Skip to content

digi-scrypt/open-source-security-contributions

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
README.md
README.md
 
 

Repository files navigation

Open-Source Security Contributions

Digiscrypt Technologies — securing the open-source software the world runs on.

We find and fix security and memory-safety defects in the open-source libraries that millions of applications depend on: image and document parsers, compression and serialization libraries, and networking, logging, and cryptography infrastructure written in C, C++, and Rust.

This repository is our verifiable track record — 260 merged pull requests across 45 open-source projects, roughly 144 of them security / memory-safety / input-hardening fixes. Every entry links to the merged pull request on GitHub.

At a glance

Merged PRs Projects improved Security / hardening fixes Contributor accounts
260 45 ~144 4

Our contributors

This work was carried out by our team across the following GitHub accounts:

Work by category

Category Merged PRs
Correctness / other 111
Input validation / parsing 70
Memory safety 33
Integer / arithmetic 32
Crash / DoS 7
Fuzzing / OSS-Fuzz 5
Leak 2

Top projects improved

Project Merged PRs
web2py/web2py 36
apache/logging-log4cxx 30
Taywee/args 28
Blosc/c-blosc2 25
libjxl/libjxl 17
apache/poi 15
lsh123/xmlsec 12
AOMediaCodec/libavif 10
ada-url/ada 8
ImageMagick/ImageMagick 7
open-mpi/hwloc 6
zyantific/zydis 6
ermig1979/Simd 5
simdjson/simdjson 5
zeek/zeek 4
aio-libs/aiohttp 3
assimp/assimp 3
c-ares/c-ares 3
ibireme/yyjson 3
lballabio/QuantLib 3
nyx-space/anise 3
simdutf/simdutf 3
ada-url/idna 2
google/oss-fuzz 2
apache/arrow 1

Full list of merged contributions

Click to expand the complete list of all 260 merged pull requests, grouped by project

ada-url/ada

  • #1091 — Clarify borrowed ada_string lifetime and add owned host accessor (Correctness / other)
  • #1109 — Fix undefined behavior in verify_dns_length for empty input (Correctness / other)
  • #1123 — Harden URL component offset updates by eliminating unsigned wraparound (Integer / arithmetic)
  • #1125 — Fix URLPattern tokenizer to prevent DoS on malformed UTF-8 (Input validation / parsing)
  • #1136 — incomplete IDNA Bidi validation allowing invalid LTR labels with disallowed trailing code points (Input validation / parsing)
  • #1139 — Fix set_protocol slow-path return consistency (Correctness / other)
  • #1145 — enforce bidi first-character rule in is_label_valid (Correctness / other)
  • #1148 — emit nullopt for unmatched groups in std_regex_provider::regex_search (Crash / DoS)

ada-url/idna

  • #74 — incomplete IDNA Bidi validation allowing invalid LTR labels with disallowed trailing code points (Input validation / parsing)
  • #75 — harden to_unicode post-decode label validation (Input validation / parsing)

aio-libs/aiohttp

  • #12265 — Avoid accessing Py_buffer after release in HTTP parser (Correctness / other)
  • #12385 — Validate Content-Length format in ClientRequest (Input validation / parsing)
  • #12445 — [3.14] Validate Content-Length format in ClientRequest (backport of #12385) (Input validation / parsing)

AOMediaCodec/libavif

  • #2961 — colr: fix undefined behavior and uninitialized gamma output (Memory safety)
  • #3002 — Prevent integer overflow during buffer reallocation (Integer / arithmetic)
  • #3053 — Fix potential integer overflow in rowBytes multiplications (Integer / arithmetic)
  • #3125 — Make libaom encoder diagnostics null-safe (Crash / DoS)
  • #3151 — codec_aom: improve decoder diagnostics consistency (Correctness / other)
  • #3201 — avifImageCopy: check avifImageCreateEmpty() result for gain map image (Input validation / parsing)
  • #3205 — gainmap: check avifImageCreateEmpty() result (Input validation / parsing)
  • #3212 — Make avifAlloc(0) deterministic and fix RWData shrink-to-zero handling (Correctness / other)
  • #3214 — Replace strcpy/strcat with snprintf in apps and tests (Correctness / other)
  • #3219 — Use std::array for pixel buffers in avifrgbtest (Correctness / other)

