Safeguard
Tag

open-source-security

Safeguard articles tagged "open-source-security" — guides, analysis, and best practices for software supply chain and application security.

341 articles

Open Source Security

PHP object injection vulnerability landscape

Industry analysis of PHP object injection vulnerability trends, gadget chains, and real-world CVEs, plus how to find exploitable deserialization paths.

Nov 13, 20258 min read
Open Source Security

Packagist typosquatting report

A report on Packagist typosquatting campaigns targeting Composer/PHP packages, how attackers exploit install hooks, and how to detect them.

Nov 13, 20257 min read
Open Source Security

Most vulnerable PHP frameworks report

A data-driven look at CVEs across Laravel, Symfony, CodeIgniter, Yii2 & ThinkPHP reveals which PHP frameworks carry the most real-world exploitation risk.

Nov 12, 20258 min read
Buyer's Guides

Best open source project risk scoring tools

A practical buyer's guide comparing open source project risk scoring tools like OpenSSF Scorecard, Snyk, and Sonatype on signal quality and coverage.

Nov 12, 20258 min read
Open Source Security

Drupal module vulnerability trends

Contributed modules drive most Drupal risk today. Here's what the advisory trends show — and how reachability analysis changes triage.

Nov 12, 20256 min read
Open Source Security

Laravel security vulnerability trends

A data-driven look at recurring Laravel vulnerability patterns — debug-mode RCE, APP_KEY leaks, and Composer supply chain risk — and how to defend against them.

Nov 12, 20258 min read
Open Source Security

Cargo crate vulnerability trends report

RustSec advisories rose 38% year-over-year as crates.io passed 195,000 packages. A breakdown of where Cargo's supply-chain risk is concentrated in 2026.

Nov 12, 20257 min read
Open Source Security

Malicious Rust crates found on crates.io

Malicious crates keep surfacing on crates.io, from the rustdecimal typosquat to build-script payload attacks. Here's how the pattern works and how to defend against it.

Nov 11, 20257 min read
Open Source Security

Unsafe Rust code vulnerability patterns

RustSec advisories tied to unsafe code keep climbing. Here's how unsound FFI, transmute misuse, and unchecked indexing become real exploits.

Nov 11, 20257 min read
Open Source Security

Rust supply chain security landscape

Rust's crates.io has topped 170,000 packages and real attacks are following. Here's what's changed and how security teams should respond.

Nov 11, 20257 min read
Open Source Security

RustSec advisory database trend report

RustSec crossed 200 advisories by July 2026, revealing a shift from memory bugs to malicious typosquats, unsound "safe" APIs, and abandoned crates.

Nov 11, 20258 min read
Open Source Security

Typosquatting on crates.io report

Safeguard's research team scanned all of crates.io and flagged 312 likely typosquat candidates — here's what the data shows and how Rust teams should respond.

Nov 10, 20257 min read
open-source-security (Page 19) — Safeguard Blog