Vulnerabilities
Keeping Internet users safe is more than just making sure Google's products are secure. Google engineers also contribute to improving the security of non-Google software that our products and users rely on.
Provided below is a list of software vulnerabilities discovered or fixed by Googlers, along with presentations we've given at industry security conferences. You can also find publications about security, cryptography, and privacy work in Google's main research portal.
| Googler | Product | Date | Reference | Description | More info |
|---|---|---|---|---|---|
| Oliver Chang, Abhishek Arya, Kostya Serebryany, and Josh Armour | Various open source | 5/8/2017 | Various | 200+ vulns | https://github.com/google/oss-fuzz |
| Sven Blumenstein, Xiaoran Wang | Veritas NetBackup Server and Client <=8.0, Veritas NetBackup Appliance <=3.0 | 5/7/2017 | CVE-2017-8856 CVE-2017-8857 CVE-2017-8858 | Unauthenticated privileged RCE | http://seclists.org/fulldisclosure/2017/May/27 |
| Andrey Konovalov | Linux Kernel | 3/29/2017 | CVE-2017-7308 | privilege escalation | Found with KASAN and Syzkaller |
| David Wearing | Axis Cameras | 3/18/2017 | Arbritary File Write, CSRF, XSS | http://seclists.org/fulldisclosure/2017/Mar/41 | |
| Sven Blumenstein, Xiaoran Wang, Andrew Griffiths | Veritas NetBackup Server and Client 6.x, 7.x, 8.x, Veritas NetBackup Appliance 2.x | 2/28/2017 | CVE-2017-6407 CVE-2017-6400 CVE-2017-6402 CVE-2017-6399 CVE-2017-6406 CVE-2017-6401 CVE-2017-6405 CVE-2017-6408 CVE-2017-6404 CVE-2017-6403 CVE-2017-6409 | Unauthenticated privileged RCE, auth. bypass, Priv. Esc | http://seclists.org/fulldisclosure/2017/Feb/101 |
| Jason Geffner and Jan Bee | ESET Endpoint Antivirus | 2/27/2017 | CVE-2016-9892 | Remote Code Execution as Root | http://seclists.org/fulldisclosure/2017/Feb/68 |
| Andrey Konovalov | Linux Kernel | 2/16/2017 | CVE-2017-6074 | privilege escalation | Found with KASAN and Syzkaller |
| Andrey Konovalov | Linux Kernel | 12/2/2016 | CVE-2016-9793 | privilege escalation | Found with KASAN and Syzkaller |
| Robert Swiecki | OpenSSL | 11/10/2016 | CVE-2016-7054 | Memory corruption | |
| Kuang-che Wu | w3m | 11/3/2016 | CVE-2016-9621 up to CVE-2016-9633 | Memory corruption | |
| Kuang-che Wu | w3m | 11/3/2016 | CVE-2016-9422 up to CVE-2016-9443 | Memory corruption | |
| Oliver Chang | NVIDIA Windows driver | 10/28/2016 | CVE-2016-8805, CVE-2016-8806, CVE-2016-8807, CVE-2016-8808, CVE-2016-8809, CVE-2016-8810, CVE-2016-8811, CVE-2016-8812, CVE-2016-7391, CVE-2016-7387, CVE-2016-7385, CVE-2016-7390, CVE-2016-7384, and CVE-2016-7386 | Memory corruption | |
| Sven Blumenstein | Oracle Agile PLM | 10/1/2016 | CVE-2015-7501 CVE-2016-5523 CVE-2015-3253 CVE-2016-5514 CVE-2016-5515 CVE-2016-0635 CVE-2016-5518 CVE-2016-5526 CVE-2016-5521 CVE-2016-5512 CVE-2016-5527 CVE-2016-5510 CVE-2016-5524 CVE-2016-5513 CVE-2016-5522 CVE-2016-5504 | Remote Code Execution, Authentication Bypass, XSS, Local File Inclusion, Arbritary File Write, Arbritary File Delete | http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html |
