awesome-repositories.com
Blog
awesome-repositories.com

Découvrez les meilleurs dépôts open-source grâce à notre recherche par IA.

ExplorerRecherches sélectionnéesAlternatives open sourceLogiciels auto-hébergésBlogPlan du site
ProjetÀ proposNotre méthodologiePresseServeur MCP
Mentions légalesConfidentialitéConditions d'utilisation
© 2026 Bringes Technology SRL·VAT RO45896025·hello@awesome-repositories.com
·

7 dépôts

Awesome GitHub RepositoriesDeserialization Security

Guidelines and patterns for safely handling serialized data to prevent arbitrary code execution.

Distinguishing note: Focuses specifically on deserialization vulnerabilities rather than general input sanitization.

Explore 7 awesome GitHub repositories matching security & cryptography · Deserialization Security. Refine with filters or upvote what's useful.

Awesome Deserialization Security GitHub Repositories

Trouvez les meilleurs dépôts grâce à l'IA.Nous recherchons les dépôts les plus pertinents grâce à l'IA.
  • owasp/cheatsheetseriesAvatar de OWASP

    OWASP/CheatSheetSeries

    32,298Voir sur GitHub↗

    The OWASP Cheat Sheet Series is a comprehensive, community-driven repository of concise security best practices and defensive coding patterns. It serves as a centralized knowledge base for developers and security professionals, providing actionable guidance to secure applications across the entire software development lifecycle. The project covers a vast array of security domains, ranging from fundamental web application hardening and authentication protocols to specialized controls for modern infrastructure and artificial intelligence systems. What distinguishes this project is its decentral

    Validates serialized data before processing to prevent arbitrary code execution.

    Pythonapplication-securityappsecbest-practices
    Voir sur GitHub↗32,298
  • langchain-ai/deepagentsAvatar de langchain-ai

    langchain-ai/deepagents

    25,006Voir sur GitHub↗

    Deepagents is an LLM agent orchestration platform and stateful application server designed for deploying and managing AI agents built with computational graphs. It provides a containerized runtime environment that handles agent execution, state persistence, and the versioning of AI assistants. The platform distinguishes itself through deep integration with the Model Context Protocol, allowing agents to function as servers that expose tools and capabilities to external clients. It features a sophisticated observability suite for capturing execution traces, performing LLM-based evaluations agai

    Defines allow-lists for custom Python modules to securely deserialize checkpoint payloads.

    Pythonagentsdeepagentslangchain
    Voir sur GitHub↗25,006
  • crytic/slitherAvatar de crytic

    crytic/slither

    6,141Voir sur GitHub↗

    Exploits Ruby Marshal deserialization vulnerabilities by bypassing patches through repeated research.

    Pythonethereumsoliditystatic-analysis
    Voir sur GitHub↗6,141
  • zhuifengshaonianhanlu/pikachuAvatar de zhuifengshaonianhanlu

    zhuifengshaonianhanlu/pikachu

    4,421Voir sur GitHub↗

    Pikachu is a web security training platform and vulnerable web application sandbox. It provides a containerized lab environment designed for practicing penetration testing and identifying common security flaws. The project serves as an OWASP Top 10 practice lab, offering a simulation suite for critical risks. It includes specific scenarios for practicing the exploitation of SQL injection, cross-site scripting, remote code execution, and broken access control. The environment covers a broad range of security testing simulations, including directory traversal, server-side request forgery, unsa

    Includes a simulation for practicing unsafe deserialization and object injection.

    PHPweb
    Voir sur GitHub↗4,421
  • alipay/furyAvatar de alipay

    alipay/fury

    4,412Voir sur GitHub↗

    Fury est un framework de sérialisation binaire multi-langage conçu pour encoder des objets de domaine et des graphes complexes afin de faciliter l'échange de données entre langages. Il inclut un compilateur de langage de définition d'interface (IDL) qui traduit les définitions de schéma en types natifs idiomatiques et en code de sérialisation répétitif à travers plusieurs langages. Le projet se distingue par un lecteur binaire zero-copy qui permet d'accéder à des champs spécifiques sans désérialiser l'objet entier, ainsi qu'un sérialiseur de graphe d'objets qui préserve les références circulaires et l'intégrité référentielle. Il dispose également d'un convertisseur de données qui transforme les données binaires basées sur des lignes en formats Apache Arrow colonnaires pour les charges de travail analytiques. Le framework couvre de vastes domaines de capacités, incluant l'évolution de schéma pilotée par métadonnées pour la compatibilité ascendante et descendante, un processus de compilation AOT au moment du build pour éliminer la réflexion à l'exécution, et une désérialisation sécurisée via une validation de type basée sur liste blanche. Il fournit en outre une intégration pour des appels de procédure à distance haute performance via gRPC.

    Controls class instantiation during decoding through explicit registration and configurable security policies.

    Java
    Voir sur GitHub↗4,412
  • apache/foryAvatar de apache

    apache/fory

    4,234Voir sur GitHub↗

    Fory is a cross-language serialization framework and binary data serializer designed to convert complex object graphs into a compact binary format for high-performance data exchange. It includes an IDL-based schema compiler to transform interface definition language files into type-safe native data models and a schema evolution manager to maintain forward and backward compatibility. The project features a zero-copy data access layer that allows reading specific fields from binary rows without deserializing the entire object. It supports dual-mode serialization, enabling a toggle between a por

    Protects against unauthorized type instantiation and recursive object attacks through whitelists and depth limiting.

    Javacompressioncppcross-language
    Voir sur GitHub↗4,234
  • bearer/bearerAvatar de Bearer

    Bearer/bearer

    2,566Voir sur GitHub↗

    Bearer is a static analysis security testing tool and privacy compliance auditor. It identifies security vulnerabilities, hard-coded secrets, and privacy risks in source code through static analysis and data flow tracing. The tool distinguishes itself by tracking the movement of sensitive data through code to identify leaks and by mapping personal and health-related information flows to generate evidence for privacy impact assessments. It also provides differential scanning for pull requests and uses fingerprint-based suppression to exclude known false positives from reports. The platform co

    Finds untrusted user input in deserialization methods that could lead to remote code execution.

    Goappseccode-qualitycompliance
    Voir sur GitHub↗2,566
  1. Home
  2. Security & Cryptography
  3. Deserialization Security

Explorer les sous-tags

  • Vulnerability SimulationsIntentional security flaws integrated into software for training and testing purposes. **Distinct from Deserialization Security:** Focuses on the simulation of the flaw for education rather than guidelines for prevention.