GHSL-2025-059_7: Denial of Service (DoS) because of null pointer dereference in 7-Zip - CVE-2025-53817 https://lnkd.in/gEAYU3h2
About us
- Website
-
https://securitylab.github.com
External link for GitHub Security Lab
- Industry
- Software Development
Updates
-
GHSL-2025-058_7: Denial of Service (DoS) because of memory corruption in 7-Zip - CVE-2025-53816 https://lnkd.in/gqbAH86V
-
New from the GitHub Security Lab: Misconfigured CORS can expose web applications to serious security risks—but detecting those issues across frameworks isn’t always straightforward. In this deep dive, Kevin Stubbings shows how to model CORS headers and middleware with CodeQL to uncover vulnerabilities—even in custom or third-party frameworks like Gin in Go. Whether you’re a developer or security researcher, this is a must-read on strengthening your app’s defenses. 👉 https://lnkd.in/g3DEgGhr
-
Curious how GitHub helps secure the open source software the world runs on? Join us tomorrow at WeAreDevelopers World Congress 2025 and see it in action. 🕚 July 10, 16:10 CET 📍 Stage 11
-
-
🔐 New vulnerability research from the GitHub Security Lab CVE-2025-53367 is an exploitable out-of-bounds write in DjVuLibre, a graphics library used in several document processing tools. GitHub researchers Antonio Morales and Kevin Backhouse teamed up on this one: – Antonio found the bug via fuzzing – Kev built a proof of concept exploit This vulnerability can lead to remote code execution on Linux desktops. 📖 Read the announcement: https://lnkd.in/gH9RDbMy
-
GitHub Security Lab reposted this
Think you can hack an LLM? 👾 How about fixing the code to prevent the hack in the future? 👀 Play the GitHub Secure Code Game and find out. 🎮 gh.io/secure-code-game
-
Here are our June bug bounty stats! ✅ 120 bounty reports submitted 👥 103 hackers participated in our program 💰 Awarded $43,651 in bounties Found a vulnerability? Submit it here: https://bounty.github.com
-
Here are our May bug bounty stats! ✅159 bounty reports submitted 👥118 hackers participated in our program 💰 Awarded $47,551 in bounties Found a vulnerability? Submit it here: https://bounty.github.com
-
We break down DNS rebinding attacks in our latest blog post. Explore the topic further and see how it can be used to exploit vulnerabilities in the real-world. https://lnkd.in/gakcYsB6
-
Our Advisory Database surpassed 20,000 reviewed security advisories last year! Discover how GitHub's Advisory Database helps prioritize vulnerabilities and address what matters most in our latest blog post. https://lnkd.in/g23v4BAP