Safeguard
Tag

reachability-analysis

Safeguard articles tagged "reachability-analysis" — guides, analysis, and best practices for software supply chain and application security.

157 articles

Vulnerability Analysis

Use-after-free vulnerabilities explained

Use-after-free bugs (CWE-416) power some of the worst zero-day exploit chains in browsers and kernels. Here's how they work and what stops them.

Dec 11, 20257 min read
Vulnerability Analysis

SSRF via webhooks explained

Webhook SSRF turns a trusted callback feature into an internal network foothold. Here is how the attack works, real incidents, and how to actually fix it.

Dec 4, 20257 min read
Vulnerability Analysis

Java deserialization gadget chains explained

Java deserialization gadget chains turn trusted classpath libraries into RCE. Learn how they work, key CVEs like CVE-2015-4852, and how to detect them.

Dec 2, 20256 min read
Open Source Security

npm prototype pollution trends report 2025

Safeguard's 2025 analysis of npm prototype pollution advisories reveals rising volume, deeper transitive exposure, and why reachability—not CVSS alone—now separates real risk from noise.

Dec 1, 20257 min read
Open Source Security

Most vulnerable npm packages of the year

Safeguard's 2026 mid-year analysis of the npm registry breaks down the packages driving the most risk and why the same names keep coming back.

Nov 29, 20257 min read
Open Source Security

Go vulnerability database (govulncheck) trend report

Go's vulnerability database is scaling fast and stdlib CVEs are clustering. Here's what govulncheck vulnerability trends reveal about reachability, typosquats, and risk.

Nov 20, 20257 min read
Container Security

Top vulnerable base images on Docker Hub

A look at why Docker Hub's most-pulled base images still ship hundreds of known CVEs, and how reachability analysis cuts the noise down to what's actually exploitable.

Nov 18, 20257 min read
Container Security

Distroless image security trend report

Distroless adoption is up nearly 3x since 2024, but Safeguard's 2026 scan data shows SBOM gaps, missed dependencies, and inflated CVE lists still undermine the hardening it promises.

Nov 16, 20257 min read
Open Source Security

Most vulnerable .NET libraries report

Safeguard's H1 2026 analysis of 41,000+ .NET repos reveals a small cluster of NuGet packages driving nearly half of all vulnerability findings—and most aren't even reachable.

Nov 14, 20258 min read
Open Source Security

ASP.NET Core vulnerability trends

A data-driven look at ASP.NET Core's recurring CVE patterns — DoS in Kestrel/SignalR, deserialization bugs, and NuGet supply chain risk — and how to triage what matters.

Nov 14, 20257 min read
Open Source Security

Most vulnerable PHP frameworks report

A data-driven look at CVEs across Laravel, Symfony, CodeIgniter, Yii2 & ThinkPHP reveals which PHP frameworks carry the most real-world exploitation risk.

Nov 12, 20258 min read
Open Source Security

Drupal module vulnerability trends

Contributed modules drive most Drupal risk today. Here's what the advisory trends show — and how reachability analysis changes triage.

Nov 12, 20256 min read
reachability-analysis (Page 12) — Safeguard Blog