Safeguard
Tag

vulnerability-analysis

Safeguard articles tagged "vulnerability-analysis" — guides, analysis, and best practices for software supply chain and application security.

360 articles

Vulnerability Analysis

Lodash prototype pollution vulnerabilities explained

A breakdown of lodash's prototype pollution CVEs (CVE-2018-3721, CVE-2019-10744, CVE-2020-8203), their impact, and concrete remediation steps.

May 2, 20267 min read
Vulnerability Analysis

Regular expression DoS in the ms npm package

A ReDoS flaw in the ubiquitous npm package ms (CVE-2015-8315) still surfaces in dependency scans today. Here's the impact, fix, and remediation steps.

May 2, 20267 min read
Vulnerability Analysis

CVE scoring inconsistencies across vulnerability databases

Why the same CVE can carry three different severity scores across NVD, GitHub, and vendor advisories — and how to prioritize anyway.

May 1, 20266 min read
Vulnerability Analysis

The NVD backlog and its impact on vulnerability management

The NVD backlog leaves thousands of CVEs unscored each month, forcing security teams to rethink how they prioritize and triage vulnerabilities.

May 1, 20266 min read
Vulnerability Analysis

Critical RCE via ImageMagick: hacking Docker containers

ImageTragick and CVE-2022-44268 show how one image-processing library keeps handing attackers shells and secrets inside Docker containers.

May 1, 20266 min read
Vulnerability Analysis

GHSA vs CVE vs OSV: comparing vulnerability identifier formats

A plain-language breakdown of CVE, GHSA, and OSV vulnerability identifiers, who assigns them, how they differ, and why one flaw can carry three IDs.

Apr 30, 20267 min read
Vulnerability Analysis

Reachability analysis for prioritizing vulnerabilities

Reachability analysis cuts vulnerability noise by 70-90% by tracing which CVEs are actually callable from your code, not just present in your dependency tree.

Apr 29, 20268 min read
Vulnerability Analysis

Aqua Vulnerability Database (AVD) explained

AVD powers Trivy's scan results, but it's a curated aggregator, not a primary source. Here's how it differs from NVD, where its gaps are, and how to close them.

Apr 27, 20267 min read
Vulnerability Analysis

How Trivy sources vulnerability data (NVD, vendor advisor...

Trivy's CVE data comes from NVD, GHSA, and distro trackers compiled into a periodic snapshot — not kube-hunter. Here's how the pipeline really works, and where it lags.

Apr 27, 20267 min read
Vulnerability Analysis

What is a Zero-Day Vulnerability

A zero-day vulnerability is exploited before a patch exists. See real cases like Log4Shell and MOVEit, and how to cut response time.

Apr 9, 20267 min read
Vulnerability Analysis

What is a CVE (Common Vulnerabilities and Exposures)

A CVE is a unique ID for a known security flaw, but how it's assigned, scored, and disclosed is far messier than the name suggests.

Apr 9, 20267 min read
Vulnerability Analysis

What is CVSS (Common Vulnerability Scoring System)

CVSS scores rate vulnerability severity from 0.0 to 10.0 — but a 9.8 doesn't mean exploitable in your app. Here's how the math and priorities really work.

Apr 8, 20266 min read
vulnerability-analysis (Page 3) — Safeguard Blog