Safeguard
Tag

supply-chain-security

Safeguard articles tagged "supply-chain-security" — guides, analysis, and best practices for software supply chain and application security.

1045 articles

Vulnerability Analysis

Git Heap Buffer Overflow via GIT_PUSH_OPTION_COUNT (CVE-2...

CVE-2022-39260 is a heap overflow in Git from an integer overflow in GIT_PUSH_OPTION_COUNT during git push. What changed, and how to remediate it.

Nov 27, 20257 min read
DevSecOps

Jenkins Script Security Sandbox Bypass Leading to RCE (CV...

CVE-2019-1003029 let attackers escape the Jenkins Script Security sandbox and execute arbitrary code via crafted Groovy pipeline scripts.

Nov 25, 20258 min read
DevSecOps

TeamCity Authentication Bypass Enabling Admin Account Cre...

CVE-2024-27198 lets unauthenticated attackers bypass TeamCity login and create admin accounts, with active exploitation and ransomware activity observed.

Nov 25, 20257 min read
Vulnerability Analysis

Helm 2 Tiller's Default Unauthenticated gRPC Endpoint (CV...

CVE-2019-18658 shows how Helm 2's Tiller ran an unauthenticated gRPC endpoint by default, letting network-adjacent attackers seize cluster-admin control.

Nov 24, 20257 min read
Vulnerability Analysis

Helm Chart Repository Index Cache Confusion Vulnerability...

CVE-2021-32690 is a Helm chart repository index cache confusion flaw fixed in 3.6.1 that could push users toward an unintended chart. Here's what matters.

Nov 24, 20258 min read
Vulnerability Analysis

SaltStack Authentication Bypass Behind Mass Salt-Master E...

CVE-2020-11651 let unauthenticated attackers hijack Salt masters, triggering mass exploitation within days of disclosure. Here is what happened and how to fix it.

Nov 23, 20257 min read
Vulnerability Analysis

Harbor Registry Privilege Escalation via Self-Registratio...

CVE-2019-16097 let attackers self-register as Harbor admins via a single API call. Here's the impact, affected versions, timeline, and how to remediate it.

Nov 22, 20257 min read
Vulnerability Analysis

Harbor Arbitrary File Overwrite via Chart Upload Path Tra...

CVE-2020-13788 let authenticated users overwrite arbitrary files on Harbor via path traversal in Helm chart uploads. Here's the impact, fix, and remediation steps.

Nov 22, 20258 min read
Open Source Security

RubyGems.org domain takeover risk report

RubyGems.org hasn't adopted the domain-resurrection defenses PyPI rolled out in 2025 — leaving a proven account-takeover technique open across the Ruby ecosystem.

Nov 21, 20257 min read
Open Source Security

Ruby supply chain security report

A report on Ruby supply chain security: malicious RubyGems campaigns, maintainer credential compromises, and 2025's RubyGems governance dispute.

Nov 21, 20257 min read
Open Source Security

Go module proxy vulnerability trends

A backdoor hid in Go's module proxy for 3+ years, and 63,000+ orphaned packages remain cached. Inside 2025's Go supply chain reckoning.

Nov 21, 20256 min read
Vulnerability Analysis

BuildKit Privileged Entitlement Check Bypass Enabling Hos...

CVE-2024-23653 lets malicious Dockerfiles bypass BuildKit's privileged entitlement check via the interactive containers API, escaping to the host.

Nov 20, 20258 min read
supply-chain-security (Page 63) — Safeguard Blog