GitHub Security Lab
订阅

最新

1. Cybersecurity researchers: Digital detectives in a connected world Security ‧ Nancy Gariché
2. Attacks on Maven proxy repositories Security ‧ Michael Stepankin
3. How to secure your GitHub Actions workflows with CodeQL Application security ‧ Alvaro Munoz
4. Announcing CodeQL Community Packs Security ‧ Alvaro Munoz
5. Uncovering GStreamer secrets Security ‧ Antonio Morales
6. CodeQL zero to hero part 4: Gradio framework case study Security ‧ Sylwia Budzynska
7. Attacking browser extensions Security ‧ Kevin Stubbings
8. Securing the open source supply chain: The essential role of CVEs Security ‧ Madison Oliver
9. From object transition to RCE in the Chrome renderer Security ‧ Man Yue Mo
10. 3 ways to get Remote Code Execution in Kafka UI Security ‧ Michael Stepankin
更新于 38 分钟前

近期历史最近 100 条记录

2024-12-27 Attack of the clones: Getting RCE in Chrome’s renderer with duplicate object properties Security ‧ Man Yue Mo
2024-12-27 CodeQL zero to hero part 3: Security research with CodeQL Security ‧ Sylwia Budzynska
2024-12-27 Execute commands by sending JSON? Learn how unsafe deserialization vulnerabilities work in Ruby projects Security ‧ Peter Stöckli
2022-10-14 Data flow analysis and path exploration in LGTM Announcement ‧ s0
2022-10-14 Bridging the Gap Between Developers and Security Teams Insights ‧ xcorail
2022-10-14 Introduction to variant analysis with CodeQL and LGTM (Part 1) CodeQL ‧ imsolost
2022-10-14 Introduction to variant analysis with CodeQL and LGTM (part 2) Variant Analysis ‧ imsolost
2022-10-14 Python Security: How to find and fix issues with CodeQL CodeQL ‧ alextereshenkov
2021-12-22 Fuzzing Apache 3 Fuzzing ‧ antonio-morales
2021-12-16 Updates to the Bug Slayer bug bounty program Bounties ‧ team
2021-12-13 Ubuntu Accountsservice Cve 2021 3939 CVE ‧ kevinbackhouse
2021-11-19 Qualcomm_npu Android ‧ m-y-mo
2021-10-20 In_the_wild_chrome_cve_2021_37975 Chrome ‧ m-y-mo
2021-09-30 Chrome_sbx_java Chrome ‧ m-y-mo
2021-09-28 In_the_wild_chrome_cve_2021_30632 Chrome ‧ m-y-mo
2021-09-21 Apache Dubbo CodeQL ‧ pwntester
2021-08-10 Nsa Emissary CodeQL ‧ pwntester
2021-08-06 Github Actions Building Blocks Actions ‧ jarlob
2021-07-14 Our shared common weaknesses Education ‧ darakian
2021-07-01 Fail2exploit: a security audit of Fail2ban Security ‧ kevinbackhouse
2021-04-20 LiveQL Episode II: The Rhino in the room LiveQL ‧ pwntester
2021-04-01 One day short of a full chain: Part 3 - Chrome renderer RCE Chrome ‧ m-y-mo
2021-04-01 One day short of a full chain: Part 2 - Chrome sandbox escape Chrome ‧ m-y-mo
2021-04-01 One day short of a full chain: Part 1 - Android Kernel arbitrary code execution Android ‧ m-y-mo
2021-04-01 Fuzzing sockets: Apache HTTP, Part 1: Mutations Fuzzing ‧ antonio-morales
2021-04-01 Keeping your GitHub Actions and workflows secure Part 2: Untrusted input Actions ‧ jarlob
2021-04-01 Increased bounty rewards for the GitHub Security Lab community! Bounties ‧ team
2021-04-01 Security Lab research: a year in review securitylab ‧ team
2021-04-01 Keeping your GitHub Actions and workflows secure spyc
2021-04-01 Now you C me, now you don’t, part two: exploiting the in-between C ‧ anticomputer
2021-04-01 Fuzzing sockets: Apache HTTP, Part 2: Custom Interceptors Fuzzing ‧ antonio-morales
2021-03-17 One day short of a full chain: Part 2 - Chrome sandbox escape
2021-03-11 GHSL-2020-277: Unauthorized repository modification or secrets exfiltration in GitHub workflows of w3c/aria-practices
2021-03-11 GHSL-2020-324: Template injection in a GitHub workflow of koriwi/freedeck-configurator
2021-03-10 One day short of a full chain: Part 1 - Android Kernel arbitrary code execution
2021-03-08 GHSL-2020-166: Use-after-free (UaF) in Chrome PaymentCredential - CVE-2020-16018
2021-03-08 GHSL-2020-165: Use-after-free (UaF) in Chrome PaymentAppServiceBridge - CVE-2020-16045
2021-03-08 GHSL-2020-167: Use-after-free (UaF) in Chrome AudioHandler - CVE-2020-15972, CVE-2021-21114
2021-03-08 GHSL-2020-273: Unauthorized repository modification or secrets exfiltration in a GitHub workflow of numworks/epsilon
2021-03-08 GHSL-2020-375: Use-after-free (UaF) in Qualcomm kgsl driver - CVE-2020-11239
2021-03-03 GHSL-2020-246: Unauthorized repository modification or secrets exfiltration in GitHub workflows of ant-design
2021-03-03 GHSL-2021-008: Unauthorized repository modification or secrets exfiltration in a GitHub workflow of actions-cool/issue-helper
2021-03-03 GHSL-2020-264: Unauthorized repository modification or secrets exfiltration in a GitHub workflow of youan/vant
