GitHub Security Lab

Software Development

Securing open source software, together

About us

Website: https://securitylab.github.com
External link for GitHub Security Lab
Industry: Software Development

Updates

GitHub Security Lab reposted this
Elizabeth Eigner

Cybersecurity Policy Strategist at Microsoft
2d Edited
Report this post
🛸 Looking for signs of intelligent life at DEF CON? 👽 come join me, Trey Ford, Madison Oliver,and Chandan at "Disclosure Encounters of a New Kind: Building the CVE Program of the Future". We’ll talk about the future of the CVE program, how CVE labelling can evolve with emerging technologies, and how public policy can promote innovation within the CVE Program to meet growing global expectations. 📅 Saturday, Aug 9, 12:30 PM 📍 Policy Stage Policy @ DEF CON - Room 234 Come for the panel, stay for the close encounters (of the cybersecurity kind)! And reach out to me if you'll be at #DEFCON #CVE #Cybersecurity #DEFCON33
1 Comment

Like Comment Share
GitHub Security Lab

2,687 followers
2w
Report this post
GHSL-2025-059_7: Denial of Service (DoS) because of null pointer dereference in 7-Zip - CVE-2025-53817 https://lnkd.in/gEAYU3h2

GHSL-2025-059_7: Denial of Service (DoS) because of null pointer dereference in 7-Zip - CVE-2025-53817

securitylab.github.com

Like Comment Share
GitHub Security Lab

2,687 followers
2w
Report this post
GHSL-2025-058_7: Denial of Service (DoS) because of memory corruption in 7-Zip - CVE-2025-53816 https://lnkd.in/gqbAH86V

GHSL-2025-058_7: Denial of Service (DoS) because of memory corruption in 7-Zip - CVE-2025-53816

securitylab.github.com

Like Comment Share
GitHub Security Lab

2,687 followers
3w
Report this post
New from the GitHub Security Lab: Misconfigured CORS can expose web applications to serious security risks—but detecting those issues across frameworks isn’t always straightforward. In this deep dive, Kevin Stubbings shows how to model CORS headers and middleware with CodeQL to uncover vulnerabilities—even in custom or third-party frameworks like Gin in Go. Whether you’re a developer or security researcher, this is a must-read on strengthening your app’s defenses. 👉 https://lnkd.in/g3DEgGhr

Modeling CORS frameworks with CodeQL to find security vulnerabilities

https://github.blog

Like Comment Share
GitHub Security Lab

2,687 followers
3w Edited
Report this post
Curious how GitHub helps secure the open source software the world runs on? Join us tomorrow at WeAreDevelopers World Congress 2025 and see it in action. 🕚 July 10, 16:10 CET 📍 Stage 11
Like Comment Share
GitHub Security Lab

2,687 followers
1mo
Report this post
🔐 New vulnerability research from the GitHub Security Lab CVE-2025-53367 is an exploitable out-of-bounds write in DjVuLibre, a graphics library used in several document processing tools. GitHub researchers Antonio Morales and Kevin Backhouse teamed up on this one: – Antonio found the bug via fuzzing – Kev built a proof of concept exploit This vulnerability can lead to remote code execution on Linux desktops. 📖 Read the announcement: https://lnkd.in/gH9RDbMy

CVE-2025-53367: An exploitable out-of-bounds write in DjVuLibre

https://github.blog

Like Comment Share
GitHub Security Lab reposted this
GitHub

5,043,063 followers
1mo
Report this post
Think you can hack an LLM? 👾 How about fixing the code to prevent the hack in the future? 👀 Play the GitHub Secure Code Game and find out. 🎮 gh.io/secure-code-game

5 Comments

Like Comment Share
GitHub Security Lab

2,687 followers
1mo
Report this post
Here are our June bug bounty stats! ✅ 120 bounty reports submitted 👥 103 hackers participated in our program 💰 Awarded $43,651 in bounties Found a vulnerability? Submit it here: https://bounty.github.com

GitHub Security

bounty.github.com

1 Comment

Like Comment Share
GitHub Security Lab

2,687 followers
1mo
Report this post
Here are our May bug bounty stats! ✅159 bounty reports submitted 👥118 hackers participated in our program 💰 Awarded $47,551 in bounties Found a vulnerability? Submit it here: https://bounty.github.com

GitHub Security

bounty.github.com

Like Comment Share
GitHub Security Lab

2,687 followers
1mo
Report this post
We break down DNS rebinding attacks in our latest blog post. Explore the topic further and see how it can be used to exploit vulnerabilities in the real-world. https://lnkd.in/gakcYsB6

DNS rebinding attacks explained: The lookup is coming from inside the house!

https://github.blog

Like Comment Share

GitHub Security Lab

Software Development

Securing open source software, together

About us

Updates

GHSL-2025-059_7: Denial of Service (DoS) because of null pointer dereference in 7-Zip - CVE-2025-53817

securitylab.github.com

GHSL-2025-058_7: Denial of Service (DoS) because of memory corruption in 7-Zip - CVE-2025-53816

securitylab.github.com

Modeling CORS frameworks with CodeQL to find security vulnerabilities

https://github.blog

CVE-2025-53367: An exploitable out-of-bounds write in DjVuLibre

https://github.blog

GitHub Security

bounty.github.com

GitHub Security

bounty.github.com

DNS rebinding attacks explained: The lookup is coming from inside the house!

https://github.blog

Join now to see what you are missing

Affiliated pages

Microsoft

GitHub

GitHub Brasil

GitHub LATAM

GitHub Education

GitHub Enterprise

Student Developer Pack

Similar pages

Microsoft

Google

GitLab

W3Schools.com

OpenAI

GeeksforGeeks

Atlassian

Amazon

IBM

Meta