Vulnerability-research

We are excited to introduce the new CodeQL Community Packs, a comprehensive set of queries and models designed to enhance your code analysis capabilities. These packs are tailored to augment… The post Announcing CodeQL Community Packs appeared first on The GitHub Blog.

In this post, I’ll walk you through the vulnerabilities I uncovered in the GStreamer library and how I built a custom fuzzing generator to target MP4 files. The post Uncovering GStreamer secrets appeared first on The GitHub Blog.

Learn how I discovered 11 new vulnerabilities by writing CodeQL models for Gradio framework and how you can do it, too. The post CodeQL zero to hero part 4: Gradio framework case study appeared first on The GitHub Blog.

Learn about browser extension security and secure your extensions with the help of CodeQL. The post Attacking browser extensions appeared first on The GitHub Blog.

As we wrap up Cybersecurity Awareness Month, the GitHub Bug Bounty team is excited to feature another spotlight on a talented security researcher who participates in the GitHub Security Bug Bounty Program—@adrianoapj! The post Cybersecurity spotlight on bug bounty researcher @adrianoapj appeared first on The GitHub Blog.

For this year’s Cybersecurity Awareness Month, the GitHub Bug Bounty team is excited to feature another spotlight on a talented security researcher who participates in the GitHub Security Bug Bounty Program—@imrerad! The post Cybersecurity spotlight on bug bounty researcher @imrerad appeared first on The GitHub Blog.

For this year’s Cybersecurity Awareness Month, GitHub’s Bug Bounty team is excited to offer some additional incentives to security researchers! The post Kicking off Cybersecurity Awareness Month: Researcher spotlights and additional incentives! appeared first on The GitHub Blog.

In this post, I'll exploit CVE-2024-5830, a type confusion in Chrome that allows remote code execution (RCE) in the renderer sandbox of Chrome by a single visit to a malicious site. The post From object transition to RCE in the Chrome renderer appeared first on The GitHub Blog.

In this blog post, we'll explain how we discovered three critical vulnerabilities in Kafka UI and how they can be exploited. The post 3 ways to get Remote Code Execution in Kafka UI appeared first on The GitHub Blog.

In this blog post, we'll explain how we discovered three critical vulnerabilities in Kafka UI and how they can be exploited. The post 3 ways to get Remote Code Execution in Kafka UI appeared first on The GitHub Blog.