56 مستودعات
Platforms for reporting and investigating security vulnerabilities.
Distinguishing note: Focuses on vulnerability disclosure workflows rather than general bug tracking.
Explore 56 awesome GitHub repositories matching security & cryptography · Security Vulnerability Reporting. Refine with filters or upvote what's useful.
Context7 is an AI-powered documentation retrieval engine designed to provide developers and AI agents with real-time, context-aware access to technical documentation and code snippets. By integrating external library documentation as callable tools, the platform equips AI coding assistants with project-specific knowledge, helping to improve generation accuracy and reduce hallucinations during inference. The platform distinguishes itself through a robust security and governance framework that manages documentation as a centralized knowledge base. It employs a multi-source ingestion pipeline to
Reports vulnerabilities through a designated platform by providing detailed reproduction steps.
Charts is a mobile data visualization library designed for rendering interactive graphical representations of complex datasets. It provides a declarative configuration interface that maps data structures to visual components, supporting a variety of chart types including line, bar, pie, scatter, and radar plots. The library distinguishes itself through a hardware-accelerated drawing layer that ensures high-performance rendering across mobile platforms. It features a gesture-driven transformation engine that enables users to pan, zoom, and scale views, alongside an interpolated animation syste
Maintains active security support to ensure ongoing stability and vulnerability patching.
Forem is an open-source platform designed for building and managing technical communities. It functions as a social publishing engine that enables members to share long-form content, participate in threaded discussions, and engage through social interactions. The platform provides tools for organizations to maintain branded profiles, host community hackathons, and facilitate collaborative learning through structured educational tracks. Beyond its social features, Forem integrates advanced capabilities for AI agent workflow orchestration and codebase knowledge graphing. It allows developers to
Provides a dedicated channel for security researchers to disclose platform vulnerabilities.
Pentagi is an autonomous security testing framework and agent orchestrator designed to plan and execute end-to-end security assessments. It utilizes a coordination engine to decompose complex goals into actionable subtasks, performing automated penetration testing and vulnerability research within isolated container environments. The system distinguishes itself through a temporal knowledge graph that tracks semantic relationships between entities and vulnerabilities to reuse intelligence across projects. It includes a web intelligence reconnaissance tool for automated data gathering and agent
Generates detailed vulnerability reports and exploitation guides based on autonomous assessment findings.
Reddit is a social news aggregator designed for hosting community-driven discussions and content sharing through threaded conversations and user-submitted links. It functions as a platform for managing large volumes of user-generated content, providing a structured interface for programmatic access to site data and core application functionality. The platform utilizes a REST API to expose site data and user interactions to external clients. To maintain performance across large datasets, it employs an external full-text search engine that offloads indexing and query processing from the primary
Provides a private communication channel for researchers to submit discovered security vulnerabilities.
ConvertX is a web-based file conversion management platform designed to transform documents, images, and video files between various formats. It utilizes system-level binary orchestration to execute conversion tasks, leveraging background worker threads to handle concurrent, high-volume bulk processing without blocking the user interface. The platform distinguishes itself through a comprehensive security and access control framework, which includes multi-user account management, session-based token authentication, and role-based permissions. Users can secure their output files with passwords
Provides a dedicated channel for users to report security concerns to project maintainers.
Katana is a web crawler and spider designed for security reconnaissance and web application mapping. It functions as a utility for identifying endpoints, forms, and API structures across web targets by combining standard HTTP request traversal with headless browser automation to render dynamic, JavaScript-heavy content. The tool distinguishes itself through its ability to maintain authenticated sessions and handle complex web interactions, such as automated form submission and captcha resolution. It provides granular control over the discovery process, allowing users to define specific crawl
Submits sensitive security findings through a private communication channel to ensure responsible disclosure.
Grav is a flat-file content management system that eliminates the need for a traditional database by storing site content and configuration in human-readable Markdown and YAML files. Built as a modular PHP web framework, it uses a hierarchical page routing system where the physical directory structure directly determines the site's URL paths. The platform is distinguished by its event-driven plugin architecture and a command-line interface that prioritizes system administration, deployment, and maintenance tasks. It utilizes a blueprint-driven system to generate administrative forms from stru
Monitors security advisories and vulnerability reports to ensure timely patching of the system.
PeerTube is a decentralized, open-source video hosting platform that enables users to operate independent, interoperable servers. By utilizing the ActivityPub protocol, it connects these servers into a global, federated network where users can follow channels, discover content, and interact across different instances. The platform is designed to function as a self-hosted video content management system, providing a community-driven alternative to centralized media services. What distinguishes PeerTube is its hybrid approach to content delivery and infrastructure management. It integrates peer
Provides tools to review, accept, or reject user-submitted reports regarding inappropriate videos.
Scalar is a platform for building and managing API specifications, focusing on OpenAPI and AsyncAPI standards. It provides tools to generate interactive API references with embedded testing interfaces, create mock servers for pre-implementation testing, and build offline-first API clients that sync with backend frameworks. The platform also supports version upgrades of specifications to maintain compatibility and includes command-line utilities for local development and document management. The project distinguishes itself through automated release workflows that generate changelogs and publi
Manages security vulnerability reporting via email with triage, updates, and disclosure credits.
