Enhance security by fostering global collaboration.
We do the hard work, you can use it.
Dive into security research on open-source projects to explore new and emerging threats, and learn how to mitigate them so that you can make your own software more secure.
Read the ResearchLatest vulnerabilities disclosed
-
Poisoned Pipeline Execution (PPE) via code injection in Sympy
-
Poisoned Pipeline Execution (PPE) via code injection in Trino DB
-
Poisoned Pipeline Execution (PPE) via execution of untrusted checked-out code in Hibernate ORM
-
Poisoned Pipeline Execution (PPE) via environment variable injection in Zephyr
-
Remote Code Execution in Plenti via arbitrary file write and arbitrary file deletion - CVE-2024-49380, CVE-2024-49381
Open doors, open solutions:
Embracing Enterprise & Open Source
Open Source Community
Learn about secure coding practices, get hands-on with AppSec training, and connect with experts during our office hours – free for open source developers, maintainers, and security researchers.
GitHub Security Lab for the Enterprise
At the GitHub Security Lab, our security experts, through community collaboration, strengthen open source security which is crucial for enterprises. We channel the community’s contributions into proven CodeQL queries and timely security advisories, and offer enterprises actionable insights that help secure your supply chain and accelerate the software development lifecycle.
About the GitHub Security Lab.
Learn more on GitHub Security Lab
Through research, education, and maintenance of the GitHub Advisory Database, we empower the community.
We’re active on social media!
Through research, education, and maintenance of the GitHub Advisory Database, we empower the community.