vulnerability-management
Safeguard articles tagged "vulnerability-management" — guides, analysis, and best practices for software supply chain and application security.
635 articles
GitHub Actions workflow injection vulnerabilities
How GitHub Actions workflow injection lets attackers hijack CI pipelines via untrusted input, real CVEs like CVE-2025-30066, and how to detect it.
Insecure Hash Algorithm Usage in Application Code
MD5 and SHA-1 collisions were proven broken decades ago, yet they still power passwords, checksums, and signatures in production code today. Here's why—and how to find them.
Insecure Deserialization Prevention in Java with Deserial...
Java deserialization RCEs still hit production years after JEP 290 shipped filters. Here's how JEP 290/415 filters work, common rollout mistakes, and how Safeguard closes the gaps.
CVE-2021-23337: Command injection in lodash template func...
CVE-2021-23337 enables command injection via lodash's template function in versions before 4.17.21. Here's the CVSS context, timeline, and how to remediate it.
CVE-2021-44906: Prototype pollution in minimist
CVE-2021-44906 exposed a prototype pollution flaw in minimist versions before 1.2.6, letting attackers pollute Object.prototype via crafted parser keys.
CVE-2017-16137: ReDoS in debug package
CVE-2017-16137 is a ReDoS flaw in the debug npm package that can hang Node.js apps on crafted input. Here's what's affected and how to fix it.
Snyk Vulnerability Scanning: How the Engine Actually Works
Snyk vulnerability scanning combines a proprietary vulnerability database with dependency-graph resolution and a separate static analysis engine for code — here's how each piece actually fits together.
CVE-2023-26159: SSRF/credential exposure in follow-redire...
CVE-2023-26159 shows how flawed URL parsing in follow-redirects let attackers trigger SSRF and leak Authorization headers across unintended hosts.
CVE-2020-7676: XSS in vue-template-compiler
CVE-2020-7676 is an XSS flaw in vue-template-compiler (pre-2.6.12) that lets attacker-controlled templates bypass URI sanitization. Impact, fix, and remediation.
CVE-2023-32314: Sandbox escape in vm2
CVE-2023-32314 let attackers escape the vm2 Node.js sandbox for remote code execution. Here's the CVSS 10.0 flaw, affected versions, timeline, and fixes.
CVE-2023-30547: Sandbox escape via Node custom inspect in...
CVE-2023-30547 lets attackers escape the vm2 Node.js sandbox via a crafted custom inspect method, achieving host code execution. Here's the impact, timeline, and fix.
CVE-2018-14574: Open redirect in Django CommonMiddleware
CVE-2018-14574 let attackers abuse Django CommonMiddleware's APPEND_SLASH redirect to send users to external, attacker-controlled domains.