Tag
cve-roundup
Safeguard articles tagged "cve-roundup" — guides, analysis, and best practices for software supply chain and application security.
3 articles
Open Source Security
Node.js runtime CVE roundup
A roundup of Node.js runtime CVEs since 2024 — command injection, HTTP smuggling, permission bypasses, and why runtime flaws evade typical dependency scanners.
Nov 28, 20257 min read
Vulnerabilities
Notable CVEs of 2022: A Practitioner's Roundup
CVE-2022-31160 and a run of recursion-based denial-of-service bugs made 2022 a year defined less by exotic exploits and more by parsers that never expected deeply nested input.
Feb 14, 20245 min read
Vulnerabilities
Notable CVEs of 2023: A Practitioner's Roundup
From an OpenSSL IV-truncation flaw to a critical Babel code-execution bug, 2023's CVE crop is a good reminder that severity and blast radius don't always line up.
Jan 30, 20246 min read