| Robert Swiecki | OpenSSL | 9/26/2016 | CVE-2016-6309 | Memory corruption / Remote Code Execution | |
| David Tomaschik | ObiHai ObiPhone | 8/18/2016 | Memory corruption, CSRF, Cmd Injection | ||
| Sven Blumenstein | Oracle Agile PLM | 7/1/2016 | CVE-2016-3468 CVE-2016-3556 CVE-2016-3554 CVE-2016-3526 CVE-2016-3561 CVE-2016-3538 CVE-2016-3539 CVE-2016-3530 CVE-2016-3537 CVE-2016-3557 CVE-2016-3519 CVE-2016-3555 CVE-2016-2107 CVE-2016-3529 CVE-2016-3509 CVE-2016-3553 CVE-2016-3560 CVE-2016-3517 CVE-2016-3507 CVE-2016-3531 CVE-2016-5473 | Remote Code Execution, Authentication Bypass, XSS, CSRF, Local File Inclusion, Arbritary File Write | http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html |
| Krzysztof Kotowicz and Gábor Molnár | Adobe PDF Reader | 6/18/2016 | Same Origin Policy bypass | ||
| Ian Beer | Apple | 5/16/2016 | CVE-2016-1846, CVE-2016-1823, CVE-2016-1821, CVE-2016-1819, CVE-2016-1813, CVE-2016-1807, CVE-2016-1803, CVE-2016-1794, CVE-2016-1793 | Priv Esc | |
| Sven Blumenstein | Aruba Instant | 5/4/2016 | CVE-2016-2031 | RCE, Auth bypass, Information Disclosure | |
| Sven Blumenstein | Aruba AirWave Management Platform | 5/4/2016 | CVE-2016-2032 | Information Disclosure, Multiple vulnerabilities in PAPI protocol | |
| Sven Blumenstein | ArubaOS | 5/4/2016 | ARUBA-PSA-2016-006 | Multiple vulnerabilities in PAPI protocol | no CVE provided by Aruba |
| David Benjamin, Mark Brand, Ian Beer | OpenSSL | 5/3/2016 | CVE-2016-2108 | Memory corruption | |
| Abhishek Arya, Oliver Chang, Martin Barbella | Android | 5/1/2016 | CVE-2016-2454 | Memory corruption | |
| Thomas Garnier, Kostya Kortchinsky | Hyper-V | 4/4/2016 | CVE-2016-0088, CVE-2016-0089, CVE-2016-0090 | RCE, Information discolsure | |
| Abhishek Arya, Oliver Chang, Martin Barbella | Android | 4/2/2016 | CVE-2016-0834, CVE-2016-0841, CVE-2016-0840, CVE-2016-0839, CVE-2016-0838 | Memory corruption | |
| Ian Beer | Apple | 3/21/2016 | CVE-2016-1741, CVE-2016-1757, CVE-2016-1755, CVE-2016-1749, CVE-2016-1744 | Priv Esc | |
| Martin Barbella, Abhishek Arya | Internet Explorer | 3/8/2016 | CVE-2016-0108, CVE-2016-0111 | Memory corruption | |
| Ian Beer | Google Chrome | 3/2/2016 | CVE-2016-1642 | Sandbox Escape | |
| Emilia Kasper | OpenSSL | 3/1/2016 | CVE-2016-0703, CVE-2016-0704, CVE-2016-0798 | DROWN oracles x2, memory leak | |
| Abhishek Arya, Oliver Chang, Martin Barbella | Android | 3/1/2016 | CVE-2016-0815 | Memory corruption | |
| Robert Swiecki | AMD FX/Opteron CPU firmware | 2/26/2016 | VM-to-Host Privilege Escalation | No CVE | |
| Ian Beer | Apple | 1/19/2016 | CVE-2016-1721, CVE-2016-1720, CVE-2016-1719 | Priv Esc/Sandbox Escape | |
| Abhishek Arya, Oliver Chang, Martin Barbella | Android | 1/1/2016 | CVE-2015-6636 | Memory corruption | |
