Disclosing a Command Injection Vulnerability in `git-checkout-tool`
Ever wondered how interactive CLI prompts can be a security disaster? Here's the case of git-checkout-tool and a command injection vulnerability.
Articles tagged for: cve
Flawed Git Promises Library on npm Leads to Command Injection Vulnerability
A promising Git library turns into a security nightmare when it harbors command injection vulnerabilities. Learn how to avoid these risks in your Node.js applications.
How I found an XSS in the Nuxt MDC Library for Markdown Content
Are you using the Nuxt MDC library to render LLM generated content in your Nuxt.js apps? You want to read this article to understand how I came to find a Cross-site Scripting vulnerability identified today as CVE-2025-24981
Holes in the Safety Net: Bypassing SSRF Protection in safe-axios
Analyzing a vulnerability in safe-axios, an npm package designed to safeguard applications from SSRF attacks.
A Node.js Vulnerability Scanner to Avoid Security Risks of EOL Runtime Versions
Don't let vulnerabilities slow you down: Introducing is-my-node-vulnerable, the Node.js vulnerability scanner. Securing your Node.js applications in production is crucial. This blog post explores is-my-node-vulnerable, a free and easy-to-use scanner developed by Node.js expert Rafael Gonzaga.