2021-03-03 GHSL-2020-267: Unauthorized repository modification or secrets exfiltration in GitHub workflows of Antvis repositories
2021-03-03 GHSL-2020-266: Unauthorized repository modification or secrets exfiltration in a GitHub workflow of afc163/surge-preview
2021-03-03 GHSL-2020-269: Unauthorized repository modification or secrets exfiltration in a GitHub workflow of alibaba/hooks
2021-03-03 GHSL-2020-268: Unauthorized repository modification or secrets exfiltration in a GitHub workflow of umijs/dumi
2021-03-03 GHSL-2020-287: Unauthorized repository modification or secrets exfiltration in a GitHub workflow of jdf2e/nutui
2021-03-03 GHSL-2020-270: Unauthorized repository modification or secrets exfiltration in a GitHub workflow of ant-design-colorful
2021-03-03 GHSL-2020-314: Unauthorized repository modification or secrets exfiltration in a GitHub workflow of s4u/pgpverify-maven-plugin
2021-03-03 GHSL-2020-343: ReDoS (Regular Expression Denial of Service) in Vant
2021-03-03 GHSL-2020-349: ReDoS (Regular Expression Denial of Service) in date-and-time - CVE-2020-26289
2021-03-03 GHSL-2020-048: Remote Code Execution in Apache Velocity - CVE-2020-13936
2021-03-03 GHSL-2020-265: Unauthorized repository modification or secrets exfiltration in GitHub workflows of didi/cube-ui and didi/mand-mobile
2021-03-03 GHSL-2021-009: Unauthorized repository modification or secrets exfiltration in a GitHub workflow of lijinke666/react-music-player
2021-03-03 Fuzzing sockets: Apache HTTP, Part 1: Mutations
2021-02-26 GHSL-2020-335: Unauthorized repository modification or secrets exfiltration in a GitHub workflow of libpasta
2021-02-26 GHSL-2020-359: ReDoS (Regular Expression Denial of Service) in etherpad-lite
2021-02-25 GHSL-2020-228: Weak JSON Web Token (JWT) signing secret in YApi
2021-02-25 GHSL-2020-329: Unauthorized repository modification or secrets exfiltration in a GitHub workflow of Automattic/jetpack
2021-02-25 GHSL-2021-016: Unauthorized repository modification or secrets exfiltration in a GitHub workflow of Tautulli
2021-02-25 GHSL-2021-048: Unauthorized repository modification or secrets exfiltration in several GitHub workflows of linebender
2021-02-13 GHSL-2020-197: Open redirect vulnerability in Ghost
2021-02-13 GHSL-2020-199: Open redirect vulnerability in Slashify - CVE-2021-3189
2021-02-03 GHSL-2020-244: Arbitrary code execution and shell command injection in nonebot/nonebot2 workflow
2021-02-03 GHSL-2020-242: Command injection in telegramdesktop/tdesktop workflow
2021-02-03 GHSL-2020-275: Arbitrary code execution in LedgerHQ/ledger-live-desktop workflow
2021-02-03 GHSL-2020-257: The unsafe handling of symbolic links in an unpacking routine in oras - CVE-2021-21272
2021-02-03 GHSL-2020-327: Arbitrary code execution in dmlc/gluon-cv workflow
2021-02-03 GHSL-2020-316: Arbitrary code execution in indico/newdle workflow
2021-02-03 GHSL-2021-010: Command injection in getsentry/onpremise workflow
2021-02-03 GHSL-2020-232: Command injection in wireapp/wire-webapp workflow
2021-02-03 GHSL-2021-012: Command injection in alan-turing-institute/binderhub-deploy workflow
2021-02-03 GHSL-2021-011: Command injection in itpp-labs workflows
2021-02-03 GHSL-2021-013: Command injection in pythonpune/meetup-talks workflow
2021-02-03 GHSL-2021-014: Command injection in benjamin-maynard/kubernetes-cloud-mysql-backup workflow
2021-02-03 GHSL-2021-015: Command injection in a2o/snoopy workflow
2021-02-03 GHSL-2020-240: Command injection in scikit-learn/scikit-learn workflow
2021-02-03 GHSL-2021-007: Arbitrary code execution and shell command injection in dmlc/gluon-nlp workflows
2021-02-03 GHSL-2020-234: Command injection in DataBiosphere/terra-workspace-manager workflow
2021-02-03 GHSL-2021-006: Arbitrary code execution in Decathlon/vitamin-web workflow
2021-02-03 GHSL-2020-230: Command injection in aws/aws-sam-cli worflow
2021-02-03 GHSL-2021-004: Arbitrary code execution in aeraki workflows
2021-02-03 GHSL-2020-319: Arbitrary code execution in pangeo-data/climpred workflows
2021-02-03 GHSL-2020-371: Arbitrary code execution in tophat workflows
2021-02-03 GHSL-2020-280: Arbitrary code execution in deislabs/akri workflows
2021-02-03 GHSL-2020-370: Arbitrary code execution and shell command injection in rhinstaller/anaconda workflows
2021-02-03 GHSL-2020-274: Arbitrary code execution in v8/v8.dev workflow
2021-02-03 GHSL-2020-369: Arbitrary code execution in nrfconnect/sdk-nrf workflow
2021-02-03 GHSL-2020-245: Arbitrary code execution in strimzi/strimzi-ui workflow

匿名用户只展示最新 100 条榜单历史,更多历史数据请登录后查看,支持时光机按天筛选

Sponsors

今日解忧 - 赛博修行,舒缓静心,21世纪解压神器!
今日历 - 全球最全的日历,日历届的航空母舰!
百晓生AI - 全能创作助手

猜你喜欢