"topic:vulnerability-disclosure" — Search

A collection of templates for generating vulnerability disclosure policies. (NOTE: As of 2024, these templates are now part of the CERT Guide to Coordinated Vulnerability Disclosure, see link in README.)

93Updated 10 months ago

cvd-policydisclosuredisclosure-policyvulnerabilityvulnerability-disclosurevulnerability-disclosure-policies

disclose/dioseal

The Disclose.io Status best practice seal.

76Updated 1 year ago

legalsealtrustmarkvdpvulnerability-disclosurevulnerability-disclosure-policies

LucaBarile/CVE-2023-23396

Exploit and report for CVE-2023-23396.

61Updated 2 years ago

cve-2023-23396denial-of-servicedisclosureexcel-exploitexploitfull-disclosurekb5002356kb5002362microsoft-exceloffice-365paperpocproof-of-conceptreportvulnerabilityvulnerability-disclosurewhite-paperwrite-upwriteup

security-commits/secom

🍵 Specification for security commit messages

JavaScript51Updated 10 months ago

best-practicescommit-messageconventiongithub-templatesecomsecuritysecurity-standardssecurity-vulnerabilitystandardtemplatevulnerability-disclosure

scriptkkiddie/Responsible_Disclosure_VDP_Bug_Bounty

A curated list of Public Bug Bounty, Responsible Disclosure, Vulnerability Disclosure Programs sourced from Community & Internet.

30Updated 2 years ago

bug-bountybug-bounty-huntingbug-huntingbugbountybugbountytipsscriptkkiddievdpvulnerability-disclosurevulnerability-disclosure-policies

marcellomaugeri/AI-CVE-Analyser

Artifact for the paper "AI-related Vulnerabilities within CVEs: Are We Ready Yet? A Study of Vulnerability Disclosure in AI Products" accepted at AISec'25 co-located with ACM CCS

Python10Updated 1 month ago

ai-securitycvegoogle-adkpapers-with-codevulnerability-disclosure

JGoyd/Ghost-Push-Background-Delivery-via-Expired-APNs-Tokens

This repo documents a flaw where APNs delivered push notifications using a cached, expired token—despite failed token lookups and no app re-registration. Background daemons processed the message without an active app context, enabling covert push behavior and violating expected token lifecycle rules.

12Updated 4 months ago

apnsapsdbackground-processingclouddiosios-securitysecurity-researchvulnerability-disclosurezero-day

mrTomatolegit/bftpd-daemon-fd-leak

File descriptor leak vulnerability (CVE pending) in bftpd ≤6.4 daemon mode. Race condition in socket cleanup causes DoS through FD exhaustion. Includes complete analysis, reproduction steps, Docker environment, and patch.

Python00Updated 2 weeks ago

bftpdcvedenial-of-servicedockerfile-descriptor-leakftp-serverlinuxnetwork-securitypatchproof-of-conceptrace-conditionsecurity-advisorysecurity-researchsecurity-vulnerabilityvulnerability-disclosure

ksarieddine/disclosures

This repository contains security vulnerability disclosures and assigned CVEs discovered by ksarieddine. It serves as an index of findings with links to detailed technical write-ups and impact summaries.

01Updated 1 week ago

cisacritical-infrastructurecvecybersecurityev-chargingics-securityocpppenetration-testingresponsible-disclosuresecurity-researchvulnerability-disclosureweb-application-securitywebsocket-security

grich88/aixblock-security-bounty-submission

Security vulnerability research for AIxBlock bug bounty - Critical application stability issues identified and resolved

PowerShell00Updated 4 months ago

aixblockbug-bountysecurity-researchvulnerability-disclosure

jordicor/security-research-archive

Security vulnerabilities discovered and responsibly disclosed (2004-2006). Includes 2 CVEs, Microsoft MSRC acknowledgment, and published advisories.

C00Updated 2 months ago

archivebuffer-overflowcross-site-scriptingcvecybersecurityexploitinfoseclegacymsrcpenetration-testingresponsible-disclosuresecurity-advisoryvulnerability-disclosurexss-vulnerability