The Bun Security Blog
Explore the latest news, tips, and insights about the Bun server-side JavaScript runtime to enhance your frontend and backend applications. From Bun security insights to JavaScript secure coding techniques to supply chain security and how open-source security impacts Bun, this blog is your go-to resource for all thing Bun security.
Liran Tal
Jun 22, 2025
A Command Injection Vulnerability Class Discovered in Bun JavaScript Runtime
A command injection vulnerability class was discovered in the Bun JavaScript runtime, which could lead to unintended command execution based on user input.
Liran Tal
Jun 21, 2025
Disclosing an Insecure Practice in Bun Package Manager
Bun package manager prioritizes its own internal package allow-list over the `ignore-scripts` configuration directive in `.npmrc` files, which could lead to security risks.
Liran Tal
Dec 9, 2024
Bun Sparks Interest in Security Research Community? Meet BunBuster
BunBuster, a new security research tool built with Bun, is paving the path for more security research projects with Bun.
Liran Tal
Dec 2, 2024
Bun JavaScript Runtime Found Vulnerable to Prototype Pollution
Bun puts the speed in your JavaScript runtime but also suffered from a prototype pollution vulnerability.
Liran Tal
Oct 14, 2024
Bun Security course launches for JavaScript developers
Launching the Bun Security course, a unique and one of its kind educational resource for JavaScript developers to learn about application security when building Bun applications.
Bun Security Insights
Sign-up to the Node.js Security Newsletter to stay up-to-date with the latest trends and developments in Bun security and securing server-side JavaScript runtime applications.