This page collects WhisperX intelligence signals tagged #software dependency. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical security vulnerability has been flagged within the widely-used `flatted` npm package, necessitating an immediate upgrade to version 3.4.2. The issue centers on a potential prototype pollution flaw in older versions, a class of vulnerability that can allow attackers to modify an application's object prototype...
A critical security vulnerability has been identified in the widely used Model Context Protocol (MCP) TypeScript SDK, tracked as CVE-2025-66414. The flaw stems from the SDK's default configuration, which fails to enable DNS rebinding protection, leaving any application built upon it potentially exposed to a classic net...
A critical vulnerability in a core cryptographic library has been patched, exposing a subtle but significant flaw in a widely used elliptic curve. Cloudflare's CIRCL library, version 1.6.3, fixes a bug in its P-384 (secp384r1) curve implementation where the `CombinedMult` function could produce mathematically incorrect...
A critical security vulnerability in the Angular development platform exposes applications to cross-site scripting (XSS) attacks. The flaw, tracked as CVE-2026-32635, resides in the Angular runtime and compiler. It allows attackers to bypass the framework's built-in sanitization mechanism when an application uses a sec...
A critical security alert has been issued for the widely-used Axios HTTP client library, mandating an immediate update to version 1.x. The alert, triggered by automated dependency management, flags two significant vulnerabilities (CVE-2021-3749 and CVE-2023-45857) present in older versions. This is not a routine patch;...
A critical security vulnerability in the PHPUnit testing framework has triggered an urgent dependency update across countless PHP projects. The flaw, tracked as GHSA-qrr6-mg7r-m243, necessitates an immediate upgrade from PHPUnit versions prior to 13.1.6. This is not a routine patch; the explicit [SECURITY] tag on the p...