apache/arrow

  • #49758 — GH-49759: [C++][Integration] Harden BinaryView JSON parsing with runtime validation (Input validation / parsing)

apache/logging-log4cxx

  • #622 — invalid ByteBuffer state that can lead to incorrect read/write sizes (Input validation / parsing)
  • #626 — negative buffer size handling in ODBCAppender to prevent unsigned overflow (Integer / arithmetic)
  • #628 — out-of-bounds write when CyclicBuffer is empty (Memory safety)
  • #633 — bound parameter buffer size before narrowing to SQLINTEGER (Integer / arithmetic)
  • #646 — overflow in toFileSize causing incorrect log rotation limits (Integer / arithmetic)
  • #649 — CyclicBuffer validation ordering and resize wraparound handling (Integer / arithmetic)
  • #650 — Normalize invalid SMTPAppender buffer sizes (Input validation / parsing)
  • #651 — Reject malformed MaxConnections values in TelnetAppender configuration (Input validation / parsing)
  • #653 — Bound multiprocess map-file filename reads (Correctness / other)
  • #654 — Harden OptionConverter::toFileSize input validation (Input validation / parsing)
  • #655 — Add bounds checks to StringHelper::format placeholder handling (Correctness / other)
  • #656 — Normalize invalid FileAppender buffer sizes (Input validation / parsing)
  • #657 — Reject undersized SyslogAppender MaxMessageLength values (Input validation / parsing)
  • #659 — Fix UTF-16 supplementary character encoding (Correctness / other)
  • #660 — Fix ISO Latin-1 decoder sign extension (Correctness / other)
  • #661 — Replace manual exception message buffers with std::string (Correctness / other)
  • #662 — PropertyConfigurator reporting configured state for invalid appenders (Input validation / parsing)
  • #664 — Fix UTF-8 decoder rejecting valid U+0800 three-byte sequence (Correctness / other)
  • #666 — Preserve HTMLLayout attribute values during XML normalization (Correctness / other)
  • #669 — Reject UTF-16 surrogate-half encodings in UTF-8 (Input validation / parsing)
  • #670 — Fix nullptr pointer arithmetic in charset decoder (Crash / DoS)
  • #671 — Prevent rollover failure with short file name patterns (Correctness / other)
  • #672 — Sanitize CRLF characters in SMTPAppender header fields (Input validation / parsing)
  • #674 — Synchronize AsyncAppender getter access with buffer mutex (Correctness / other)
  • #678 — Normalize invalid Unicode scalar values in JSONLayout output (Input validation / parsing)
  • #679 — Fix null deref in ByteArrayOutputStream default constructor (Crash / DoS)
  • #684 — Handle zero-length writes in ByteArrayOutputStream (Input validation / parsing)
  • #685 — Avoid narrowing-sensitive arithmetic in FormattingInfo (Integer / arithmetic)
  • #687 — Fix UB and locale-dependent behavior in StringHelper::toLowerCase (Correctness / other)
  • #688 — Centralize overflow-safe layout sizing and reserve validation (Integer / arithmetic)

apache/poi

  • #1045 — Reject invalid WMF unitsPerInch=0 to prevent infinite scaling (Input validation / parsing)
  • #1055 — Enforce max entry size consistently for streaming ZIP entries (Correctness / other)
  • #1057 — Apply zip bomb checks to encrypted temp ZIP processing (Correctness / other)
  • #1060 — Validate EMF description bounds before allocation (Input validation / parsing)
  • #1063 — Harden temporary file permissions (Correctness / other)
  • #1064 — Harden HPSF allocation-size arithmetic against silent overflow (Integer / arithmetic)
  • #1066 — Reject path traversal filenames during HMEF attachment extraction (Input validation / parsing)
  • #1067 — Reject oversized XSSF table counts during integer conversion (Input validation / parsing)
  • #1070 — Reject oversized OOXML ptCount values in XDDFDataSourcesFactory (Input validation / parsing)
  • #1075 — Validate HDGF v6+ chunk Length before narrowing to int (Integer / arithmetic)
  • #1076 — Guard HDGF PointerFactory offset/length uint32 narrowing (Integer / arithmetic)
  • #1077 — Handle oversized uint32 offsets in QuillContents descriptors (Correctness / other)
  • #1078 — HSLF: reject oversized PersistPtr sheet offsets (Input validation / parsing)
  • #1079 — guard XSSFBUtils wide-string byte length against int overflow (Integer / arithmetic)
  • #1082 — Fix out-of-bounds fill in EmfPlusPath RLE point-type expansion (Memory safety)

