Prisma Raw Query Leads to SQL Injection? Yes and No
Prisma is a popular type-safe ORM for Node.js but just like all abstractions, it comes at a cost and Prisma Raw Query function may lead to SQL injection if not handled correctly.
Articles tagged for: nodejs
Flawed Git Promises Library on npm Leads to Command Injection Vulnerability
A promising Git library turns into a security nightmare when it harbors command injection vulnerabilities. Learn how to avoid these risks in your Node.js applications.
Holes in the Safety Net: Bypassing SSRF Protection in safe-axios
Analyzing a vulnerability in safe-axios, an npm package designed to safeguard applications from SSRF attacks.
How to Parse URLs from Markdown to HTML Securely?
What if I told you that parsing URLs from user input, especially from Markdown content, can be a security risk? Here is how URL parsing logic an be bypassed and what you need to know to handle it in a secure way.
Where to find npm vulnerabilities?
If you are doing security research or just curious about finding npm vulnerabilities, let me share some resources to help you stay up-to-date with the latest security CVEs in the JavaScript ecosystem.
How to Avoid JWT Security Mistakes in Node.js
Learn how to use JSON Web Tokens (JWT) securely in your Node.js applications. I'll cover the basics of JWT and share best practices to avoid common security mistakes.