Tagged with

Supply-chain

Library Audit: from a PURL to vulnerabilities and compromises

Many npm and PyPI compromises never get a CVE — the package is yanked and an OSV advisory is shipped instead. Library Audit takes raw PURLs from any ecosystem to flag CVE-tracked vulnerabilities and registry-yanked compromises before `pip install`, not the morning after.

21 May 2026 12:00 AM

SBOM Audit: from a file upload to a prioritized vulnerability report

You have an SBOM. Now what? Vulners SBOM Analyzer turns a standard SPDX or CycloneDX file into a vulnerability report enriched with CVSS, EPSS, AI Score, exploit references, and fix versions — in the browser or via a single API call.

4 March 2026 12:00 AM

Monthly digest not just about FireEye and SolarWinds hacks

The last monthly digest this year turned out to be intense and interesting. There was a lo...

21 December 2020 12:00 AM