| Ian Beer | Apple | 12/8/2015 | CVE-2015-7108, CVE-2015-7110, CVE-2015-7078, CVE-2015-7106, CVE-2015-7077, CVE-2015-7112, CVE-2015-7068, CVE-2015-7083, CVE-2015-7084, CVE-2015-7047 | Priv Esc/Sandbox Escape | |
| Jan Bee, Sven Blumenstein, Phil Taylor | Dell iDRAC6/7/8 | 12/2/2015 | CVE-2015-7272 CVE-2015-7273 CVE-2015-7274 | Memory Corruption, XXE, RCE | |
| Google Security Team | Dell iDRAC6/7/8 | 12/2/2015 | CVE-2015-7270 CVE-2015-7271 CVE-2015-7275 | Auth bypass, Format String attack, XSS | |
| Abhishek Arya, Oliver Chang, Martin Barbella | Android | 12/1/2015 | CVE-2015-6616, CVE-2015-6617, CVE-2015-6623, CVE-2015-6626, CVE-2015-6619, CVE-2015-6633, CVE-2015-6634 | Memory corruption | |
| Abhishek Arya, Oliver Chang, Martin Barbella | Android | 11/1/2015 | CVE-2015-6608 | Memory corruption | |
| Ian Beer | Apple | 10/21/2015 | CVE-2015-7019, CVE-2015-6995, CVE-2015-6996 | Priv Esc | |
| Ian Beer | Android | 10/5/2015 | CVE-2015-6604 | RCE | |
| Natalie Silvanovich | Adobe Flash | 9/21/2015 | CVE-2015-5574 | Use-after-free | |
| Chris Evans, Ben Hawkes and Mateusz Jurczyk | Adobe Flash | 9/21/2015 | CVE-2015-5575, CVE-2015-5576, CVE-2015-5577, CVE-2015-5578, CVE-2015-5579, CVE-2015-5580, CVE-2015-5584 | Memory corruption | |
| James Forshaw | Adobe Flash | 9/21/2015 | CVE-2015-5568 | Implementation error in mitigation | |
| Clement Lecigne | Internet Explorer | 8/18/2015 | CVE-2015-2502 | Memory corruption | |
| Ian Beer | Apple | 8/13/2015 | CVE-2015-5784, CVE-2015-5754, CVE-2015-3796, CVE-2015-3798, CVE-2015-3797 | Priv Esc/RCE | |
| Chris Evans, Ben Hawkes and Mateusz Jurczyk | Adobe Flash | 8/11/2015 | CVE-2015-5131, CVE-2015-5132, CVE-2015-5133, CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548 | Memory corruption | |
| Natalie Silvanovich | Adobe Flash | 8/11/2015 | CVE-2015-5550, CVE-2015-5551, CVE-2015-5554, CVE-2015-5555, CVE-2015-5556, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5557, CVE-2015-5558, CVE-2015-5562, CVE-2015-5560, CVE-2015-5564, CVE-2015-5565 | Type confusion, use-after-free | |
| Chris Evans | Adobe Flash | 8/11/2015 | CVE-2015-5549, CVE-2015-5125 | Memory corruption, implementation error in mitigation | |
| Chris Evans | Adobe Flash | 7/8/2015 | CVE-2015-3097, CVE-2015-5118 | Heap overflow, mitigation improvement | |
| Ian Beer | Apple | 6/30/2015 | CVE-2015-3704, CVE-2015-3696, CVE-2015-3695, CVE-2015-3697, CVE-2015-3698, CVE-2015-3699, CVE-2015-3700, CVE-2015-3701, CVE-2015-3712, CVE-2015-3708, CVE-2015-3709, CVE-2015-3721 | Priv Esc/Information Leak | |
| Robert Swiecki, Emilia Kasper, Michal Zalewski | OpenSSL | 6/11/2015 | CVE-2015-1791, CVE-2015-1789, CVE-2015-1790, CVE-2015-4000 | Race condition double free, sigsegv dos x2, Logjam | |
| Kostya Kortchinsky | Suricata | 5/6/2015 | CVE-2015-0971 | Heap overflow | Link |
| Kostya Kortchinsky | hostapd/wpa_supplicant | 5/4/2015 | Link | ||
