Vulnerability research

4 posts

A step-by-step guide for open source maintainers on how to handle vulnerability reports confidently from the start. The post A maintainer’s guide to vulnerability disclosure: GitHub tools to make it simple appeared first on The GitHub Blog.

Nancy Gariché3/24/2025

Critical authentication bypass vulnerabilities (CVE-2025-25291 + CVE-2025-25292) were discovered in ruby-saml up to version 1.17.0. In this blog post, we'll shed light on how these vulnerabilities that rely on a parser differential were uncovered. The post Sign in as anyone: Bypassing SAML SSO authentication with parser differentials appeared first on The GitHub Blog.

Peter Stöckli3/12/2025

Discover the exciting world of cybersecurity research: what researchers do, essential skills, and actionable steps to begin your journey toward protecting the digital world. The post Cybersecurity researchers: Digital detectives in a connected world appeared first on The GitHub Blog.

Nancy Gariché1/29/2025

Learn how specially crafted artifacts can be used to attack Maven repository managers. This post describes PoC exploits that can lead to pre-auth remote code execution and poisoning of the local artifacts in Sonatype Nexus and JFrog Artifactory. The post Attacks on Maven proxy repositories appeared first on The GitHub Blog.

Michael Stepankin1/22/2025