google338
microsoft279
facebook234
exploit230
malware170
rce169
bug-bounty163
apple160
cve147
xss106
browser86
phishing75
writeup73
supply-chain69
privilege-escalation63
account-takeover61
dos60
react53
aws50
ctf49
reverse-engineering49
docker46
cloud46
node46
cloudflare45
pentest43
open-source42
auth-bypass39
info-disclosure36
oauth36
ai-agents35
lfi35
sqli34
race-condition29
buffer-overflow29
postmessage27
ssrf24
cache-poisoning24
web323
kubernetes22
wordpress21
idor20
websocket19
automation19
csrf19
machine-learning19
tool18
mobile17
llm17
cors16
0
5/10
security-analysis
Daniel Stenberg documents persistent security failures in NuGet's package repository, where severely outdated curl versions (7.51.0 from 2016 with 64+ known vulnerabilities) continue to be hosted and downloaded thousands of times weekly. Microsoft MSRC refused responsibility, claiming package security is entirely the responsibility of individual package maintainers rather than the platform.
supply-chain-attack
outdated-dependencies
package-repository
nuget
curl
vulnerability-management
open-source-security
abandoned-packages
security-posture
NuGet
Microsoft
curl
rmt_curl
Daniel Stenberg
MSRC