Vulnerability InsightsConcerns of supply-chain attacks amplify as remote code execution was found in Ruby gem strong_passwordJuly 7, 2019
Vulnerability InsightsSnyk research team discovers severe prototype pollution security vulnerabilities affecting all versions of lodashJuly 5, 2019
Open Source SecurityServerless is great, but what about the security of my AWS Lambda functions and their dependencies?July 3, 2019
Vulnerability InsightsA Denial of Service vulnerability discovered in the Axios JavaScript package - affecting all versions of the popular HTTP clientMay 6, 2019
Open Source SecurityHow much do we really know about how packages behave on the npm registry?April 22, 2019
Vulnerability InsightsAfter three years of silence, a new jQuery prototype pollution vulnerability emerges once againApril 15, 2019
Vulnerability InsightsMalicious remote code execution backdoor discovered in the popular bootstrap-sass Ruby gemApril 4, 2019
Open Source Security78% of vulnerabilities are found in indirect dependencies, making remediation complexFebruary 26, 2019
Open Source Security81% believe developers should own security, but they aren’t well-equippedFebruary 26, 2019
Open Source Security88% increase in application library vulnerabilities over two yearsFebruary 26, 2019
Open Source SecurityReDoS vulnerabilities in npm spikes by 143% and XSS continues to growFebruary 26, 2019
Vulnerability InsightsA serious security flaw in runC can result in root privilege escalation in Docker and KubernetesFebruary 13, 2019
Vulnerability InsightsSevere security vulnerability in Bower’s zip archive extractionJanuary 31, 2019
