GitHub Security Lab

ID: 9fc9a491-4d37-5eae-8ade-879f147f388f

STIX ID: identity--9fc9a491-4d37-5eae-8ade-879f147f388f

Feed Type: rss

Earliest post: 2025-03-24

Latest post: 2026-04-14

Security research, vulnerability findings, secure coding guidance, and tooling updates from the GitHub Security Lab team — focused on improving open-source safety and advancing community-driven security practices.

Exclude posts that do not describe a security incident

Classification

Min Pub Date

01/01/2020

Max Pub Date

06/04/2026

Title	Date Published ↓	Describes Incident	Author	Visible
Securing the open source supply chain across GitHub	2026-04-01	True	Zachary Steindler	True
A year of open source vulnerability trends: CVEs, advisories, and malware	2026-03-26	True	Jonathan Evans	True
How to scan for vulnerabilities with GitHub Security Lab’s open source AI-powered framework	2026-03-06	True	Man Yue Mo	True
Bugs that survive the heat of continuous fuzzing	2025-12-29	True	Antonio Morales	True
Strengthening supply chain security: Preparing for the next malware campaign	2025-12-23	True	Madison Oliver	True
Our plan for a more secure npm supply chain	2025-09-23	True	Xavier René-Corail	True
Safeguarding VS Code against prompt injections	2025-08-25	True	Michael Stepankin	True
Modeling CORS frameworks with CodeQL to find security vulnerabilities	2025-07-10	True	Kevin Stubbings	True
CVE-2025-53367: An exploitable out-of-bounds write in DjVuLibre	2025-07-03	True	Kevin Backhouse	True
DNS rebinding attacks explained: The lookup is coming from inside the house!	2025-06-03	True	Jaroslav Lobacevski	True
Bypassing MTE with CVE-2025-0072	2025-05-23	True	Man Yue Mo	True
Localhost dangers: CORS and DNS rebinding	2025-04-03	True	Kevin Stubbings	True