| James Forshaw | Windows | 4/14/2015 | CVE-2015-1644, CVE-2015-1643 | Sandbox Escape/Priv Esc | MSFT advisory |
| Ian Beer | Apple | 4/8/2015 | CVE-2015-1131, CVE-2015-1132, CVE-2015-1135, CVE-2015-1133, CVE-2015-1134 | Sandbox Escape | Apple Advisory |
| Ivan Fratric | Dulwich | 3/22/2015 | CVE-2015-0838 | Buffer overflow | Advisory |
| Ben Laurie | Apache Xerces-c | 3/20/2015 | CVE-2015-0252. | Buffer overrun | |
| Sean Burford, Michal Zalewski, Emilia Käsper, | OpenSSL | 3/19/2015 | CVE-2015-0293, CVE-2015-0287, CVE-2015-0289 | sigsegv DoS x2, memory corruption | OpenSSL security advisory |
| Jan Bee | Aruba AirWave Management Platform | 3/18/2015 | CVE-2015-2202 | RCE | |
| James Forshaw | Windows | 3/10/2015 | CVE-2015-0078 | Sandbox Escape/Priv Esc | MSFT advisory |
| James Forshaw | Windows | 3/10/2015 | CVE-2015-0073 | Sandbox Escape/Priv Esc | MSFT advisory |
| James Forshaw | Windows | 3/10/2015 | CVE-2015-0084 | Sandbox Escape/Priv Esc | MSFT advisory |
| Ian Beer | Apple | 3/9/2015 | CVE-2015-1066, CVE-2015-1061 | Sandbox Escape/Priv Esc | Apple Advisory |
| James Forshaw | Windows | 2/23/2015 | CVE-2015-1170 | Sandbox Escape/Priv Esc | NVidia advisory |
| Felix Gröbert | QCMS | 2/11/2015 | Several Memory Corruption Issues | CVE-2015-0811 | |
| Fermin J. Serna | Microsoft Office | 2/10/2015 | CVE-2015-0063 | RCE | MSFT Advisory |
| James Forshaw | Windows | 2/10/2015 | CVE-2015-0010 | Sandbox Escape/Priv Esc | MSFT advisory |
| Clement Lecigne | Internet Explorer | 2/10/2015 | CVE-2015-0071 | Information leak | MSFT advisory |
| James Forshaw | Internet Explorer | 2/10/2015 | CVE-2015-0054, CVE-2015-0055 | Sandbox Escape/Priv Esc | MSFT advisory |
| James Forshaw | Windows | 2/10/2015 | CVE-2015-0062 | Sandbox Escape/Priv Esc | MSFT advisory |
| Ian Beer | Adobe Flash | 2/5/2015 | CVE-2015-0324, CVE-2015-0327 | RCE | Adobe Advisory |
| Ian Beer | Apple | 1/27/2015 | CVE-2014-8823, CVE-2014-8817, CVE-2014-4492, CVE-2014-8835, CVE-2014-4486, CVE-2014-8836, CVE-2014-8819, CVE-2014-8821, CVE-2014-8820, CVE-2014-4495 | Sandbox Escape/Priv Esc | Apple Advisory |
| Clement Lecigne | FreeBSD | 1/27/2015 | CVE-2014-8612 | Priv Esc | FreeBSD advisory |
| Felix Gröbert | GRUB | 1/19/2015 | Several Memory Corruption Issues | ||
| Fermin J. Serna and Chris Evans | Adobe Flash | 1/13/2015 | CVE-2015-0308 | RCE | Adobe Advisory |
| James Forshaw | Windows | 1/13/2015 | CVE-2015-0002 | Sandbox Escape/Priv Esc | MSFT advisory |
| James Forshaw | Windows | 1/13/2015 | CVE-2015-0004 | Sandbox Escape/Priv Esc | MSFT advisory |
| James Forshaw | Windows | 1/13/2015 | CVE-2015-0011 | Sandbox Escape/Priv Esc | MSFT advisory |
| Felix Gröbert | LibreSSL | 1/11/2015 | Several Memory Corruption Issues | ||
| Stephen Röttger, Neel Mehta | ntpd | 12/19/2014 | CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296, CVE-2014-9297, CVE-2014-9298 | RCE | Link |