aptos-labs/aptos-core

  • #19373 — Prevent untrusted length-based allocation in PROXY protocol parsing (Input validation / parsing)

assimp/assimp

  • #6628 — Prevent Heap Buffer Overflow in MaterialSystem String Assignments (Memory safety)
  • #6652 — replace unsafe strncpy with aiString::Set() in five asset loaders (Correctness / other)
  • #6654 — Migrate OBJ parser from fixed-size stack buffer to std::string (Correctness / other)

avahi/avahi

  • #914 — core: free copy's HINFO 'os' field on rdata copy failure (Correctness / other)

axboe/liburing

  • #1544 — nolibc: fix integer overflow in __uring_malloc (Integer / arithmetic)

babel/babel

  • #17845 — Gate jsxDEV source/self with developmentSourceSelf option (Correctness / other)

babel/website

  • #3185 — Add migration note for developmentSourceSelf option (Correctness / other)

Blosc/c-blosc2

  • #727 — Harden lazy chunk parsing against integer overflow and malformed headers (Integer / arithmetic)
  • #728 — Unify nchunks offsets bounds checks across frame and schunk (Correctness / other)
  • #730 — harden metadata deserialization with bounds and length validation (Input validation / parsing)
  • #731 — Fix out-of-bounds read in lazy VL chunk decompression (Memory safety)
  • #732 — mmap: harden arithmetic checks and align sizing with size_t (Correctness / other)
  • #733 — Harden lazy VL trailer parsing and reject malformed lazy block metadata (Input validation / parsing)
  • #736 — Fix out-of-bounds read in frame parsing validation (Memory safety)
  • #737 — Harden sframe chunk path handling (Correctness / other)
  • #739 — integer overflow in _blosc_getitem leading to out-of-bounds memcpy (Memory safety)
  • #740 — prevent divide-by-zero in update_shape when blockshape is zero (Correctness / other)
  • #741 — add centralized nchunk validation to prevent out-of-bounds access (Memory safety)
  • #750 — Harden validation for open-path offsets and add malformed-offset test (Input validation / parsing)
  • #751 — validate frame_len and trailer_len to prevent overflow and OOB reads (Memory safety)
  • #753 — overflow in VL-block size accumulation causing OOB write (Memory safety)
  • #755 — Fix data races in global configuration APIs using mutex protection (Correctness / other)
  • #758 — Harden metalayer APIs against invalid lengths and unsafe memory usage (Input validation / parsing)
  • #764 — Validate frame trailer length to prevent invalid offset computation (Input validation / parsing)
  • #765 — Fix unsafe string handling to prevent overflows (Correctness / other)
  • #767 — Fix integer overflow leading to potential heap corruption in b2nd (Memory safety)
  • #771 — Validate lazychunk cbytes against frame length to prevent OOB read (Memory safety)
  • #772 — Fix frame metalayer overflow and double-free (Memory safety)
  • #773 — Harden stdio backend against integer overflows (Correctness / other)
  • #774 — Harden stdio/mmap lifecycle and integer safety paths (Correctness / other)
  • #776 — Fix trailer vlmetalayer parsing and NULL-check missing allocation (Crash / DoS)
  • #778 — Fix divide-by-zero in b2nd update_shape (Correctness / other)

c-ares/c-ares

  • #1097 — Replace atoi-based port parsing with validated helper (Correctness / other)
  • #1134 — validate RR counts before preallocation to reject malformed packets early (Input validation / parsing)
  • #1138 — Defer TCP connection error handling until DNS responses are parsed (Correctness / other)

