Vulnerabilities

Why npm lockfiles can be a security blindspot for injecting malicious modules

I recently started playing around with the idea of threat modeling packages on the npm ecosystem. Can an event-stream incident ...

Sequelize ORM npm library found vulnerable to SQL Injection attacks

Object-Relational Mappers, also commonly referred to as ORMs, are a set of SQL libraries that help developers manage their database ...

Code execution back door found in Ruby's rest-client library

On August 19th, 2019 rest-client, a simple HTTP and REST client for Ruby, reported a new security threat. A maintainer’s ...

Jackson Deserialization Vulnerability

On July 29th, 2019 a high severity Deserialization of Untrusted Data vulnerability ( CVE-2019-14379, CVE-2019-14439) affecting all versions of com.fasterxml.jackson.core:jackson-databind ...

A year-old dormant malicious remote code execution vulnerability discovered in Webmin

On August 17, 2019, the Webmin team announced the release of Webmin 1.930 and Usermin 1.780. These releases address a ...

Remote code execution, cross-site scripting, and denial of service vulnerabilities account for 2/3 of known vulnerabilities in .NET ecosystem

Welcome to our new security report: .NET open source security insights. This report is split into three posts: .NET open ...

Unique to the .NET ecosystem, 75% of the top twenty vulnerabilities have a high severity rating

Welcome to our new security report: .NET open source security insights. This report is split into three posts: .NET open ...

.NET open source security insights

Welcome to our new security report: .NET open source security insights. This report is split into three posts: .NET open ...

Concerns of supply-chain attacks amplify as remote code execution was found in Ruby gem strong_password

On July 5th, 2019, the CVE-2019-13354 security advisory was published for a malicious version of the strong_password Ruby gem which ...