Supply Chain Failures
Your application inherits vulnerabilities from third-party dependencies — outdated packages with known CVEs that attackers actively exploit.
How It Works
Modern apps depend on hundreds of npm/pip/Maven packages. When a dependency has a known vulnerability (CVE), your app inherits that risk. Attackers scan for apps using vulnerable versions and exploit them at scale. Tools like npm audit detect these, but many developers ignore the warnings. A single vulnerable transitive dependency deep in your dependency tree can compromise your entire application.
// package.json
{
"dependencies": {
"lodash": "4.17.15",
"express": "4.16.0",
"minimist": "0.0.8"
}
}// package.json — run: npm audit fix
{
"dependencies": {
"lodash": "4.17.21",
"express": "4.21.0",
"minimist": "1.2.8"
}
}Real-World Example
The event-stream incident (2018) affected millions of downloads. An attacker took over a popular npm package and injected code that stole cryptocurrency wallet credentials from a specific app (Copay).
How to Prevent It
- Run npm audit or snyk test regularly
- Pin dependency versions with a lockfile
- Use automated dependency update tools like Dependabot
- Review changelogs before major updates
Affected Technologies
Data Hogo detects this vulnerability automatically.
Scan Your Repo FreeRelated Vulnerabilities
Broken Access Control
highUsers can act outside their intended permissions, accessing other users' data or admin functionality without proper authorization checks.
Cryptographic Failures
highSensitive data is exposed due to weak or missing encryption — using outdated algorithms like MD5/SHA1, storing passwords in plaintext, or transmitting data without TLS.
Security Misconfiguration
mediumDefault configurations, open CORS policies, debug mode in production, or verbose error messages expose your application to attackers.
Injection (SQL, NoSQL, Command)
criticalAttacker inserts malicious code into queries or commands by exploiting unsanitized user input — SQL injection, NoSQL injection, and OS command injection.