Enhance security by fostering global collaboration.
We do the hard work, you can use it.
Dive into security research on open-source projects to explore new and emerging threats, and learn how to mitigate them so that you can make your own software more secure.
Read the ResearchLatest vulnerabilities disclosed
-
Code Injection in Angular JA’s Actions workflow
-
Cross Site Scripting (XSS) in palindrome checker from freeCodeCamp/demo-projects
-
Poisoned Pipeline Execution (PPE) in AWS Karpenter Provider
-
Poisoned Pipeline Execution (PPE) in Marimo
-
Information disclosure via PlexRipper’s open CORS policy - CVE-2024-49763
Open doors, open solutions:
Embracing Enterprise & Open Source
Open Source Community
Learn about secure coding practices, get hands-on with AppSec training, and connect with experts during our office hours – free for open source developers, maintainers, and security researchers.
GitHub Security Lab for the Enterprise
At the GitHub Security Lab, our security experts, through community collaboration, strengthen open source security which is crucial for enterprises. We channel the community’s contributions into proven CodeQL queries and timely security advisories, and offer enterprises actionable insights that help secure your supply chain and accelerate the software development lifecycle.
About the GitHub Security Lab.
Learn more on GitHub Security Lab
Through research, education, and maintenance of the GitHub Advisory Database, we empower the community.
We’re active on social media!
Through research, education, and maintenance of the GitHub Advisory Database, we empower the community.