Securing the world's software, together
Securing the world's software, together
GitHub Security Lab’s mission is to inspire and enable the community to secure the open source software we all depend on.
What we do
Our researchers find and report new vulnerabilities in the open source projects everyone relies on.
We build tools like CodeQL to make security easy for anyone working to secure open source.
We're building a community of security researchers and an open coalition of the world's security teams.
Vulnerabilities we've disclosed
-
ReDoS in OpenProject - CVE-2021-32763
-
Reflected Cross-Site Scripting (XSS) leading to Remote Code Execution (RCE) in Nuxeo - CVE-2021-32828
-
DoS and RCE in totaljs
-
Post-authentication Remote Code Execution (RCE) in ZStack REST API - CVE-2021-32829
-
Command injection in @diez/generation - CVE-2021-32830
Meet the team
Our tools
Our industry-leading code analysis engine, CodeQL, is now free for use on open source. CodeQL lets you query code as though it were data. Write a query to find all variants of a vulnerability, eradicating it forever. Then share your query to help others do the same.
Download CodeQLJoin the effort
As a security researcher, your expertise is instrumental in securing the world’s software. Codify that knowledge as an expressive, executable, and repeatable CodeQL query that can be run on many codebases. Get rewarded for queries that have a positive impact on open source projects through our bounty program.
See our bounties