GitHub Security Lab’s mission is to inspire and enable the community to secure the open source software we all depend on.

Follow @GHSecurityLab

Find vulnerabilities

Our researchers find and report new vulnerabilities in the open source projects everyone relies on.

Educate the community

We share our research through proof-of-concepts, articles, tutorials, conferences and community events.

Amplify security research

We scale the security research of our community by performing Variants Analysis for open source projects with CodeQL.

Notify the ecosystem

We curate a database of CVEs and security advisories to notify open source developers and maintainers.

Empower others

Make securing open source easy for developers and maintainers.

Foster collaboration

Build a community of security researchers to serve the global open source community.

• Quadratic complexity algorithm in cmark - CVE-2023-22486

• Out-of-bounds read in cmark-gfm - CVE-2023-22485

• Quadratic complexity algorithm in cmark - CVE-2023-22484

• Quadratic complexity algorithms in cmark-gfm - CVE-2023-22483

• SQL injection vulnerabilities in Owncloud Android app - CVE-2023-24804, CVE-2023-23948

by Security Lab researchers

260 since March 2020

Joseph Katsioloudes

Making security easy for developers

@jkcso

@jkcso

Nancy Gariché

Community Building as Secure Code

@nanzggits

Michael Stepankin

get shell or die trying.

@artsploit

Kevin Stubbings

Alright get out. From now on I'll do the memory managing around here.

@Kwstubbs

Peter Stöckli

Helping developers by breaking things.

@p-

@ulldma

Xavier René-Corail

3-legged race organizer: Building bridges between Dev and Sec

@xcorail

@xcorail

Ron Wochner

Breaker of things, fixer of some, curator of many.

@ronwoch

Shelby Cunningham

Security person with a dash of data privacy

@shelbyc