-
we use `pycrypto` for aes encryption, but we should use `cryptography` instead for following reasons:
- `pycrypto` is dead project with last commit in 2014
- multiple outstanding exploits (CVE-2013-…
-
See for instance this https://www.cvedetails.com/product/34754/C-ares-Project-C-ares.html?vendor_id=15926
-
Project is out of date and needs to be updated to use the latest node-gyp and any LTS release. We are about 2 years past v0.10 and this needs to be corrected asap. There are a few XSS attacks in the o…
-
https://www.cvedetails.com/vulnerability-list/vendor_id-74/product_id-128/version_id-235668/PHP-PHP-7.2.0.html
-
Hi there,
Thanks for this nice library. It might be good to mention in the readme that the whole CT family is insecure, so that people don't develop incorrect expectations (your library is great, …
-
Once we have determine which components are critical for the build process on each platform we should use this information to determine policies regarding how/when/if to perform updates or mitigate th…
sxa updated
11 months ago
-
My apologies if I'm just missing it, but it seems like this page lacks info on CPU vulnerabilities and the existence and effectiveness of mitigations of these in the latest mainline kernel: https://gi…
ell1e updated
1 month ago
-
https://www.owasp.org/index.php/Top_10_2013-Top_10
http://www.cvedetails.com/vendor/12043/Rubyonrails.html
We should begin to learn from the lessons of other web frameworks and review our own code fo…
-
Hello, is this script having vulnerabilities of the NexusPHP 1.5.beta5.20120707 fixed?
https://www.cvedetails.com/vulnerability-list/vendor_id-16849/Nexusphp.html
-
See https://groups.google.com/g/golang-announce
This is unstructured data, but we need it anyway.