Code vulnerabilities

This page contains my code vulnerabilities notes and runbooks. It exists to help you quickly answer three practical questions:

What is the issue?
Does it affect anything I run?
What exact steps should I take to verify and remediate?

info

This is not a news feed. It is a curated set of write-ups and repeatable checks that I can re-run later.

What you will find here

CVE impact assessments: what I checked in real environments, what I changed, and how I verified the outcome.
Supply-chain hygiene: dependency pinning, lockfile discipline, and audit interpretation.
Runtime hardening: reducing attack surface (for example devDependencies in prod images).
Verification playbooks: copy-paste commands for Kubernetes and CI so you can confirm reality, not assumptions.

Current advisories and write-ups

CVE-2025-55182 (React Server Components RCE): Blaster impact assessment and remediation runbook

tip

If you only read one thing per advisory, read the verification section and run the commands in your own environment.

How to use these pages

Start with the advisory page.
Run the “facts on the ground” checks against your actual runtime (pods, containers, live services).
Only change what is required, and record what you intentionally did not change.
Re-run verification after rollout, in both dev and prod.

Scope and boundaries

warning

Nothing here is legal advice, and nothing here replaces vendor guidance. This is operational documentation for repeatable technical checks and safe change management.

What you will find here​

Current advisories and write-ups​

How to use these pages​

Scope and boundaries​

What you will find here

Current advisories and write-ups

How to use these pages

Scope and boundaries