Gitingest is a Git repository analysis and conversion service that transforms code repositories into structured plain-text summaries optimized for large language model consumption. It provides HTTP API endpoints and Python functions to integrate repository processing into AI pipelines and applications, with S3-compatible storage for persisting and retrieving generated digests. The service is packaged as a Docker container with all dependencies bundled for consistent deployment across environments. The project distinguishes itself through asynchronous processing of multiple repositories concur
Enables users to privately report security vulnerabilities so maintainers can fix them without public disclosure.
Subfinder is a security reconnaissance framework designed for subdomain enumeration and attack surface management. It functions as a discovery engine that identifies and maps internet-exposed infrastructure, cloud-hosted assets, and network ranges to maintain a comprehensive inventory of an organization's digital footprint. The project distinguishes itself through a modular, template-driven scanning engine that executes security checks against discovered assets. It leverages cloud-native asset discovery to query provider APIs and infrastructure metadata, while supporting distributed agent orc
Exports detailed vulnerability data for external analysis and reporting.
Grype is a command-line security scanner designed to identify known vulnerabilities within container images, filesystems, and software manifests. It functions as a software composition analysis tool that detects security flaws in application components and open-source libraries to support supply chain security. The tool distinguishes itself by reconstructing the final state of container images through layered filesystem inspection and normalizing diverse package formats into a unified dependency graph. It maintains a local cache of security advisories synchronized from multiple upstream sourc
Generates detailed reports on identified security flaws to help teams track, prioritize, and remediate risks across software infrastructure.
OSS-Fuzz is a distributed, containerized platform for continuous fuzzing and memory safety analysis. It functions as a bug hunting infrastructure that identifies security vulnerabilities and stability bugs through automated, coverage-guided fuzz testing across a scalable cluster of containers. The system provides a continuous security testing pipeline that manages the entire lifecycle of vulnerability discovery, from bootstrapping project templates and compiling targets to executing long-running batch tests. It specifically focuses on memory safety, utilizing sanitizers to detect buffer overf
Provides tools for reproducing and investigating security vulnerabilities through crash analysis and code coverage.
This project is a Vim plugin that functions as an AI-powered coding assistant. It integrates large language models directly into the text editor to provide real-time code suggestions and function completions based on the current file context and cursor position. The plugin distinguishes itself by utilizing an asynchronous event loop to maintain editor responsiveness while communicating with remote models. It employs a virtual buffer overlay to display generated code suggestions, allowing users to preview and accept proposed changes without modifying the underlying file until explicitly confir
Facilitates the submission of identified security flaws through dedicated reporting channels.
Anki-Android is an open-source education application designed for long-term memory retention through the use of spaced repetition. The platform enables users to create, manage, and study multimedia flashcards that support text, images, audio, and mathematical notation. It provides a structured environment for learning by scheduling review intervals based on an optimized algorithm that prioritizes content according to individual performance. The application distinguishes itself through its cross-platform synchronization capabilities, allowing users to maintain consistent study collections and
Maintains a secure channel for responsible disclosure and reporting of potential security vulnerabilities.
Nikto is an open-source HTTP security auditing tool and web server vulnerability scanner. It functions as a reconnaissance engine designed to identify insecure server options, outdated software, and common vulnerabilities by analyzing HTTP responses. The project differentiates itself through capabilities for intrusion detection evasion and web server fingerprinting. It uses request-level encoding and timing spacers to bypass security filters and employs signature-based identification to determine specific server software versions and misconfigurations. The scanner covers broad capability are
Generates and exports security findings into multiple formats for integration into vulnerability management databases.
Intel One Mono is a monospaced font development project focused on creating high-legibility typefaces designed to reduce eyestrain and minimize errors for developers and low-vision users. It provides a system for developing and compiling custom monospaced fonts from source files for use across different operating systems and web platforms. The project implements advanced typographic capabilities, including programming ligatures to improve the readability of operators and specialized numeral formats for superscripts and subscripts. It ensures consistent text display across more than 200 langua
Provides a structured process for notifying maintainers of security vulnerabilities and receiving mitigation guidance.
This project is a software engineering style guide and a curated collection of architectural patterns and coding standards. It provides a multi-language coding standard to ensure maintainable software across Ruby, Python, JavaScript, and Swift. The project establishes a development workflow specification for version control, continuous integration, and peer review to maintain a linear project history. It also includes a web accessibility framework based on ARIA and WCAG standards, using design tokens and semantic HTML patterns to build inclusive interfaces. The guides cover a broad range of
Provides a structured process for receiving, confirming, and logging security vulnerability reports.
This project is a curated directory and catalog of privacy-respecting software and security-focused services. It serves as a structured resource for finding alternatives to corporate services, focusing on tools that prioritize data sovereignty, end-to-end encryption, and user anonymity. The directory is maintained as a markdown-based resource list and rendered via a static site generator. It further extends its utility through a CORS-enabled public API and a JSON-based data schema, allowing the curated catalog of tools and providers to be retrieved programmatically. The collection covers a w
Enriches software listings by linking to external security vulnerability records and privacy scores.