Securing the world's software, together
Securing the world's software, together
GitHub Security Lab’s mission is to inspire and enable the community to secure the open source software we all depend on.
What we do
Our researchers find and report new vulnerabilities in the open source projects everyone relies on.
We build tools like CodeQL to make security easy for anyone working to secure open source.
We're building a community of security researchers and an open coalition of the world's security teams.
Vulnerabilities we've disclosed
- Incorrect use of X509_check_ip_asc
- Incorrect use of X509_check_host
- Incorrect use of X509_check_email
- Use of uninitialized memory in X509_check_host
- Incorrect use of X509_check_host (regarding return value)
Meet the team
Coalition
We’re building a coalition of companies who share our belief that the security of open source is important for everyone. Our initial partners have all committed to contribute in different forms to achieving this goal. We invite others to join the effort.
Our tools
Our industry-leading code analysis engine, CodeQL, is now free for use on open source. CodeQL lets you query code as though it were data. Write a query to find all variants of a vulnerability, eradicating it forever. Then share your query to help others do the same.
Download CodeQL
Join the effort
As a security researcher, your expertise is instrumental in securing the world’s software. Codify that knowledge as an expressive, executable, and repeatable CodeQL query that can be run on many codebases. Get rewarded for queries that have a positive impact on open source projects through our bounty program.
See our bounties