🚀 CodeQL zero to hero part 3: Security research with CodeQL! Learn how to audit applications for vulnerabilities with CodeQL, tricks we can use for security research workflow, and how to find bugs in thousands of GitHub repos at once using MRVA.

github.blog/2024-04-29-cod…

Hey, security folks! Want to help us secure the world's software and share your security expertise at #GitHubUniverse ? Apply to be a speaker!

🤖🔐 Can We Trust AI-Generated Code? 🔐🤖

We're diving into AI's role in development with Joseph Katsioloudes from GitHub Security Lab! 🚀

🤖 Is AI-generated code safe for production?
🔍 Importance of thorough code reviews.
✅ Best security practices.

#AISecurity #GitHubCopilot

Uh-oh 😱 Seems like the RCE issues we reported in OpenMetadata are being exploited in the wild! 🔥 If you havent patched your instances to v1.2.4, please do it now! thehackernews.com/2024/04/hacker…

GHSL-2024-033: Server-Side Request Forgery (SSRF) in open-webui - CVE-2024-30256 securitylab.github.com/advisories/GHS…

GHSL-2024-019_GHSL-2024-024: Multiple command injections and path injections in Kohya_ss - CVE-2024-32022, CVE-2024-32026, CVE-2024-32025, CVE-2024-32027, CVE-2024-32024, CVE-2024-32023 securitylab.github.com/advisories/GHS…

GHSL-2023-257: Server-Side Request Forgery (SSRF) in Plane - CVE-2024-31461 securitylab.github.com/advisories/GHS…

GHSL-2023-250: Unauthenticated limited file write in DocsGPT - CVE-2024-31451 securitylab.github.com/advisories/GHS…

GHSL-2023-253: Cross-Site Scripting (XSS) in openrasp - CVE-2024-29183. This could allow an unauthenticated attacker to gain the session of users. securitylab.github.com/advisories/GHS…

GHSL-2023-154_GHSL-2023-156: Server-Side Request Forgery (SSRF) and Cross-Site Scripting (XSS) in memos API - CVE-2024-29028, CVE-2024-29029, CVE-2024-29030. These could lead to privilege escalation and information disclosure. securitylab.github.com/advisories/GHS…

GHSL-2024-010: Limited file write in Stable-diffusion-webui - CVE-2024-31462 securitylab.github.com/advisories/GHS…

GHSL-2023-277: Arbitrary File Deletion (AFD) in Owncast - CVE-2024-31450 securitylab.github.com/advisories/GHS…

GHSL-2023-225, GHSL-2023-226, GHSL-2023-227, and GHSL-2023-228: Server-Side Request Forgery (SSRF) and Denial of Service (DoS) in Mealie - CVE-2024-31991, CVE-2024-31992, CVE-2024-31993, CVE-2024-31994 securitylab.github.com/advisories/GHS…

Level up your security game on GitHub with seamless security research! Discover code scanning, CVE management, and more within GitHub's ecosystem. Check out this insightful blog post now! 🔒 #GitHub #SecurityResearch #CodeScanning #CVEManagement
github.blog/2024-04-03-sec…

GHSL-2023-015: Unsafe deserialization in Apache Submarine - CVE-2023-46302
securitylab.github.com/advisories/GHS…

GHSL-2023-205_GHSL-2023-206: Cross-site scripting (XSS) and arbitrary command execution vulnerability in go2rtc - CVE-2024-29191, CVE-2024-29192, CVE-2024-29193
securitylab.github.com/advisories/GHS…