Blog

A security flaw in Apache Kafka could let attackers access and expose sensitive information. If an attacker can control certain configuration settings, specifically sasl.oauthbearer.token.endpoint.url and sasl.oauthbearer.jwks.endpoint.url, they could trick the system into reading local files or environment variables and revealing their contents.

A critical vulnerability, CVE-2025-47949, has emerged in samlify, a widely used Node.js library that implements SAML 2.0 Single Sign-On (SSO). This flaw, known as a Signature Wrapping attack, allows attackers to forge authentication responses, bypassing login protections and potentially impersonating any user, including administrators.

We uncover a critical security flaw in tar-fs, a widely used Node.js package, and show how it could lead to remote code execution. Learn how the bug was missed, how it works, and what we did to fix it.

On March 31, 2025, the Payment Card Industry Data Security Standard (PCI DSS) will evolve to address the growing complexity of cybersecurity threats, introducing significant updates to vulnerability management requirements. Learn how to stay compliant.

npm’s overrides feature was meant to give developers control over transitive dependencies but instead introduced inconsistencies—sometimes reverting to vulnerable versions. Seal Security identified the issue in 2023, but it took nearly two years and community effort to get a fix merged. Now, with npm 11.2.0, overrides finally works as intended.

Seal Security is excited to announce it’ll join Snyk’s Technology Alliance Partner Program, to provide a seamless integration and product experience for Snyk customers who want to streamline their open source vulnerability patching efforts using Seal’s solution.

Seal OS, the first holistic solution designed to automatically fix vulnerabilities in both Linux operating systems and application code.

Legacy applications remain a persistent reality in production environments, and cybersecurity teams must confront the challenges they pose. Seal Security offers a solution to help businesses easily and effectively mitigate vulnerabilities and protect critical assets.

Open source libraries often depend on specific versions of other libraries, and those dependencies might have changed over time. When a library was built years ago, the environment it depended on no longer exists in its original form. Package managers like npm are designed to handle these kinds of issues by allowing version ranges for dependencies. So, how do we ensure we have the exact versions of every dependency when trying to fix old libraries?

Traditional open source vulnerability remediation is a significant bottleneck in modern security. Organizations often grapple with hundreds or thousands of high and critical vulnerabilities, yet the process of upgrading dependencies is a manual, time-consuming, and error-prone task, heavily reliant on developers.

Organizations are increasingly relying on open source software (OSS) to accelerate development and innovation. However, with great power comes great responsibility – and in this case, significant security risks. Enter the curated OSS catalog, a solution that ensures secure-by-default OSS usage. Let’s explore what a curated OSS catalog are and who stands to benefit from them.

This blog post explores the complexities of dependency management, unveiling why the constant update treadmill might not be the most efficient approach. We'll delve into the challenges developers face and propose alternative strategies for a more balanced and secure open source ecosystem.

A couple of weeks ago, we announced our emergence from stealth, highlighting a significant milestone in the field of open source vulnerability and patch management.

on November 1st, 2023 the DFS released the 2nd amendment to 23 NYCRR 500. Financial organizations operating in New York are required to update their vulnerability management programs in order to comply with the updated regulation.

Open source software has become an integral part of modern application development, enabling developers to accelerate their projects by leveraging pre-existing libraries and frameworks. Open source offers numerous benefits, yet it's not without its challenges.

As we approach the EOL, it's crucial to understand the current status of vulnerabilities in CentOS 7. The official docker container of CentOS 7 has 1 critical rated vulnerability, 13 high rated vulnerabilities, and 36 medium and low rated vulnerabilities. Even after installing all the available updates, we are still left with 2 highly rated and 17 medium and low vulnerabilities.

In today's interconnected world, software vulnerabilities pose a significant threat to organizations of all sizes. To address these risks, companies typically rely on timely updates and patches for third-party libraries. However, a new challenge has emerged in the form of protestware – software intentionally manipulated to convey messages, potentially causing unintended consequences or harm.

Seal Security, a leading provider of open source vulnerability and patch management solutions, has been authorized by the Common Vulnerabilities and Exposures (CVE®) Program as a CVE Numbering Authority (CNA).