The Snyk CLI and IDE plugins have been found to contain two medium severity vulnerabilities, CVSSv3 5.8, which can lead to arbitrary code execution on the host system. The first vulnerability, CVE-2022-24441, is related to code injection in the Snyk CLI and Snyk IDE plugins, while the second vulnerability, CVE-2022-22984, is a command injection vulnerability in the Snyk CLI. To mitigate these risks, users are advised to upgrade their plugins to versions with project trust features and follow best practice advice for scanning untrusted code. The vulnerabilities were discovered through a responsible disclosure process by Imperva and do not pose an immediate critical risk, but good hygiene is still recommended. Users can find more information on the Snyk Support portal.