News and Notes from the makers of Nexus | Sonatype Blog

PyPI Flooded with 1,275 Dependency Confusion Packages

By Ax Sharma on January 24, 2022 vulnerabilities

Popular Python open source software repository, PyPI has been flooded with over 1,200 dependency confusion packages by the same actor.

Read More...

Steps to Responsible Disclosure with Bas van Schaik, Man Yue Mo and Brian Fox

By Mark Miller on March 20, 2018 Open Source

In this episode of the OWASP 24/7 Podcast Series, I speak with the research team at Semmle on how they discovered the Pivotal Spring framework vulnerability.

Read More...

Struts2 Exploited Again. Did Anyone Bother to Tell You?

By Brian Fox on March 10, 2017 oss

This week I woke up to find several emails from Nexus Lifecycle indicating that the products in my portfolio were potentially vulnerable due to their inclusion of Apache commons-collection. If you

Read More...

Did you wake up to an alert about the Java Deserialization vulnerability?

By Brian Fox on November 13, 2015 oss

This week I woke up to find several emails from Nexus Lifecycle indicating that the products in my portfolio were potentially vulnerable due to their inclusion of Apache commons-collection. If you

Read More...

Software composition analysis

Container + Infrastructure Security

CODE QUALITY ANALYSIS

Repository MANAGEMENT

Full Spectrum Platform

Plans & PRICING

For Professionals

For Industries

Content

CUSTOMER Portal

INtegrations & FREE TOOLS

About us

Contact Us

Sonatype Blog

PyPI Flooded with 1,275 Dependency Confusion Packages

Steps to Responsible Disclosure with Bas van Schaik, Man Yue Mo and Brian Fox

Struts2 Exploited Again. Did Anyone Bother to Tell You?

Did you wake up to an alert about the Java Deserialization vulnerability?

Products

Free Tools

Solutions

Resources

Customer Portal

Company