Vulnerability research

Dedicated to advancing the understanding and detection of software vulnerabilities—and explaining the latest vulnerability research from the GitHub Security Lab, which plays a pivotal role in vulnerability research and disclosure. Learn about the methodologies, tools, and techniques used to uncover security flaws in software systems. Go behind the scenes with the GitHub Security Lab, a collaborative initiative that brings together security researchers, developers, and organizations to find and fix security vulnerabilities in open source software. By staying updated with the latest research findings and trends in vulnerability discovery, you can proactively address potential security issues before they become exploitable threats.

Featured

Diagram outlining the different components of doing security research with CodeQL.

CodeQL zero to hero part 3: Security research with CodeQL

Learn how to use CodeQL for security research and improve your security research workflow.

Security research without ever leaving GitHub: From code scanning to CVE via Codespaces and private vulnerability reporting

This blog post is an in-depth walkthrough on how we perform security research leveraging GitHub features, including code scanning, CodeQL, and Codespaces.

Gaining kernel code execution on an MTE-enabled Pixel 8

In this post, I’ll look at CVE-2023-6241, a vulnerability in the Arm Mali GPU that allows a malicious app to gain arbitrary kernel code execution and root on an Android phone. I’ll show how this vulnerability can be exploited even when Memory Tagging Extension (MTE), a powerful mitigation, is enabled on the device.

Securing our home labs: Frigate code review

This blog post describes two linked vulnerabilities found in Frigate, an AI-powered security camera manager, that could have enabled an attacker to silently gain remote code execution.

Latest

Cueing up a calculator: an introduction to exploit development on Linux

Using CVE-2023-43641 as an example, I’ll explain how to develop an exploit for a memory corruption vulnerability on Linux. The exploit has to bypass several mitigations to achieve code execution.

Addressing post-quantum cryptography with CodeQL

Learn how researchers and security experts at GitHub, Microsoft, and Santander came together to address the challenges presented by the post-quantum cryptography world.

Securing our home labs: Home Assistant code review

The GitHub Security Lab examined the most popular open source software running on our home labs, with the aim of enhancing its security. Here’s what we found and what you can do to better protect your own smart home.

Cybersecurity spotlight on bug bounty researcher @Ammar Askar

We’re excited to highlight another top contributing researcher to GitHub’s Bug Bounty Program—@Ammar Askar!

Getting RCE in Chrome with incomplete object initialization in the Maglev compiler

In this post, I’ll exploit CVE-2023-4069, a type confusion in Chrome that allows remote code execution (RCE) in the renderer sandbox of Chrome by a single visit to a malicious site.

Coordinated Disclosure: 1-Click RCE on GNOME (CVE-2023-43641)

CVE-2023-43641 is a vulnerability in libcue, which can lead to code execution by downloading a file on GNOME.

Cybersecurity spotlight on bug bounty researcher @inspector-ambitious

For this year’s Cybersecurity Awareness Month, the GitHub bug bounty team is excited to feature another spotlight on a talented security researcher who participates in the GitHub Security Bug Bounty Program—@inspector-ambitious!

Getting RCE in Chrome with incorrect side effect in the JIT compiler

In this post, I’ll exploit CVE-2023-3420, a type confusion in Chrome that allows remote code execution (RCE) in the renderer sandbox of Chrome by a single visit to a malicious site.

The GitHub Security Lab’s journey to disclosing 500 CVEs in open source projects

The GitHub Security Lab audits open source projects for security vulnerabilities and helps maintainers fix them. Recently, we passed the milestone of 500 CVEs disclosed. Let’s take a trip down memory lane with a review of some noteworthy CVEs!

CodeQL team uses AI to power vulnerability detection in code

Learn how GitHub’s CodeQL leveraged AI modeling and multi-repository variant analysis to discover a new CVE in Gradle.

mTLS: When certificate authentication is done wrong

In this post, we’ll deep dive into some interesting attacks on mTLS authentication. We’ll have a look at implementation vulnerabilities and how developers can make their mTLS systems vulnerable to user impersonation, privilege escalation, and information leakages.

Nine years of the GitHub Security Bug Bounty program

It was another record year for our Security Bug Bounty program! We’re excited to highlight some achievements we’ve made together with the bounty community in 2022!

Closing vulnerabilities in Decidim, a Ruby-based citizen participation platform

This blog post describes two security vulnerabilities in Decidim, a digital platform for citizen participation. Both vulnerabilities were addressed by the Decidim team with corresponding update releases for the supported versions in May 2023.

Security alert: social engineering campaign targets technology industry employees

GitHub has identified a low-volume social engineering campaign that targets the personal accounts of employees of technology firms. No GitHub or npm systems were compromised in this campaign. We’re publishing this blog post as a warning for our customers to prevent exploitation by this threat actor.

GitHub’s revamped VIP Bug Bounty Program

GitHub’s VIP Bug Bounty Program has been updated to include a clear and accessible criteria for receiving an invitation to the program and more. Learn more about the program and how you can become a Hacktocat, and join our community of researchers who are contributing to GitHub’s security with fun perks and access to staff and beta features!