The Grunt JavaScript package was found to have an arbitrary code execution vulnerability, specifically due to the use of a vulnerable `load()` function from the `js-yaml` package. The Snyk research team discovered this vulnerability through their efforts to identify patterns of insecure coding practices and developed a linter rule to detect it. The vulnerability was confirmed to be exploitable by George Gkitsas, who built a proof of concept, and the Grunt package maintainer responded quickly to address the issue, releasing a fix within under a week. This discovery highlights Snyk's efforts to empower developers to stay secure while leveraging open source in their development.