Open Source Security
In-depth guides and analysis on open source security from the Safeguard engineering team.
404 articles
.NET deserialization vulnerability landscape
A look at the .NET deserialization vulnerability landscape — from the 2025 ASP.NET machine key crisis to BinaryFormatter's retirement and Telerik exploits.
NuGet typosquatting campaign report
Four disclosed NuGet typosquatting campaigns since 2024 reveal a shift toward patient, audience-specific attacks — from ICS time bombs to wallet-draining homoglyphs.
Compromised NuGet author accounts
NuGet maintainer accounts are the .NET supply chain's weakest link. Here's why account takeover beats typosquatting, and how to detect it before a CVE exists.
Most vulnerable .NET libraries report
Safeguard's H1 2026 analysis of 41,000+ .NET repos reveals a small cluster of NuGet packages driving nearly half of all vulnerability findings—and most aren't even reachable.
ASP.NET Core vulnerability trends
A data-driven look at ASP.NET Core's recurring CVE patterns — DoS in Kestrel/SignalR, deserialization bugs, and NuGet supply chain risk — and how to triage what matters.
NuGet dependency confusion risk report
NuGet's default feed-resolution behavior keeps dependency confusion risk elevated across .NET orgs. Here's what the incident history shows, and how to close the gap.
Composer package vulnerability trends report
Composer package vulnerabilities rose 34% YoY, with 60%+ arriving via transitive dependencies. Safeguard breaks down the trends and what security teams should do.
Malicious Composer packages on Packagist
Three malicious Composer package campaigns hit Packagist in under a year -- each sitting undetected for months. Here's what happened and how to catch the next one faster.
WordPress plugin vulnerability trends
WordPress plugin CVEs keep climbing and exploitation windows keep shrinking. Here's what the latest vulnerability trends mean for security teams in 2026.
PHP object injection vulnerability landscape
Industry analysis of PHP object injection vulnerability trends, gadget chains, and real-world CVEs, plus how to find exploitable deserialization paths.
Packagist typosquatting report
A report on Packagist typosquatting campaigns targeting Composer/PHP packages, how attackers exploit install hooks, and how to detect them.
npm Provenance: Adoption Tracking in Late 2025
Two and a half years after npm provenance launched, adoption is climbing but uneven. Here is the late-2025 picture across the top packages and frameworks.