DestinyItemManager/DIM

  • #11715 — Include item name in warning about bad wishlist hashes (Correctness / other)

dloebl/cgif

  • #82 — Handle malloc allocation failures in LZW_GenerateStream (Correctness / other)

duckdb/duckdb

  • #22885 — Fix out-of-bounds write in decode ignore mode (Memory safety)

ermig1979/Simd

  • #350 — Fix integer overflow in JPEG dimension sanity check (Integer / arithmetic)
  • #352 — fix OOB write in JPEG DHT parsing when sizes sum > 256 (Memory safety)
  • #353 — fix uint32 wrap in JpegToRgba output buffer sizing (Correctness / other)
  • #354 — fix OOB write in png ReadTransparency for palette tRNS (Memory safety)
  • #355 — use gray converters for 8-bit bmp in SetConverters (Correctness / other)

formatjs/formatjs

  • #6524 — Add OSS-Fuzz fuzz targets under fuzz (Fuzzing / OSS-Fuzz)

gavinhoward/bc

  • #96 — handle early EOF correctly to avoid infinite loop in fixed-size read (Crash / DoS)

google/flatbuffers

  • #8982 — Add bounds check for root offset in AddFlatBuffer (Input validation / parsing)

google/oss-fuzz

  • #15020 — Add yyjson to OSS-Fuzz (Fuzzing / OSS-Fuzz)
  • #15468 — postcss: initial integration (Correctness / other)

google/osv-scalibr

  • #2032 — PRP: Add extractor for GitHub Actions workflow dependencies (Correctness / other)

ibireme/yyjson

  • #268 — Reject len == SIZE_MAX in unsafe_yyjson_mut_str_alc (Integer / arithmetic)
  • #270 — cap count in yyjson_mut_obj_with_str/_with_kv (Correctness / other)
  • #271 — fix idx+len overflow in yyjson_mut_arr_remove_range (Integer / arithmetic)

ImageMagick/ImageMagick

  • #8750 — reject farbfeld files with zero columns or rows (Input validation / parsing)
  • #8754 — reject cineon files with zero columns or rows (Input validation / parsing)
  • #8756 — reject tga files with zero columns or rows (Input validation / parsing)
  • #8758 — reject mtv files with zero columns or rows (Input validation / parsing)
  • #8760 — reject fits files with an invalid bits per pixel (Input validation / parsing)
  • #8761 — reject sgi files with zero columns or rows (Input validation / parsing)
  • #8762 — reject dds files with zero columns or rows (Input validation / parsing)

jquery/jquery

  • #5830 — Selector: Optimize jQuery.uniqueSort duplicate removal (Correctness / other)

kjd/idna

  • #230 — Add early length validation in check_label (Input validation / parsing)

lballabio/QuantLib

  • #2597 — Fix out-of-bounds write in FastFourierTransform constructor for order=0 (Memory safety)
  • #2603 — Fix out-of-bounds read in Akima cubic interpolation with 3 points (Memory safety)
  • #2604 — Fix out-of-bounds read in discrete integrals on degenerate grids (Memory safety)

libjxl/libjxl

  • #4554 — Fix unsigned underflow in box content decoder pointer adjustment (Integer / arithmetic)
  • #4629 — tools: add overflow and allocation checks in PAM decoder (Integer / arithmetic)
  • #4631 — fix: heap buffer underflow in jpegli horizontal chroma upsampling (Memory safety)
  • #4643 — Fix OOB read in DequantDC with subsampled chroma and DC context map (Memory safety)
  • #4646 — Fix heap buffer overflow in UpsamplingStage temp buffer allocation (Memory safety)
  • #4676 — Add overflow guard in GetMinSize buffer size calculation (Integer / arithmetic)
  • #4707 — check allocation failure before memcpy in ICC compression path (Correctness / other)
  • #4773 — Fix GIF palette OOB read and PNM size overflow checks (Memory safety)
  • #4774 — validate dimensions and guard size arithmetic (Integer / arithmetic)
  • #4775 — Harden EXR window validation and allocation arithmetic (Input validation / parsing)
  • #4778 — Fix off-by-one heap OOB read in GIF palette index check (Memory safety)
  • #4788 — Fix heap OOB read in DetectIccProfile for short APP2 markers (Memory safety)
  • #4795 — Reject too-small ICC APP markers in SetJPEGDataFromICC (Input validation / parsing)
  • #4797 — validate marker bounds before access in Exif/XMP and ICC handling (Input validation / parsing)
  • #4799 — Fix heap OOB read/write in extras::AlphaBlend gray+alpha path (Memory safety)
  • #4800 — Reject oversized gain map payloads before narrowing to uint32_t (Integer / arithmetic)
  • #4808 — Fix silent LZ77 length overflow handling in ANSSymbolReader (Integer / arithmetic)

