Synopsys Synopsys

  1. Vendors
  2. Synopsys

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Synopsys product.

RSS Feeds for Synopsys security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Synopsys products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Synopsys Sorted by Most Security Vulnerabilities since 2018

Synopsys Coverity2 vulnerabilities

Synopsys Black Duck Hub1 vulnerability

Synopsys Code Dx1 vulnerability

Synopsys Hub Rest Api Python1 vulnerability

Synopsys Seeker1 vulnerability

Synopsys Seeker Iast Service Broker1 vulnerability

By the Year

In 2026 there have been 0 vulnerabilities in Synopsys. Synopsys did not have any published security vulnerabilities last year.




Year Vulnerabilities Average Score
2026 0 0.00
2025 0 0.00
2024 1 5.40
2023 3 7.07
2022 1 6.10
2021 0 0.00
2020 1 7.50
2019 1 7.80

It may take a day or so for new Synopsys vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Synopsys Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2024-0226 Jan 09, 2024
Synopsys Seeker v<2023.12.0: Stored XSS Vulnerability Synopsys Seeker versions prior to 2023.12.0 are vulnerable to a stored cross-site scripting vulnerability through a specially crafted payload.
Seeker
CVE-2023-2158 Apr 27, 2023
Code Dx <2023.4.2: User Impersonation via Hard-Coded Cipher in Remember Me Token Code Dx versions prior to 2023.4.2 are vulnerable to user impersonation attack where a malicious actor is able to gain access to another user's account by crafting a custom "Remember Me" token. This is possible due to the use of a hard-coded cipher which was used when generating the token. A malicious actor who creates this token can supply it to a separate Code Dx system, provided they know the username they want to impersonate, and impersonate the user.  Score 6.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Code Dx
CVE-2023-1663 Mar 29, 2023
Coverity < 2023.3.2: Forced Browsing via insecure servlet mapping Coverity versions prior to 2023.3.2 are vulnerable to forced browsing, which exposes authenticated resources to unauthorized actors. The root cause of this vulnerability is an insecurely configured servlet mapping for the underlying Apache Tomcat server. As a result, the downloads directory and its contents are accessible. 5.9 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:P/RL:O/RC:C)
Coverity
CVE-2023-23849 Feb 06, 2023
Coverity Connect <2022.12.0 Unauth XSS via Subdomain Cookie Attack Versions of Coverity Connect prior to 2022.12.0 are vulnerable to an unauthenticated Cross-Site Scripting vulnerability. Any web service hosted on the same sub domain can set a cookie for the whole subdomain which can be used to bypass other mitigations in place for malicious purposes. CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/RL:O/RC:C
Coverity
CVE-2022-30278 May 10, 2022
A vulnerability in Black Duck Hubs embedded MadCap Flare documentation files could A vulnerability in Black Duck Hubs embedded MadCap Flare documentation files could allow an unauthenticated remote attacker to conduct a cross-site scripting attack. The vulnerability is due to improper validation of user-supplied input to MadCap Flare's framework embedded within Black Duck Hub's Help Documentation to supply content. An attacker could exploit this vulnerability by convincing a user to click a link designed to pass malicious input to the interface. A successful exploit could allow the attacker to conduct cross-site scripting attacks and gain access to sensitive browser-based information.
Black Duck Hub
CVE-2020-27589 Nov 06, 2020
Synopsys hub-rest-api-python (aka blackduck on PyPI) version 0.0.25 - 0.0.52 does not validate SSL certificates in certain cases. Synopsys hub-rest-api-python (aka blackduck on PyPI) version 0.0.25 - 0.0.52 does not validate SSL certificates in certain cases.
Hub Rest Api Python
CVE-2019-3800 Aug 05, 2019
CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials.
Seeker Iast Service Broker
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.