Safeguard
Tag

vulnerability-management

Safeguard articles tagged "vulnerability-management" — guides, analysis, and best practices for software supply chain and application security.

635 articles

Cloud Security

GitHub Actions workflow injection vulnerabilities

How GitHub Actions workflow injection lets attackers hijack CI pipelines via untrusted input, real CVEs like CVE-2025-30066, and how to detect it.

Nov 3, 20257 min read
Industry Analysis

Insecure Hash Algorithm Usage in Application Code

MD5 and SHA-1 collisions were proven broken decades ago, yet they still power passwords, checksums, and signatures in production code today. Here's why—and how to find them.

Oct 31, 20257 min read
Industry Analysis

Insecure Deserialization Prevention in Java with Deserial...

Java deserialization RCEs still hit production years after JEP 290 shipped filters. Here's how JEP 290/415 filters work, common rollout mistakes, and how Safeguard closes the gaps.

Oct 21, 20257 min read
Vulnerability Analysis

CVE-2021-23337: Command injection in lodash template func...

CVE-2021-23337 enables command injection via lodash's template function in versions before 4.17.21. Here's the CVSS context, timeline, and how to remediate it.

Oct 16, 20257 min read
Vulnerability Analysis

CVE-2021-44906: Prototype pollution in minimist

CVE-2021-44906 exposed a prototype pollution flaw in minimist versions before 1.2.6, letting attackers pollute Object.prototype via crafted parser keys.

Oct 16, 20257 min read
Vulnerability Analysis

CVE-2017-16137: ReDoS in debug package

CVE-2017-16137 is a ReDoS flaw in the debug npm package that can hang Node.js apps on crafted input. Here's what's affected and how to fix it.

Oct 16, 20258 min read
Comparisons

Snyk Vulnerability Scanning: How the Engine Actually Works

Snyk vulnerability scanning combines a proprietary vulnerability database with dependency-graph resolution and a separate static analysis engine for code — here's how each piece actually fits together.

Oct 15, 20255 min read
Vulnerability Analysis

CVE-2023-26159: SSRF/credential exposure in follow-redire...

CVE-2023-26159 shows how flawed URL parsing in follow-redirects let attackers trigger SSRF and leak Authorization headers across unintended hosts.

Oct 12, 20257 min read
Vulnerability Analysis

CVE-2020-7676: XSS in vue-template-compiler

CVE-2020-7676 is an XSS flaw in vue-template-compiler (pre-2.6.12) that lets attacker-controlled templates bypass URI sanitization. Impact, fix, and remediation.

Oct 10, 20257 min read
Vulnerability Analysis

CVE-2023-32314: Sandbox escape in vm2

CVE-2023-32314 let attackers escape the vm2 Node.js sandbox for remote code execution. Here's the CVSS 10.0 flaw, affected versions, timeline, and fixes.

Oct 10, 20258 min read
Vulnerability Analysis

CVE-2023-30547: Sandbox escape via Node custom inspect in...

CVE-2023-30547 lets attackers escape the vm2 Node.js sandbox via a crafted custom inspect method, achieving host code execution. Here's the impact, timeline, and fix.

Oct 10, 20258 min read
Vulnerability Analysis

CVE-2018-14574: Open redirect in Django CommonMiddleware

CVE-2018-14574 let attackers abuse Django CommonMiddleware's APPEND_SLASH redirect to send users to external, attacker-controlled domains.

Oct 9, 20257 min read
vulnerability-management (Page 39) — Safeguard Blog