Securing the world's software, together
Securing the world's software, together
GitHub Security Lab’s mission is to inspire and enable the community to secure the open source software we all depend on.
What we do
Our researchers find and report new vulnerabilities in the open source projects everyone relies on.
We build tools like CodeQL to make security easy for anyone working to secure open source.
We're building a community of security researchers and an open coalition of the world's security teams.
Vulnerabilities we've disclosed
- XSS vulnerability in hotspot link
- Integer overflow in amqp_handle_input
- Remote denial of service or possible information disclosure when connecting to a malicious SSH server
- Heap-based overflow in contrib/pmaixforwardedfrom/pmaixforwardedfrom.c
- Out-of-bounds read in contrib/pmdb2diag/pmdb2diag.c
Meet the team
Coalition
We’re building a coalition of companies who share our belief that the security of open source is important for everyone. Our initial partners have all committed to contribute in different forms to achieving this goal. We invite others to join the effort.
Our tools
Our industry-leading code analysis engine, CodeQL, is now free for use on open source. CodeQL lets you query code as though it were data. Write a query to find all variants of a vulnerability, eradicating it forever. Then share your query to help others do the same.
Download CodeQL
Join the effort
As a security researcher, your expertise is instrumental in securing the world’s software. Codify that knowledge as an expressive, executable, and repeatable CodeQL query that can be run on many codebases. Get rewarded for queries that have a positive impact on open source projects through our bounty program.
See our bounties