Enhance security by fostering global collaboration.
We do the hard work, you can use it.
Dive into security research on open-source projects to explore new and emerging threats, and learn how to mitigate them so that you can make your own software more secure.
Read the ResearchLatest vulnerabilities disclosed
-
Poisoned Pipeline Execution (PPE) in Microsoft FluentUI
-
Poisoned Pipeline Execution (PPE) in Amplification leading to potential acccount takeover
-
Code execution in trusted context via a GitHub Action of Tribler
-
Open redirect in Sickchill - CVE-2024-53995
-
Environment Variable injection in a Feign GitHub Actions workflow
Open doors, open solutions:
Embracing Enterprise & Open Source
Open Source Community
Learn about secure coding practices, get hands-on with AppSec training, and connect with experts during our office hours – free for open source developers, maintainers, and security researchers.
GitHub Security Lab for the Enterprise
At the GitHub Security Lab, our security experts, through community collaboration, strengthen open source security which is crucial for enterprises. We channel the community’s contributions into proven CodeQL queries and timely security advisories, and offer enterprises actionable insights that help secure your supply chain and accelerate the software development lifecycle.
About the GitHub Security Lab.
Learn more on GitHub Security Lab
Through research, education, and maintenance of the GitHub Advisory Database, we empower the community.
We’re active on social media!
Through research, education, and maintenance of the GitHub Advisory Database, we empower the community.