Home Original page

GitHub Security Lab

Our Mission

Contributions from maintainers, developers, and security researchers around the world push us forward, making the open source software a better place.

Security Research

Dive into security research on open-source projects to explore new and emerging threats, and learn how to mitigate them so that you can make your own software more secure.

Read the Research

1181

vulnerabilities found

by Security Lab researchers

819 CVEs credited

  • Code injection in vets-api

    GHSL-2025-105 • published 2025/12/19 00:00:00 ago • Peter Stöckli

  • Code injection in acl-anthology

  • Code Injection in esphome/esphome-docs Github Actions Workflow

    GHSL-2025-106 • published 2025/12/11 00:00:00 ago • Man Yue Mo

  • Cross-site scripting (XSS) in OpenLibrary barcode scanner

    GHSL-2025-110 • published 2025/12/04 00:00:00 ago • Peter Stöckli

  • Cross-site scripting (XSS) in bit platform Boilerplate WebInteropApp - CVE-2025-64710

CodeQL Wall of Fame

Join us in our mission to improve open source security for all

Have you used CodeQL’s variant analysis to find vulnerabilities on open source projects? Give your work the visibility it deserves by submitting your finding for the CodeQL Wall of Fame.

26,000+

security advisories

curated by Security Lab researchers

10,000+  CVEs assigned for OS maintainers

While CVEs identify vulnerabilities, they don’t tell the whole story. Entries in the GitHub Advisory database expand beyond identification to include additional context and details to support automated security tooling – sourced from a global community of security experts and curated by the Security Lab – to help you understand vulnerabilities, assess risk, and fix with confidence and efficiency.

Resources

Contributions from maintainers, developers, and security researchers around the world push us forward, making the open source software a better place.

Open Source Community

Learn about secure coding practices, get hands-on with AppSec training, and connect with experts during our office hours – free for open source developers, maintainers, and security researchers.

GitHub Security Lab for the Enterprise

At the GitHub Security Lab, our security experts, through community collaboration, strengthen open source security which is crucial for enterprises. We channel the community’s contributions into proven CodeQL queries and timely security advisories, and offer enterprises actionable insights that help secure your supply chain and accelerate the software development lifecycle.

Team

At the GitHub Security Lab, we cultivate a collaborative community of developers and security experts who work together to bolster the security of open source software.

Meet the team

To keep this community open and welcoming, please read our Code of Conduct.