English
English Indonesia Türkçe Deutsch Español Português Pусский Français Italiano Nederlands Polski العربية ไทย Tiếng Việt 繁體中文 简体中文 日本語 한국어
GHSecurityLab's profile picture. GitHub Security Lab’s mission is to inspire and enable the community to secure the open source software we all depend on.

GitHub Security Lab

@GHSecurityLab

GitHub Security Lab’s mission is to inspire and enable the community to secure the open source software we all depend on.

1KPosts 26KFollowers 15Following
You might like
Pinned
GHSecurityLab's profile picture.
GitHub Security Lab
@GHSecurityLab
Feb 14

Find the GitHub Security Lab now on LinkedIn, Mastodon and Bluesky! 👇

7
5
8
2
3K
GitHub Security Lab reposted
artsploit's profile picture.
Michael Stepankin
 @artsploit
Jan 22

Last year, I committed to uncovering critical vulnerabilities in Maven repositories. Now it’s time to share the findings: RCE in Sonatype Nexus, Cache Poisoning in JFrog Artifactory, and more! Read it all below 🧵

artsploit's tweet image. Last year, I committed to uncovering critical vulnerabilities in Maven repositories. Now it’s time to share the findings: RCE in Sonatype Nexus, Cache Poisoning in JFrog Artifactory, and more! Read it all below 🧵
8
84
302
158
29K
GHSecurityLab's profile picture.
GitHub Security Lab
@GHSecurityLab
Jan 9

How to secure your GitHub Actions workflows with CodeQL. Dive into this actionable supply chain security research from @pwntester . This work resulted in dozens of high impact supply chain findings and, most importantly, added CodeQL support for your GitHub workflows!…

GHSecurityLab's tweet image. How to secure your GitHub Actions workflows with CodeQL. Dive into this actionable supply chain security research from @pwntester . This work resulted in dozens of high impact supply chain findings and, most importantly, added CodeQL support for your GitHub workflows!…
6
15
54
12
6K
GitHub Security Lab reposted
bliutech's profile picture.
Benson Liu
 @bliutech
Dec 30

Ever wanted to learn fuzzing?!?! 🐛 Me and some other folks at @pbrucla recently ran a project where we taught folks about the basics of fuzzing with Honggfuzz. 👀 Some fun activities inspired by the Fuzzing101 repo from the folks at @GHSecurityLab! 🤗 github.com/pbrucla/fuzzin…

bliutech's tweet card. 🐛 UCLA ACM Cyber's Fuzzing Lab. Contribute to pbrucla/fuzzing-lab development by creating an account on GitHub.
GitHub - pbrucla/fuzzing-lab: 🐛 UCLA ACM Cyber's Fuzzing Lab
Source: github.com
3
54
245
183
13K
GHSecurityLab's profile picture.
GitHub Security Lab
@GHSecurityLab
Dec 23

🎉 Excited to announce the launch of CodeQL Community Packs for Security teams and researchers! 🚀 Supercharge your code analysis with new Query, Model, and Library packs, to find more vulnerabilities, accelerate codebases audit, and secure code effortlessly.…

GHSecurityLab's tweet card. We are excited to introduce the new CodeQL Community Packs, a comprehensive set of queries and models designed to enhance your code analysis capabilities. These packs are tailored to augment…
Announcing CodeQL Community Packs
Source: github.blog
1
12
38
15
5K
GHSecurityLab's profile picture.
GitHub Security Lab
@GHSecurityLab
Dec 19

GHSL-2024-075_GHSL-2024-076: Stored Cross-Site Scripting (XSS) and Remote Code Execution (RCE) via Velocity Template Evaluation in Sonatype Nexus 2 securitylab.github.com/advisories/GHS…

GHSecurityLab's tweet card. Sonatype Nexus 2 is affected by multiple high severity vulnerabilities, including Stored Cross-Site Scripting (XSS) and Remote Code Execution (RCE) via Velocity Template Evaluation.
GHSL-2024-075_GHSL-2024-076: Stored Cross-Site Scripting (XSS) and Remote Code Execution (RCE) via...
Source: securitylab.github.com
0
1
11
2
1K
GHSecurityLab's profile picture.
GitHub Security Lab
@GHSecurityLab
Dec 19

