reachability-analysis
Safeguard articles tagged "reachability-analysis" — guides, analysis, and best practices for software supply chain and application security.
157 articles
Use-after-free vulnerabilities explained
Use-after-free bugs (CWE-416) power some of the worst zero-day exploit chains in browsers and kernels. Here's how they work and what stops them.
SSRF via webhooks explained
Webhook SSRF turns a trusted callback feature into an internal network foothold. Here is how the attack works, real incidents, and how to actually fix it.
Java deserialization gadget chains explained
Java deserialization gadget chains turn trusted classpath libraries into RCE. Learn how they work, key CVEs like CVE-2015-4852, and how to detect them.
npm prototype pollution trends report 2025
Safeguard's 2025 analysis of npm prototype pollution advisories reveals rising volume, deeper transitive exposure, and why reachability—not CVSS alone—now separates real risk from noise.
Most vulnerable npm packages of the year
Safeguard's 2026 mid-year analysis of the npm registry breaks down the packages driving the most risk and why the same names keep coming back.
Go vulnerability database (govulncheck) trend report
Go's vulnerability database is scaling fast and stdlib CVEs are clustering. Here's what govulncheck vulnerability trends reveal about reachability, typosquats, and risk.
Top vulnerable base images on Docker Hub
A look at why Docker Hub's most-pulled base images still ship hundreds of known CVEs, and how reachability analysis cuts the noise down to what's actually exploitable.
Distroless image security trend report
Distroless adoption is up nearly 3x since 2024, but Safeguard's 2026 scan data shows SBOM gaps, missed dependencies, and inflated CVE lists still undermine the hardening it promises.
Most vulnerable .NET libraries report
Safeguard's H1 2026 analysis of 41,000+ .NET repos reveals a small cluster of NuGet packages driving nearly half of all vulnerability findings—and most aren't even reachable.
ASP.NET Core vulnerability trends
A data-driven look at ASP.NET Core's recurring CVE patterns — DoS in Kestrel/SignalR, deserialization bugs, and NuGet supply chain risk — and how to triage what matters.
Most vulnerable PHP frameworks report
A data-driven look at CVEs across Laravel, Symfony, CodeIgniter, Yii2 & ThinkPHP reveals which PHP frameworks carry the most real-world exploitation risk.
Drupal module vulnerability trends
Contributed modules drive most Drupal risk today. Here's what the advisory trends show — and how reachability analysis changes triage.