cve-analysis
Safeguard articles tagged "cve-analysis" — guides, analysis, and best practices for software supply chain and application security.
134 articles
Reachability analysis for vulnerability prioritization
Most CVEs your scanner flags are never executed. See how reachability analysis filters noise, how Socket.dev approaches it, and how Safeguard finds real risk.
Apache Struts remote code execution CVE history
A decade of Apache Struts RCEs — from Equifax's CVE-2017-5638 to 2024's file-upload bypass — traced through CVSS, EPSS, KEV, and fixes.
Filesystem takeover vulnerabilities in the npm package manager
How npm and node-tar "filesystem takeover" CVEs let malicious packages overwrite files via symlinks and path traversal during install.
Understanding zero-day vulnerabilities and incident response
A concrete look at zero-day vulnerabilities and incident response, using Log4Shell, MOVEit, and CISA KEV data to explain how fast defenders must move.
WebExtension vulnerabilities in React DevTools and Vue.js DevTools
CVE-2023-5654 and CVE-2023-5718 exposed 5M+ React and Vue devtools users to postMessage flaws. Here's how devtools extensions became supply chain risk.
Container security best practices checklist
A practical container security checklist covering base images, scanning limits, runtime risk, and why CVE scans like Trivy alone miss most real supply chain threats.
Container escape attacks: how they happen and how to prev...
Container escapes rarely need a zero-day — privileged flags, mounted sockets, and excess capabilities do the job. Here's how they happen, real CVEs, and how to stop them.
Software supply chain attacks: how they work and recent e...
Software supply chain attacks like SolarWinds, xz-utils, and polyfill.io bypass vulnerability scanners entirely. Here's how they work and where provenance verification fills the gap.
162 vulnerabilities disclosed in Java's top 10 libraries
Safeguard's H1 2026 analysis found 162 CVEs across Java's ten most-downloaded libraries, with critical RCE risk concentrated in Tomcat and Spring.
What is a Zero-Day Vulnerability
A zero-day vulnerability is exploited before a patch exists. See real cases like Log4Shell and MOVEit, and how to cut response time.
What is Command Injection
Command injection lets attackers run OS commands through unsanitized input. Learn how it works, real CVEs like Shellshock and PAN-OS, and how to prevent it.
What is Privilege Escalation
Privilege escalation turns a minor foothold into a full breach. Learn the techniques, real-world examples, and how to detect and stop it.