lsh123/xmlsec

  • #1164 — Free node list when xmlListInsert fails in Relationship transform (Correctness / other)
  • #1165 — Fix memory leak in xmlSecTransformRsaOaepParamsRead on duplicate child nodes (Leak)
  • #1168 — Free DerivedKeyName/MasterKeyName when master key lookup fails (Correctness / other)
  • #1169 — fix double-free in xmlSecKeyDataBinaryValueXmlRead (Memory safety)
  • #1170 — Read EC PublicKey base64 from child node, not parent (Correctness / other)
  • #1171 — free docIn/docOut on output close error in xmlSecXslProcess (Correctness / other)
  • #1172 — Fix double-free in xmlSecKeyUseWithDuplicate on copy failure (Memory safety)
  • #1173 — decrement RetrievalMethod/KeyInfoReference level on all return paths (Correctness / other)
  • #1174 — fix cert leak in xmlSecNssX509StoreRemoveRevokedCerts (Leak)
  • #1175 — use constant-time compare in xmlSecTransformHmacVerify (Correctness / other)
  • #1176 — adopt duplicated cert in xmlSecMSCngKeysStoreSetKeyValueFromCert (Correctness / other)
  • #1177 — cast to unsigned char before isspace in xmlSecGetNodeContentAsSize (Correctness / other)

MariaDB/server

  • #4889 — MDEV-39274: Document invariant ensuring passwd stays within packet bounds (Correctness / other)

nih-at/libzip

  • #520 — Validate PKWARE compressed size before header subtraction (Input validation / parsing)

nyx-space/anise

  • #687 — avoid panic when opening FK files in convert-fk (propagate IO error) (Crash / DoS)
  • #688 — Avoid panic on truncated input by using bounds-checked slice in CLI (Input validation / parsing)
  • #715 — Prevent panic on malformed embedded dataset lengths (Input validation / parsing)

onekey-sec/unblob

  • #1522 — reject qnx_deflate block offsets smaller than the header (Input validation / parsing)

open-mpi/hwloc

  • #777 — xml/diff: free partial diff list when import fails (Correctness / other)
  • #778 — xml/nolibxml: reject zero or negative input buffer length (Input validation / parsing)
  • #781 — xml: free imported object leaked on invalid child tag (Input validation / parsing)
  • #782 — xml: reject distances2 nbobjs whose square overflows unsigned (Input validation / parsing)
  • #783 — xml: reject imported object missing complete_cpuset/nodeset (Input validation / parsing)
  • #784 — synthetic: reject description whose total object count overflows (Input validation / parsing)

postcss/postcss

  • #2088 — Add OSS-Fuzz fuzzing harness under test/fuzzing/ (Fuzzing / OSS-Fuzz)

simdjson/simdjson

  • #2651 — correct inverted clamp in set_max_capacity (Correctness / other)
  • #2659 — parser.load(string_view) does not respect view length when opening files (Input validation / parsing)
  • #2680 — Fix undefined behavior in document_stream parsing (Correctness / other)
  • #2699 — Align source() output for comma-delimited streams with json_sequence behavior (Correctness / other)
  • #2713 — JSON Pointer array index overflow handling (Integer / arithmetic)

simdutf/simdutf

  • #976 — icelake: use unsigned shift base in utf16_to_latin1 tail mask (Correctness / other)
  • #977 — icelake: use unsigned shift base in latin1_to_utf16 tail mask (Correctness / other)
  • #978 — fix doubled length in binary_length_from_base64 for char16 input (Input validation / parsing)

snapview/tungstenite-rs

  • #545 — check frame length against max_size before narrowing to usize (Integer / arithmetic)

