Vulnerability research

Dedicated to advancing the understanding and detection of software vulnerabilities—and explaining the latest vulnerability research from the GitHub Security Lab. Go behind the scenes with the GitHub Security Lab, a collaborative initiative that brings together security researchers, developers, and organizations to find and fix security vulnerabilities in open source software.

Featured

CodeQL zero to hero part 5: Debugging queries

Learn to debug and fix your CodeQL queries.

Kicking off Cybersecurity Awareness Month 2025: Researcher spotlights and enhanced incentives

For this year’s Cybersecurity Awareness Month, GitHub’s Bug Bounty team is excited to offer some additional incentives to security researchers!

Safeguarding VS Code against prompt injections

When a chat conversation is poisoned by indirect prompt injection, it can result in the exposure of GitHub tokens, confidential files, or even the execution of arbitrary code without the user’s explicit consent. In this blog post, we’ll explain which VS Code features may reduce these risks.

How to catch GitHub Actions workflow injections before attackers do

Strengthen your repositories against actions workflow injections — one of the most common vulnerabilities.

Latest

CVE-2025-53367: An exploitable out-of-bounds write in DjVuLibre

DjVuLibre has a vulnerability that could enable an attacker to gain code execution on a Linux Desktop system when the user tries to open a crafted document.

Bypassing MTE with CVE-2025-0072

In this post, I’ll look at CVE-2025-0072, a vulnerability in the Arm Mali GPU, and show how it can be exploited to gain kernel code execution even when Memory Tagging Extension (MTE) is enabled.

Cutting through the noise: How to prioritize Dependabot alerts

Learn how to effectively prioritize alerts using severity (CVSS), exploitation likelihood (EPSS), and repository properties, so you can focus on the most critical vulnerabilities first.

How to request a change to a CVE record

Learn how to identify which CVE Numbering Authority is responsible for the record, how to contact them, and what to include with your suggestion.

Three cartoon bugs collaborating—one writing, one holding a wrench, and another pointing at a warning sign, representing teamwork in debugging and security.

A maintainer’s guide to vulnerability disclosure: GitHub tools to make it simple

A step-by-step guide for open source maintainers on how to handle vulnerability reports confidently from the start.

Sign in as anyone: Bypassing SAML SSO authentication with parser differentials

Critical authentication bypass vulnerabilities (CVE-2025-25291 + CVE-2025-25292) were discovered in ruby-saml up to version 1.17.0. In this blog post, we’ll shed light on how these vulnerabilities that rely on a parser differential were uncovered.

A cartoon detective with a magnifying glass and keyboard, followed by a barcode-nosed dog sniffing the ground. The style is whimsical and cartoonish, symbolizing investigation.

Cybersecurity researchers: Digital detectives in a connected world

Discover the exciting world of cybersecurity research: what researchers do, essential skills, and actionable steps to begin your journey toward protecting the digital world.

Attacks on Maven proxy repositories

Learn how specially crafted artifacts can be used to attack Maven repository managers. This post describes PoC exploits that can lead to pre-auth remote code execution and poisoning of the local artifacts in Sonatype Nexus and JFrog Artifactory.

Announcing CodeQL Community Packs

We are excited to introduce the new CodeQL Community Packs, a comprehensive set of queries and models designed to enhance your code analysis capabilities. These packs are tailored to augment…

Uncovering GStreamer secrets

In this post, I’ll walk you through the vulnerabilities I uncovered in the GStreamer library and how I built a custom fuzzing generator to target MP4 files.

CodeQL zero to hero part 4: Gradio framework case study

Learn how I discovered 11 new vulnerabilities by writing CodeQL models for Gradio framework and how you can do it, too.

Attacking browser extensions

Learn about browser extension security and secure your extensions with the help of CodeQL.

Cybersecurity spotlight on bug bounty researcher @adrianoapj

As we wrap up Cybersecurity Awareness Month, the GitHub Bug Bounty team is excited to feature another spotlight on a talented security researcher who participates in the GitHub Security Bug Bounty Program—@adrianoapj!

Cybersecurity spotlight on bug bounty researcher @imrerad

For this year’s Cybersecurity Awareness Month, the GitHub Bug Bounty team is excited to feature another spotlight on a talented security researcher who participates in the GitHub Security Bug Bounty Program—@imrerad!