GHSL-2024-072_GHSL-2024-074: Stored Cross-Site Scripting (XSS), Arbitrary File Upload, and Arbitrary File Read/Write via Path Traversal in Reposilite - CVE-2024-36115, CVE-2024-36116, CVE-2024-36117 securitylab.github.com/advisories/GHS…

GHSecurityLab's tweet card. Reposilite is affected by multiple high severity vulnerabilities, including Stored Cross-Site Scripting (XSS) allowing unauthenticated users to steal the victim’s password from the browser’s local...
GHSL-2024-072_GHSL-2024-074: Stored Cross-Site Scripting (XSS), Arbitrary File Upload, and Arbitr...
Source: securitylab.github.com
0
1
4
0
843
GitHub Security Lab reposted
github's profile picture.
GitHub
@github
Dec 18

A new free tier of GitHub Copilot in @code. ✅ 2,000 code completions per month 💬 50 chat messages per month 💫 Models like Claude 3.5 Sonnet or GPT-4o ♥️ More fun for you Check it out today! Oh yeah, and we passed 150M developers on GitHub 💅 github.blog/news-insights/…

github's tweet card. Come and join 150M developers on GitHub that can now code with Copilot for free in VS Code.
Announcing 150M developers and a new free tier for GitHub Copilot in VS Code
Source: github.blog
109
630
3K
408
3.1M
GHSecurityLab's profile picture.
GitHub Security Lab
@GHSecurityLab
Dec 18

🎉 You can now enable code scanning in your GitHub Actions workflow files! ✅ By opting-in to this feature, you can enhance the security of repositories using GitHub Actions. github.blog/changelog/2024…

GHSecurityLab's tweet card. You can now enable code scanning in your GitHub Actions workflow files. By opting-in to this feature, you can enhance the security of repositories using GitHub Actions. Actions analysis support…
Find and fix Actions workflows vulnerabilities with CodeQL (Public Preview) - GitHub Changelog
Source: github.blog
0
7
18
1
5K
LiveOverflow's profile picture. wannabe hacker... he/him 🌱 grow your hacking skills @hextreeio

LiveOverflow 🔴

@LiveOverflow
0xor0ne's profile picture. | CyberSecurity | Reverse Engineering | C and Rust | Exploit | Linux kernel | PhD | My Tweets, My Opinions :) |

0xor0ne

@0xor0ne
PwnFunction's profile picture. alt @matmul

Suraj

@PwnFunction
testanull's profile picture. Kẻ soi mói, Re-searcher @dfsec_com

Janggggg

@testanull
clintgibler's profile picture. 🗡️ Head of Security Research @semgrep 📚 Creator of https://t.co/xwtIAI0CuJ newsletter

Clint Gibler

@clintgibler
gregxsunday's profile picture. Grzegorz Niedziela - a hacker who documents his hacking journey by creating and curating the best content about bug bounty and offensive security.

Bug Bounty Reports Explained

@gregxsunday
steventseeley's profile picture. Artist disguised as a logician. Pwn2Own Winner. Spiritual Alchemy. Divine Science.

ϻг_ϻε

@steventseeley
harshbothra_'s profile picture. Freelance Pentester & Consultant • Cobalt Core Lead & Pentester • Author • Speaker • Blogger • SecurityExplained • Project Bheem • Learn365 • Views are personal

Harsh Bothra

@harshbothra_
snyff's profile picture. Founder/CEO/Trainer/Researcher/CVE archeologist @PentesterLab. Security engineer. Bugs are my own, not of my employer...

Louis Nyffenegger

@snyff
momika233's profile picture. Anda boleh melakukan segala-galanya dari syurga ke bumi, wanita kecil!! If you have any questions, please contact me https://t.co/MkzsavUU9V

张惠倩

@momika233
CrazymanArmy's profile picture. CTFer / APT hunter / RedTeam / BlueTeam the member of @r3kapig the leader of @ShadowChasing1 CVE-2022-30190 find job opportunities opinions are own not group

crazyman_army

@CrazymanArmy
haxor31337's profile picture. 29 y/o Bug Bounty Hunter and Red Teamer at Viettel Cyber Security. Brand Ambassador @Hacker0x01 - Researcher Spotlight @Bugcrowd

Tuan Anh Nguyen⚡️ 🇻🇳

@haxor31337
alexjplaskett's profile picture. Security Researcher | Pwn2Own 2018, 2021, 2022, 2024 | Posts about 0day, OS, mobile and embedded security.

