Vulnerabilities we've disclosed (before March 2020)
GitHub Security Lab researchers find vulnerabilities in key, widely-used open source projects. We then coordinate the disclosure of those vulnerabilities to security teams at those projects. We only publish vulnerabilities here after they’ve been announced by the affected projects' development teams and patches are available. See our disclosure policy for more information.
This page lists disclosures prior to March 2020. For recent disclosures, please visit the advisories page.
123 CVEs discovered by GitHub Security Lab (prior to March 2020)
-
Use-after-free in memory pools during data transfer
-
OOB Read in getstateflags function
-
Multiple int-to-bool casting vulnerabilities, leading to heap overflow
-
OOB read in btfdp due to uninitialized value in hidegroups_init() function
-
Potential buffer overflow in ModPlug_SampleName and ModPlug_InstrumentName
-
Stack overflow (stack exhaustion) in listdir (remote DoS)
-
Integer overflow in amqp_handle_input
-
Heap-based overflow in contrib/pmcisconames/pmcisconames.c
-
Heap-based overflow in contrib/pmaixforwardedfrom/pmaixforwardedfrom.c
-
Out-of-bounds read in contrib/pmdb2diag/pmdb2diag.c
-
XSS vulnerability in hotspot link
-
Multiple NULL deref on alloc_workqueue
-
Use after free in media session
-
File Permission Problems on NPS
-
Heap Overflow parsing Amiga Oktalyzer files
-
Heap Overflow parsing MTM
-
Stack based out-of-bounds memory read
-
12 memory corruption vulnerabilities including heap overflows
-
13 remote code vulnerabilities in UBoot including stack overflows
-
Command Injection Vulnerability in kill-port Package
-
Code Injection Vulnerability in morgan Package
-
Prototype pollution in merge package
-
Prototype pollution in extend package
-
Prototype pollution in just-extend package
-
Prototype pollution in node.extend package
-
Prototype pollution in defaults-deep package
-
Prototype pollution in lodash package
-
Information disclosure vulnerability due to unsafe XML External Entities processing
-
Prototype pollution in mpath package
-
Command injection in ps package
-
Command injection in libnmap package
-
Prototype pollution in cached-path-relative package
-
Type confusion vulnerability in Ghostscript when opening or processing PS and PDF files
-
RCE vulnerability in Ghostscript when opening or processing PS and PDF files
-
RCE vulnerability in Ghostscript when opening or processing PS and PDF files
-
RCE vulnerability in Icecast Server
-
Kernel RCE caused by buffer overflows in macOS NFS client
-
RCE vulnerability in Apache Struts
-
Chakra Scripting Engine Memory Corruption Vulnerability
-
SPARQL injection in VIVO
-
Stack buffer overflow in libav (snprintf overflow)
-
Denial of service due to quadratic call to strstr in srtdec.c (close tag scanning)
-
Denial of service due to quadratic call to sscanf in srtdec.c (close brace scanning)
-
Denial of service due to use of sscanf in inner loop in htmlsubtitles.c (close tag scanning)
-
FFmpeg denial of service due to use of sscanf in inner loop in htmlsubtitles.c (close brace scanning)
-
RCE in Apache Ignite via GridClientJdkMarshaller
-
Possible RCE in Apache Ignite deserialization endpoints
-
Denial of service due to symlink traversal
-
PID race enables an unprivileged to read the ASLR offsets of a privileged process
-
Code execution due to integer overflow when handling large crash dumps
-
Denial of service (crash due to heap buffer overflow) when handling large crash dumps
-
Local privilege escalation due to TOCTOU in crash reporter
-
Remote denial of service or possible information disclosure when connecting to a malicious SSH server
-
Remote information disclosure when connecting to a malicious SSH server
-
Remote denial of service (null pointer dereference) when connecting to a malicious HTTP server
-
Denial of service (assertion failure) when reading a crafted CRW image file
-
Denial of service (uncaught std::bad_alloc exception) when reading a crafted PNG image file
-
Denial of service (integer overflow leading to a very large allocation) when reading a crafted WEBP image file
-
Denial of service (integer overflow leading to an out-of-bounds read) when reading a craft CRW image file
-
Denial of service (integer overflow leading to a very large allocation) when reading a crafted PNG image file
-
Denial of service (SIGSEGV) when reading a crafted PNG image file
-
Denial of service due to heap corruption in PHP function scrypt_enc
-
Denial of service vulnerability in Facebook Fizz
-
Ansible: path traversal in the fetch module
-
Unsafe deserialization in Infinispan
-
Apache Batik information disclosure vulnerability
-
Stack buffer overflow in rsyslog librelp
-
RCE in Apache Geode due to unsafe deserialization of application objects
-
RCE in Apache Geode due unsafe deserialization in TcpServer
-
XXE vulnerability in Apache Hadoop
-
RCE in Apple's packet-mangler
-
RCE in Apple's packet-mangler
-
Denial of service (infinite loop) in Apple's packet-mangler
-
Parameter entity XXE vulnerability in Restlet
-
RCE in PATCH requests in Spring Data REST
-
RCE vulnerability in Spring AMQP
-
XML External Entity expansion vulnerability in Restlet
-
Arbitrary code execution via Swagger YAML parser
-
XXE vulnerability in JBoss business process manager
-
Apache Camel's Castor unmarshalling operation is vulnerable to RCE attacks
-
RCE vulnerability in the Apache Struts REST plugin
-
Unsafe deserialization in Apache Spark launcher API
-
RFD vulnerability in Etherpad Lite's HTTP API
-
XSS in Etherpad Lite before v1.6.3 via window.location.href
-
Buffer underflow vulnerability in strongSwan VPN charon server
-
Kernel crash caused by buffer overflow in Apple's ICMP packet-handling code
-
Negative integer overflows in Apple's NFS Diskless Boot
-
Memory exposure vulnerability in DTrace
-
Scripting engine remote memory corruption vulnerability
Disclosure policy
Read our disclosure policy.