Security news aggregator

Latest coverage for Library

Library security covers flaws in shared code components, dependency risks, and patching practices that can expose applications and their users.

32 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

A library is a packaged collection of reusable code that an application incorporates rather than implementing itself. Libraries may be maintained internally, obtained from public repositories, or included indirectly through other dependencies. Their security properties therefore become part of the application’s attack surface, often without developers reviewing every function.

Security concerns include vulnerabilities in library code, unsafe defaults, malicious or tampered packages, and abandoned versions that no longer receive fixes. A vulnerable dependency may be exploitable only under specific conditions, so risk assessment should consider the affected code path and exposure rather than version numbers alone. Useful controls include pinning and reviewing dependency versions, verifying package provenance and integrity, tracking direct and transitive dependencies in an inventory such as an SBOM, scanning for known vulnerabilities, and testing updates before deployment. When a flaw is disclosed, maintainers need a process to identify affected applications, apply a compatible update or mitigation, and remove unsupported libraries.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 32 Filtered view

Security community needs to rally and share more info faster, one researcher says Amid new reports of attackers pummeling a maximum security hole (CVE-2025-55182) in the React JavaScript library, Cloudflare's technology chief said his company took down its own network, forcing a widespread outage early Friday, to patch React2Shell.…

Finish reading this, then patch A maximum-severity flaw in the widely used JavaScript library React, and several React-based frameworks including Next.js allows unauthenticated, remote attackers to execute malicious code on vulnerable instances. The flaw is easy to abuse, and mass exploitation is "imminent," according to security researchers.…

PLUS: CISA issues drone warning; China-linked DNS-hijacking malware; Prison for BTC Samourai; And more Infosec In Brief Researchers have urged users of the glob file pattern matching library to update their installations, after discovery of a years-old remote code execution flaw in the tool's CLI.…

OSS-Fuzz is making a strong argument for LLMs in security research Google's OSS-Fuzz project, which uses large language models (LLMs) to help find bugs in code repositories, has now helped identify 26 vulnerabilities, including a critical flaw in the widely used OpenSSL library.…

Follow us down this deep rabbit hole of privacy policy after privacy policy Feature In April, attorney Christine Dudley was listening to a book on her iPhone while playing a game on her Android tablet when she started to see in-game ads that reflected the audiobooks she recently checked out of the San Francisco Public Library.…

This time, we got lucky. It mostly affected bleeding-edge distros. But that's not a defense strategy Analysis The discovery last week of a backdoor in a widely used open source compression library called xz could have been a security disaster had it not been caught by luck and atypical curiosity about latency from a Microsoft engineer.…

Loading more headlines...