Alex Plaskett

@alexjplaskett
5aelo's profile picture. Working on Project Zero, Big Sleep, and V8 Security. Personal account. Also @saelo@chaos.social and https://t.co/aVitnPjBie

Samuel Groß

@5aelo
ky1ebot's profile picture. CTF player @Shellphish | PhD Student @ASU | @angrdothorse dev | Author of how2heap | Vulnerability Research Hobbyist | @kylebot@infosec.exchange

kylebot

@ky1ebot
_jsoo_'s profile picture. Founder https://t.co/dU7gVAkwY9

Jacob Soo

@_jsoo_
spaceraccoonsec's profile picture. Here to learn! Infosec@Open Government Products | White Hat && SecOps

spaceraccoon | Eugene Lim

@spaceraccoonsec
maddiestone's profile picture. Security Researcher. Previously Google Project Zero and TAG | 0days all day. Love all things bytes, assembly, and glitter. she/her.

Maddie Stone

@maddiestone
pyn3rd's profile picture. Security Researcher&Cloud Security. BlackHat&HITB&CanSecWest Speaker.

pyn3rd

@pyn3rd
Agarri_FR's profile picture. Web hacker and Burp Suite Pro trainer Refer to https://t.co/D5tRH7U2hg for trainings Follow @MasteringBurp for free tips and tricks

Nicolas Grégoire

@Agarri_FR
gss_62's profile picture. vibe coding...

gss_62

@gss_62
yongtae342542's profile picture.

용태

@yongtae342542
Drjiexbeix's profile picture. drjukebox@currently.com 618.edu@SoILLNoiseLLC

DrJukeBox

@Drjiexbeix
shwetabhmmmec's profile picture. Traveller, Foodlover and Yes Software Engineer

shwetabh srivastava

@shwetabhmmmec
elpepedelinter's profile picture.

Kylian AC

@elpepedelinter
CrmlDlght8491's profile picture. A Cancerian Cancerian Cosmic Alchemist, spreading love, empathy, and unity across the cosmos to elevate consciousness and bridge worlds.

Kairo B. Delgadillo

@CrmlDlght8491
hamidarslan_'s profile picture. Doctoral Candidate, Immunology-Metabolism-Metaflammation. @LIMES_Bonn @UniBonn

Arslan Hamid

@hamidarslan_
Mint2BMerry's profile picture.

Chase Minter

@Mint2BMerry
Alchemyst0x's profile picture. // Founder/Threat Intelligence @BlockmageSec // Security Researcher 👀 // #Web3 Dev // Cypherpunk paranoid privacy freak. Chained to these blocks since 2013 🧙

Alchemyst

@Alchemyst0x
CryptO_Oink's profile picture. 🚀 Gem Hunter | MemeCoin Maniac 💎 Hunting for 100x opportunities in the wild west of crypto! 🌐 Stay ahead, stay degen. #CryptoGems #MemeCoinMadness

For the love of Oink 🐷

@CryptO_Oink
CodeAndCogitate's profile picture. Ideas | Intelligence | Humanity | Code | AI

Code and Cogitate

@CodeAndCogitate
FioriLeroyI's profile picture.

fiori

@FioriLeroyI
Grantgrant41361's profile picture. Electrical technologist, graphic designer, blockchain web 3 enthusiast #follow to keep informed!!

Grantoes

@Grantgrant41361
guenther_m54490's profile picture. Premium

Maik Guenther

@guenther_m54490
SindouKon8's profile picture. Travailleur indépendant

Sindou Koné

@SindouKon8
Alisaeedas7's profile picture.

Ali Saeed

@Alisaeedas7
eveusr1's profile picture.

eveusr

@eveusr1
kapeka0's profile picture. Security Developer & Software Researcher

Kapeka

@kapeka0
Raoof_Altaher's profile picture. AI Developer at @DataNextStep | PhD Candidate

Raoof A.

@Raoof_Altaher
Veeraveer143's profile picture.

veera

@Veeraveer143
UUU2025Nov's profile picture. 閲覧及び情報収集目的アカウント。

UUU2025Nov

@UUU2025Nov
jkqqwe62's profile picture.

