We wrapped up 2025 on a high note—here are the bug bounty stats for December! ✅ 151 bounty reports submitted 👥110 hackers participated in our program 💰Awarded $48,367 in bounties Found a vulnerability? Submit it here: https://bounty.github.com.
About us
- Website
-
https://securitylab.github.com
External link for GitHub Security Lab
- Industry
- Software Development
Updates
-
Learn why some vulnerabilities resist to fuzzing and persist in long-enrolled OSS-Fuzz projects, and how you can find them! Read all about it in our new blog: https://lnkd.in/g6vefmVZ
-
-
GitHub Security Lab reposted this
🎶’twas the night before Christmas, and nothing looked strange, until malicious artifacts showed up in the change 🎶 in light of some recent open source malware campaigns, we’ve outlined some practical steps teams can take now - using phishing-resistant MFA, rotating and scoping tokens, reviewing third-party access, and adopting safer package publishing workflows a little security cleanup now can help avoid unwelcome presents in the new year 🎁 read the post: https://lnkd.in/eEEngZ8v
-
In just 17 minutes, 📌 Jaroslav Lobačevski shares his knowledge about securing GitHub Actions, drawing from hands-on experience uncovering hundreds of real-world vulnerabilities. Topics include: • Best practices of using third party actions • The security model of GitHub Actions: tokens and permissions, jobs isolation and secrets • pull_request vs pull_request_target • Common pitfalls that lead to Remote Code Execution (RCE): interpolation and environment injections, cache poisoning • …and more The talk wraps up with FREE tools to automate GitHub Actions security you can start using TODAY. https://lnkd.in/gpHRzQCd
-
GitHub Security Lab discovered a critical vulnerability in WooCommerce. We’d like to thank WooCommerce/Automattic for their incredibly quick response and fix of the vulnerability. “A critical vulnerability was discovered in WooCommerce (versions 8.1 to 10.4.2) that, if exploited, could allow logged-in customers to access order details belonging to guest customers.” If you are using WooCommerce, please update. For more info see WooCommerce’s blog post: https://lnkd.in/gDcU_--M
-
The Security Lab is hiring Security Researchers in the US and in the UK! Reporting to Kevin Backhouse and Xavier René-Corail. Apply on the GitHub Careers page! Search for "Security Lab" https://lnkd.in/gj4kJuyp
I am hiring a Principal Security Researcher for the GitHub Security Lab! - If you're passionate about open source software and want to join a team of talented security folks dedicated to secure open source projects, help maintainers, and research the new vulnerability patterns we need protection from, - If you're looking for a culture that fosters continuous learning, encourages experiments, and values collaboration, Don't miss this opportunity: https://lnkd.in/gew9v9kg
-
We’re #hiring. 2 Principal Security Researchers, in the US and the UK. Know anyone who might be interested?
-
Hello Hackers! Here are our November bug bounty stats! 🐛146 bounty reports submitted 👩💻102 hackers participated in our program 💰Awarded $93,068 in bounties Found a vulnerability? Submit it here: https://bounty.github.com/
-
Attending AI Native DevCon? Join Joseph Katsioloudes and discover practical ways to use AI for security through 14 live GitHub Copilot demos from secure coding, to supply chain decisions, to MCP servers. 📅 November 19, 11:40 AM EST 📍 Industry City, Kings County, NY + online 👉 ainativedev.io/devcon
