is analysed, tested and enriched, before being included in the database.

  • 02
    Dedicated proprietary research for new vulnerabilities:

    Our Security team is working to uncover severe vulnerabilities in key components - 54 zero-day vulnerabilities discovered in 2019

  • 03
    Threat Intelligence systems:

    Listen to chatter on security bulletins, Jira boards, Github commits etc.; to automatically identify vulnerabilities that have yet to be reported. Previously surfaced vulnerabilities from this source include Apache Airflow and Marked.

  • 04
    Community relationship:

    Snyk collaborates with the community and operates bug bounties for new disclosures. This activity results in hundreds of community disclosures, such as f2e-server.

  • 05
    Collaboration with academia:

    The team partners with PhD academia labs such as Berkeley, Virginia Tech and Waterloo, to exchange tools, methods and data. Findings are then exclusively disclosed by Snyk

Team of security experts

Snyk’s security database is managed by a team of experts, researchers and analysts ensuring the database maintains a high level of accuracy with a low false-positive rate.

Snyk database authority was validated by the leading security institutes. Snyk was granted a CVE numbering authority, it is a member of the Node foundation security membership group and a contibuter member of OWASP.

The team is headed by Snyk’s co-founder, Danny Grander, a veteran security researcher. Previously, Danny built cyber solutions for government agencies, led vulnerabilities research and managed research and development teams. Danny is a competitor and frequent winner of CTF at DefCon, CCC CTF, Google CTF.

Curated, enriched and actionable content

Hand-curated content and enriched metadata:
  • A detailed vulnerability description is offered including: hand-curated content and summaries, including code snippets were applicable.
  • All items in the database are analyzed and tested for their accuracy (version ranges, vulnerable method, etc).
  • CVSS score and vector are assigned to 100% of vulnerabilities.
Triage support:
  • Vulnerable functions called in runtime
    For issue prioritization, Snyk is able to alert when a vulnerable function is actually being called during the runtime of the application.
  • Exploitability
    Snyk indicates when a vulnerability has a published proof of concept of how it can be exploited Published exploit code serves as a good indicator of exploitability because it enables attackers to easily weaponize a vulnerability.

Powering security across the ecosystem

Powering Google Chrome

Powering vulnerability scanning in NodeSource N|Solid and Certified Modules

Security partner of Linux Foundation

Leif Dreizler Segment, Security Engineering

“Compared to other solutions we evaluated, Snyk had more comprehensive security coverage, better language support, and was easier to integrate with our development pipeline”

Try Snyk for free

Protected by Snyk