Rinat

@jkqqwe62
Gamestonk118's profile picture. WE SQUAT & HODL 🦍🚀🏋️🔥🔥

David

@Gamestonk118
mahieddinedev's profile picture.

Mahieddine Amamra

@mahieddinedev
rick_staa's profile picture. Building the future of video AI @livepeer Foundation 🚀 | Open-source advocate & tech enthusiast | Robotics & AI researcher | Jazz/blues enthusiast 🎹.

rickstaa

@rick_staa
SunilRe89032493's profile picture. be an insider👊

Sunil Reddy

@SunilRe89032493
gisioraelvis's profile picture. SWE 🧑🏾‍💻 | Student of Life ✌🏽 | 🚵🌄

Elvis Gisiora

@gisioraelvis
b0l0k_'s profile picture. 🧑‍💼 Director @Ledger 🆓 https://t.co/yNkYBawMQL 🕸️ https://t.co/Nf8JfILyDn

Vincent BOUZON

@b0l0k_
True_Cyber_Town's profile picture.

CodeSentinel

@True_Cyber_Town
quillstarcross's profile picture. https://t.co/1Zoo67V9B0

Quill Starcross

@quillstarcross
RJimmyM's profile picture.

Jimmy

@RJimmyM
IvanMartin64549's profile picture. aceros

Ivan Martinez

@IvanMartin64549
LexMainye's profile picture. Gamer 🎮 & Data guy 💻

Lex

@LexMainye
yoshin42gs's profile picture.

Yong🦖 Shin

@yoshin42gs
guardyn_io's profile picture. E2EE messaging with Signal Protocol + OpenMLS. Zero metadata collection. Post-quantum crypto. 100% open source (Apache 2.0)

Guardyn Messenger

@guardyn_io
MIKY85315's profile picture.

陈杰

@MIKY85315
callmeyakubi's profile picture. Offensive Cyber Security Consultant / Researcher | siber güvenlik konusunda her şeyi öğrenmek isterken aklına ölüm gelen ve modu düşen şahıs

Yakup Erdem Ünal

@callmeyakubi
jessieq007's profile picture. Building https://t.co/T15FbnqDd3

Jessie Q

@jessieq007
hyeonjeong55606's profile picture. my-mobile.noreply@lge.com

현정원

@hyeonjeong55606
Thejrtrump's profile picture.

Steve McGowan Jr

@Thejrtrump
maazpendari4's profile picture. "AI Engineer | RAG & Agentic AI on AWS/LangChain | Built interview coach w/ FastAPI & LLMs | Python • MCP workflows | Seeking startup projects/jobs 🤖 #RAG #AWS

Maaz

@maazpendari4
Mike173303's profile picture. 我们可以结束这场大洪水,关键是怎样结束。

Mike

@Mike173303
CuriosMusings's profile picture. Christian ✞ | Patriot 🇺🇸 | Freelancer | Creative & Technical Writer | OSINT Analyst | Python Coder | I enjoy simplifying the complex. Truth will win.

Jacob Peabody

@CuriosMusings
KlayThomps29923's profile picture.

KlayFu🍪

@KlayThomps29923
ShabrishNR's profile picture. Cloud and Data Enthusiast| Devops Engineer

Shabrish NR

@ShabrishNR
Nattapo60183846's profile picture. ชอบเที่ยว​🏖️🏞️ ชอบเดินทาง​🚂 ชอบอิสระ​🚀 ชอบบรรยากาศตอนกลางคืน​🌌 ติดสกินชิพ🫂​ introvert 100%🛀 ❗งดเข้ามาหลอกชั่วคราวยังไม่หายดี​ ☔ #fwb #1dot1dot1dot1

👑:ෆ⸒⸒₍ᐢნ-მᐢ₎♡̷'s​ 🪐I.

@Nattapo60183846
shllg_dev's profile picture. CTO @ VayaPin | 20+ years building tech companies & products | Consultant | Father of 3 | Karate 3rd Dan | Berlin | Can build anything—time is the constraint ⚡

shllg

@shllg_dev
hellotwlite's profile picture. ☀️ I am terrible at coding stuff

Twilight

@hellotwlite
RealityFinder99's profile picture. Reality Finder

ReAliTy FiNdEr

@RealityFinder99

United States Trends

You might like

Something went wrong.


Something went wrong.