Safeguard
Topic

Vulnerability Analysis

In-depth guides and analysis on vulnerability analysis from the Safeguard engineering team.

568 articles

Vulnerability Analysis

Apache Struts remote code execution CVE history

A decade of Apache Struts RCEs — from Equifax's CVE-2017-5638 to 2024's file-upload bypass — traced through CVSS, EPSS, KEV, and fixes.

May 4, 20267 min read
Vulnerability Analysis

Zip Slip: archive extraction path traversal explained

Zip Slip lets malicious archives write files outside their extraction folder via ../ paths — how it works, real CVEs, and how to detect and fix it.

May 3, 20267 min read
Vulnerability Analysis

jQuery prototype pollution vulnerability re-emerges

jQuery's prototype pollution flaw (CVE-2019-11358) keeps surfacing in 2026 dependency scans. Here's why it persists and how to remediate it.

May 2, 20268 min read
Vulnerability Analysis

Lodash prototype pollution vulnerabilities explained

A breakdown of lodash's prototype pollution CVEs (CVE-2018-3721, CVE-2019-10744, CVE-2020-8203), their impact, and concrete remediation steps.

May 2, 20267 min read
Vulnerability Analysis

Regular expression DoS in the ms npm package

A ReDoS flaw in the ubiquitous npm package ms (CVE-2015-8315) still surfaces in dependency scans today. Here's the impact, fix, and remediation steps.

May 2, 20267 min read
Vulnerability Analysis

Filesystem takeover vulnerabilities in the npm package manager

How npm and node-tar "filesystem takeover" CVEs let malicious packages overwrite files via symlinks and path traversal during install.

May 1, 20267 min read
Vulnerability Analysis

CVE scoring inconsistencies across vulnerability databases

Why the same CVE can carry three different severity scores across NVD, GitHub, and vendor advisories — and how to prioritize anyway.

May 1, 20266 min read
Vulnerability Analysis

The NVD backlog and its impact on vulnerability management

The NVD backlog leaves thousands of CVEs unscored each month, forcing security teams to rethink how they prioritize and triage vulnerabilities.

May 1, 20266 min read
Vulnerability Analysis

Critical RCE via ImageMagick: hacking Docker containers

ImageTragick and CVE-2022-44268 show how one image-processing library keeps handing attackers shells and secrets inside Docker containers.

May 1, 20266 min read
Vulnerability Analysis

GHSA vs CVE vs OSV: comparing vulnerability identifier formats

A plain-language breakdown of CVE, GHSA, and OSV vulnerability identifiers, who assigns them, how they differ, and why one flaw can carry three IDs.

Apr 30, 20267 min read
Vulnerability Analysis

Understanding zero-day vulnerabilities and incident response

A concrete look at zero-day vulnerabilities and incident response, using Log4Shell, MOVEit, and CISA KEV data to explain how fast defenders must move.

Apr 30, 20266 min read
Vulnerability Analysis

Reachability analysis for prioritizing vulnerabilities

Reachability analysis cuts vulnerability noise by 70-90% by tracing which CVEs are actually callable from your code, not just present in your dependency tree.

Apr 29, 20268 min read
Vulnerability Analysis (Page 7) — Supply Chain Security Blog | Safeguard