Taywee/args

  • #135 — Reject negative input and partial parsing for unsigned argument types (Input validation / parsing)
  • #136 — Fix numeric parsing in CompletionFlag to reject invalid values (Input validation / parsing)
  • #138 — Harden numeric argument parsing with validation and overflow checks (Integer / arithmetic)
  • #142 — Fix unsigned integer underflow in help formatting (Integer / arithmetic)
  • #150 — Validate argv/argc in ParseCLI to prevent UB (Input validation / parsing)
  • #151 — Fix undefined behavior in map-backed parsers on reader failure (Correctness / other)
  • #152 — enforce completion index validation in ARGS_NOEXCEPT mode (Input validation / parsing)
  • #153 — Avoid unsafe vector construction in argument completion (Correctness / other)
  • #155 — Harden noexcept parsing against post-failure state mutation (Correctness / other)
  • #156 — Improve parsing safety and prevent arithmetic overflow (Integer / arithmetic)
  • #157 — Fix bash completion offset when LongSeparator is multi-character (Correctness / other)
  • #158 — Fix noexcept duplicate Single-flag state mutation (Correctness / other)
  • #159 — Preserve ParseValue errors in ARGS_NOEXCEPT mode (Correctness / other)
  • #160 — integer overflow hardening in input-derived arithmetic (Integer / arithmetic)
  • #161 — Use checked arithmetic for Join() reserve size calculation (Correctness / other)
  • #162 — Reject whitespace-only input in numeric value parsing (Input validation / parsing)
  • #163 — Fix integer overflow and underflow bugs in arithmetic helper functions (Integer / arithmetic)
  • #164 — Restore existing integer parsing semantics in the C++17 from_chars path (Correctness / other)
  • #165 — Refactor completion cword parsing to use checked integer parsing (Correctness / other)
  • #166 — Fix ARGS_NOEXCEPT iterator OOB and dangling iterator bugs (Memory safety)
  • #167 — Replace unsafe numeric parsing with std::from_chars + hardening (Correctness / other)
  • #168 — Stop positional parsing after parse errors in ARGS_NOEXCEPT mode (Correctness / other)
  • #169 — Avoid relying on peek()-after-failbit semantics in ParseNumericValue (Correctness / other)
  • #170 — Make numeric parsing locale-independent (Correctness / other)
  • #171 — Systematic memory safety hardening (Correctness / other)
  • #172 — Fix iterator UB in ARGS_NOEXCEPT completion parsing (Correctness / other)
  • #174 — Align ARGS_NOEXCEPT completion behavior with throwing mode (Correctness / other)
  • #175 — incorrect Nargs validation error message (Input validation / parsing)

typst/typst

  • #8352 — Fix overflow on i64::MIN in calc.abs, gcd, and lcm (Integer / arithmetic)

