google335
microsoft277
facebook232
exploit222
malware170
rce167
apple159
bug-bounty147
cve147
xss104
browser85
phishing75
writeup69
supply-chain69
privilege-escalation63
dos59
account-takeover56
react53
aws50
reverse-engineering49
ctf47
docker46
node46
cloudflare45
cloud45
pentest43
open-source42
auth-bypass37
oauth36
info-disclosure35
ai-agents35
lfi35
buffer-overflow28
race-condition28
postmessage27
ssrf24
sqli23
kubernetes22
wordpress21
cache-poisoning19
machine-learning19
automation19
tool18
csrf18
websocket18
mobile17
llm17
code-generation16
osint15
access-control15
0
5/10
security-analysis
Daniel Stenberg documents persistent security failures in NuGet's package repository, where severely outdated curl versions (7.51.0 from 2016 with 64+ known vulnerabilities) continue to be hosted and downloaded thousands of times weekly. Microsoft MSRC refused responsibility, claiming package security is entirely the responsibility of individual package maintainers rather than the platform.
supply-chain-attack
outdated-dependencies
package-repository
nuget
curl
vulnerability-management
open-source-security
abandoned-packages
security-posture
NuGet
Microsoft
curl
rmt_curl
Daniel Stenberg
MSRC