Skip Navigation

ChatGPT Data Leak and Redis Race Condition Vulnerability That Remains Unfixed

By Ax Sharma on March 27, 2023 vulnerability

4 minute read time

Last week's OpenAI payment data and chat history leak involved a Race Condition vulnerability in an open source component, Redis.
Read More...

Perception Versus Reality: a Data-Driven Look at Open Source Risk Management

By Luke Mcbride on November 11, 2022 vulnerability

2 minute read time

Get insights, background, and data and key takeaways from the 8th Annual State of the Software Supply Chain report. Hosted by Dr. Stephen Magill.
Read More...

CVE-2022-31289: Neither Bug nor Vulnerability

By Michael Prescott on June 16, 2022 vulnerability

3 minute read time

A recent report of a Nexus Repository vulnerability is not a security concern and no software update is required. A look at issue and similar concerns.
Read More...

Nexus Intelligence Insights: Protect Your Bitcoin from 700+ Malicious RubyGems with sonatype-2020-0196

By Ax Sharma on April 23, 2020 vulnerability

3 minute read time

Crafty attackers take advantage of the open source software supply chain through typographical errors. Not even the most sophisticated devs are immune.
Read More...

Top 5 Tomcat Vulnerabilities

By Sylvia Fronczak on June 12, 2019 vulnerability

3 minute read time

If you spend time monitoring and patching OSS projects, you know Tomcat has some vulnerabilities. Today, Tomitribe walked us through 5 of those vulnerabilities.
Read More...

In the Dark about Software Supply Chain Vulnerabilities

By Matt Howard on May 16, 2019 vulnerability

2 minute read time

The Barium attacks, revealed earlier this month, highlight new, pervasive tactics that are exceptionally dangerous.
Read More...

Nexus Intelligence Insights: CVE-2019-0232 - Apache Tomcat CGI Servlet Remote Code Execution

By Elisa Velarde on April 26, 2019 vulnerability

3 minute read time

In this month's Nexus Intelligence Insights we discuss a very popular component used by developers worldwide. Say hello to CVE-2019-0232, a remote code execution vulnerability.
Read More...

Malicious Attacks On Open Source Are Going to Get Worse: Developers Need to Take Notice

By Sonal Thawani on April 19, 2019 vulnerability

2 minute read time

Bad actors have recognized the power of open source and are now beginning to create their own attack opportunities. This new form of assault, allowing hackers to poison the well, is going to get
Read More...

Corrupting the Software Supply Chain: Lessons From the Bootstrap-sass Hack

By Elisa Velarde on April 09, 2019 vulnerability

2 minute read time

The boldness of bad actors is escalating in the world of open source software. From the event-stream / NPM incident in November of 2018, to the recent bootstrap-sass / Ruby Gems hack, bad actors are
Read More...