web2py/web2py

  • #2555 — Fix path traversal in PDF image resolution for generic views (Correctness / other)
  • #2557 — Fix host-header based trust bypass in appadmin local access control (Correctness / other)
  • #2558 — Fix fail-open behavior by rejecting oversized Authorization tokens (Correctness / other)
  • #2560 — Enforce path boundary validation in admin file operations (Input validation / parsing)
  • #2562 — Harden ticket deserialization by replacing unsafe pickle usage (Correctness / other)
  • #2567 — Apply safe deserialization to globals and utils (follow-up to #2562) (Correctness / other)
  • #2568 — Avoid shell-based subprocess invocation in GAE deploy (Correctness / other)
  • #2569 — Fix unsafe eval in appadmin (Correctness / other)
  • #2570 — Fix compatibility issues in safe_unpickle session handling (Correctness / other)
  • #2571 — Replace eval() with safe parsing in language loading and FPDF template handling (Correctness / other)
  • #2572 — Restrict eval builtins in smartdictform to reduce code execution risk (Correctness / other)
  • #2576 — Add optional CSP nonce support for scripts and styles (Correctness / other)
  • #2578 — Fix directory traversal in admin unzip (Correctness / other)
  • #2579 — Remove unsafe eval() usage in controller test runner (Correctness / other)
  • #2580 — Fix XSS bypass in Markmin URL sanitizer via HTML5 whitespace handling (Fuzzing / OSS-Fuzz)
  • #2581 — Add safe JSON encoder for script contexts to prevent XSS (Correctness / other)
  • #2583 — Fix unsafe JavaScript interpolation in FORM redirect helper (Correctness / other)
  • #2584 — Harden CSP policy parsing and directive token validation (Input validation / parsing)
  • #2586 — Secure appadmin expression evaluation with AST validation (Input validation / parsing)
  • #2587 — Harden Content-Disposition filename handling in attachment responses (Correctness / other)
  • #2588 — Use secrets module for secure password generation (Correctness / other)
  • #2589 — Remove unsafe eval from scheduler callable resolution (Correctness / other)
  • #2590 — Escape meta names in Response.include_meta (Correctness / other)
  • #2591 — Validate CAS service URLs before ticket issuance and validation (Input validation / parsing)
  • #2592 — Reject invalid HTTP ranges before generating 206 responses (Input validation / parsing)
  • #2594 — Harden tar extraction path validation during unpacking (Input validation / parsing)
  • #2595 — sibling-prefix boundary validation in static file routing (Input validation / parsing)
  • #2596 — selected-directory boundaries in admin file manager writes (Correctness / other)
  • #2597 — Avoid mutating JSON-RPC 2 procedure registry during dispatch (Correctness / other)
  • #2598 — Prevent sibling-prefix traversal in static file routing (Correctness / other)
  • #2599 — Fix XSS attribute breakout in sanitizer (Fuzzing / OSS-Fuzz)
  • #2600 — Use safe_load() for YAML deserialization in loads_yaml (Correctness / other)
  • #2601 — Fix Form CSRF bypass caused by None formkey comparison (Correctness / other)
  • #2602 — Escape include file URLs before HTML attribute rendering (Correctness / other)
  • #2603 — Prevent Host header poisoning in Auth-generated email links (Correctness / other)
  • #2607 — Harden SQLFORM.grid export Content-Disposition filenames (Correctness / other)

zeek/zeek

  • #5478 — netbios: fix out-of-bounds read in NetbiosSSN_Interpreter::ConvertName (Memory safety)
  • #5480 — netbios: fix out-of-bounds read in NetbiosSSN_Interpreter::ParseBroadcast (Memory safety)
  • #5482 — login: fix out-of-bounds read in TelnetEnvironmentOption::ExtractEnv (Memory safety)
  • #5483 — bittorrent: fix out-of-bounds read in ResponseBenc peers parser (Memory safety)

zyantific/zydis

  • #606 — FormatterBuffer: reject GetToken on non-token-list buffers (Input validation / parsing)
  • #607 — String: avoid double-append in ZydisStringAppendDecU on 32-bit hosts (Correctness / other)
  • #608 — Decoder: copy offset/size from the matching raw immediate (Correctness / other)
  • #610 — FormatterATT: propagate status from mnemonic size suffix append (Correctness / other)
  • #612 — Formatter: handle FAR/ABSOLUTE in print_branch_size switch (Correctness / other)
  • #613 — Decoder: handle R21/R21D in SIB no-base special case (Correctness / other)

About Digiscrypt Technologies

Digiscrypt Technologies is a software engineering team specializing in the low-level, high-risk code where small bugs become real vulnerabilities. We are seeking support to continue and scale this work — systematic fuzzing, sustained hardening of security-sensitive code paths, and faster remediation of the vulnerabilities we uncover.

🌐 digiscrypt.com  ·  ✉️ info@digiscrypt.com

Generated from public GitHub data on 2026-05-27. Every contribution above is independently verifiable via its linked pull request.

About

Open-source security & memory-safety contributions by Digiscrypt Technologies — 260 merged fixes across 45 projects, every PR independently verifiable.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors