Tag
javascript-vulnerability-scanner
Safeguard articles tagged "javascript-vulnerability-scanner" — guides, analysis, and best practices for software supply chain and application security.
3 articles
AppSec
JavaScript Vulnerability Scanners: How They Actually Work
A javascript vulnerability scanner has to reason about a dynamically typed, dependency-heavy language — which is why the good ones combine static analysis with dependency-graph lookups rather than relying on either alone.
May 6, 20255 min read
Vulnerabilities
CVE-2019-8331: The Bootstrap XSS Vulnerability, Explained
CVE-2019-8331 let attackers inject script through Bootstrap's tooltip and popover template options, a pattern that recurred across several Bootstrap CVEs before 4.3.1 finally closed it.
May 21, 20244 min read
Vulnerabilities
CVE-2017-18214: Why an Old CVE Still Shows Up in Scans
CVE-2017-18214 is a ReDoS bug in Moment.js patched back in 2017, yet it keeps surfacing in scans years later because bundled copies and stale lockfiles never got the memo.
Apr 9, 20244 min read