Enhance security by fostering global collaboration.
We do the hard work, you can use it.
Dive into security research on open-source projects to explore new and emerging threats, and learn how to mitigate them so that you can make your own software more secure.
Read the ResearchLatest vulnerabilities disclosed
-
Poisoned Pipeline Execution (PPE) via Code Injection in multiple Eclipse repositories
-
Possible secret exfiltration and repository manipulation via environment variable injection in docker-mailserver
-
Code Injection in dream-num/univer’s Action’s workflows
-
Remote Code Execution (RCE) via Cross-Site Scripting (XSS) in Umbrel - CVE-2024-49379
-
Poisoned Pipeline Execution (PPE) via code injection in Sympy
Open doors, open solutions:
Embracing Enterprise & Open Source
Open Source Community
Learn about secure coding practices, get hands-on with AppSec training, and connect with experts during our office hours – free for open source developers, maintainers, and security researchers.
GitHub Security Lab for the Enterprise
At the GitHub Security Lab, our security experts, through community collaboration, strengthen open source security which is crucial for enterprises. We channel the community’s contributions into proven CodeQL queries and timely security advisories, and offer enterprises actionable insights that help secure your supply chain and accelerate the software development lifecycle.
About the GitHub Security Lab.
Learn more on GitHub Security Lab
Through research, education, and maintenance of the GitHub Advisory Database, we empower the community.
We’re active on social media!
Through research, education, and maintenance of the GitHub Advisory Database, we empower the community.