The curious case of 'csrf-magic': A case study in supply chain poisoning

By Ax Sharma on February 27, 2024 vulnerability

5 minute read time

Learn how a so-called code injection vulnerability was in fact a backdoor in an open source component, csrf-magic, to help secure your application against Cross-Site Request Forgery attacks.
Read More...

Exploited Ivanti Connect SSRF vulnerability traced back to 'xmltooling' OSS library

By Ax Sharma on February 05, 2024 vulnerability

5 minute read time

It might be a little known fact that one of the high severity zero-days found in Ivanti devices is actually present in an open source component that the company has deployed in its products. Ivanti's
Read More...

Top 10 open source projects hit by HTTP/2 'Rapid Reset' zero-day

By Ax Sharma on October 12, 2023 vulnerability

3 minute read time

Discover ten open source packages affected by the HTTP/2 Rapid Reset vulnerability, disclosed by Cloudflare this week
Read More...

PyPI attackers still at it: Malicious packages drop trojans and info-stealers

By Ax Sharma on June 22, 2023 vulnerability

3 minute read time

Sonatype's malicious open source and malware detection systems found hundreds of malicious PyPI packages.
Read More...

ChatGPT data leak and Redis race condition vulnerability that remains unfixed

By Ax Sharma on March 27, 2023 vulnerability

5 minute read time

Last week's OpenAI payment data and chat history leak involved a Race Condition vulnerability in an open source component, Redis.
Read More...

Perception versus reality: A data-driven look at open source risk management

By Luke Mcbride on November 11, 2022 vulnerability

2 minute read time

Get insights, background, and data and key takeaways from the 8th Annual State of the Software Supply Chain report. Hosted by Dr. Stephen Magill.
Read More...

CVE-2022-31289: Neither bug nor vulnerability

By Michael Prescott on June 16, 2022 vulnerability

3 minute read time

A recent report of a Nexus Repository vulnerability is not a security concern and no software update is required. A look at issue and similar concerns.
Read More...

Nexus Intelligence Insights: Protect Your Bitcoin from 700+ Malicious RubyGems with sonatype-2020-0196

By Ax Sharma on April 23, 2020 vulnerability

3 minute read time

Crafty attackers take advantage of the open source software supply chain through typographical errors. Not even the most sophisticated devs are immune.
Read More...

Top 5 Tomcat Vulnerabilities

By Sylvia Fronczak on June 12, 2019 vulnerability

3 minute read time

If you spend time monitoring and patching OSS projects, you know Tomcat has some vulnerabilities. Today, Tomitribe walked us through 5 of those vulnerabilities.
Read More...