This repository contains reports and proof-of-concepts (PoCs) for a selection of vulnerabilities I have discovered and that have been assigned a CVE identifier. The main goal is to improve reproducibility and enable the ethical study of the vulnerabilities I discovered.
Disclaimer
-
This repository is not guaranteed to contain all information about the vulnerabilities listed, nor does it cover all vulnerabilities found by me and tracked. The selection and level of detail are based on my personal judgment.
-
I currently do not include vulnerabilities that are not publicly tracked by a CVE ID.
-
Depending on the case, I may provide full, partial, or no PoC material. Decisions are based on:
- Whether the vulnerability has been fixed.
- The impact/severity of the issue.
- The age of the vulnerability (i.e., whether unpatched exposure is still a significant risk).
In general, when I see no ethical issue and strong reproducibility value, I aim to provide:
- Complete PoCs.
- Supplementary resources (e.g., Docker setups with fixed versions).
- Any material useful for reproducibility and study.
All public disclosures are coordinated with maintainers whenever possible and are clearly detailed in each report.
The repository is organized as follows:
- Reports → Each vulnerability report is published as a GitHub Issue.
- PoCs → Each PoC, when shared, lives in a dedicated folder whose name is the CVE ID.
The corresponding PoC is always linked in the related GitHub Issue.
- Use this repository responsibly.
- Information here is intended for educational and research purposes, or any other ethical use.
- Running PoCs against systems you do not own or have explicit permission to test is always illegal and unethical.
If you need more information about a PoC, access to data I chose not to publish here, or clarification on a report, you can reach me at: gabriele.digregorio[at]polimi.it.
When contacting me, please:
- Specify the reason for your request.
- Especially if you ask about non-public information, provide enough context so I can properly and ethically evaluate your request.
You are free to reuse my work for ethical purpose. Credits are always appreciated.