| Konrad Kraszewski (intern), Emilia Kasper | OpenSSL | 12/12/2014 | CVE-2014-8275 | Fingerprint modification (low) | OpenSSL security advisory |
| James Forshaw | Adobe Reader | 12/9/2014 | CVE-2014-9150 | Sandbox Escape/Priv Esc | Adobe Advisory |
| Fermin J. Serna, Mateusz Jurczyk and Ben Hawkes | Adobe Flash | 12/9/2014 | CVE-2014-0587 | RCE | Adobe Advisory |
| Robert Swiecki | IDA | 11/19/2014 | Code execution | Link | |
| James Forshaw | Internet Explorer | 11/11/2014 | CVE-2014-6349, CVE-2014-6350 | Sandbox Escape/Priv Esc | MSFT advisory |
| James Forshaw | Windows | 11/11/2014 | CVE-2014-6322 | Sandbox Escape/Priv Esc | MSFT advisory |
| Ian Beer | Adobe Flash | 11/11/2014 | CVE-2014-0590, CVE-2014-0589, CVE-2014-0586, CVE-2014-0585, CVE-2014-0584 | RCE | Adobe Advisory |
| Robert Swiecki | Linux | 11/6/2014 | CVE-2014-7825, CVE-2014-7826 | Privilege Escalation | Link |
| Drew Hintz, Shane Huntley, and Matty Pellegrino | Microsoft OLE | 10/21/2014 | CVE-2014-6352 | Code execution | MSFT advisory |
| Ian Beer | Adobe Flash | 10/14/2014 | CVE-2014-0558 | RCE | Adobe Advisory |
| Bodo Möller, Thai Duong, Krzysztof Kotowicz | SSL 3.0 | 10/14/2014 | CVE-2014-3566 | Information Disclosure | Link |
| Nicolas Ruff | libVNCserver | 9/23/2014 | CVE-2014-6051, CVE-2014-6052, CVE-2014-6053, CVE-2014-6054, CVE-2014-6055 | Denial of Service, Integer Overflow, Buffer Overflow | Link |
| Fermin J. Serna | Apple | 9/17/2014 | CVE-2014-4371, CVE-2014-4419, CVE-2014-4420, CVE-2014-4421 | XNU Kernel infor leak | Apple Advisory |
| Ian Beer | Apple iOS | 9/17/2014 | CVE-2014-4379 | Kernel memory disclosure | Apple advisory |
| Ian Beer | Apple iOS | 9/17/2014 | CVE-2014-4381, CVE-2014-4389, CVE-2014-4404, CVE-2014-4405, CVE-2014-4418 | Privilege Escalation | Apple advisory |
| Ian Beer | Apple OS X | 9/17/2014 | CVE-2014-4376, CVE-2014-4390, CVE-2014-4394, CVE-2014-4395, CVE-2014-4396, CVE-2014-4398, CVE-2014-4397, CVE-2014-4399, CVE-2014-4400, CVE-2014-4401, CVE-2014-4402, CVE-2014-4416 | Privilege Escalation | Apple advisory |
| Ian Beer | Apple OS X | 9/17/2014 | CVE-2014-4403 | kASLR defeat | Apple advisory |
| James Forshaw | Adobe Reader | 9/16/2014 | CVE-2014-0568 | Privilege Escalation | |
| Abhishek Arya | Mozilla Firefox | 9/2/2014 | CVE-2014-1563 | Memory Corruption | |
| James Forshaw | Linux | 8/23/2014 | CVE-2014-3185 | Memory Corruption | Link |
| Ben Hawkes | Linux | 8/21/2014 | CVE-2014-3182 | Arbitrary Free | Link |
| Ben Hawkes | Linux | 8/21/2014 | CVE-2014-3183 | Memory Corruption | Link |
| Ben Hawkes | Linux | 8/21/2014 | CVE-2014-3184 | Memory Corruption | Link |
| Felix Gröbert | PHP | 8/21/2014 | CVE-2014-3597 | Memory Corruption | Link |
| Felix Gröbert and Emilia Kasper | OpenSSL | 8/6/2014 | CVE-2014-3510 | Denial of Service | Link |
| Ivan Fratric and Emilia Kasper | OpenSSL | 8/6/2014 | CVE-2014-3508 | Information Leak | Link |
| Lee Campbell | pppd | 7/31/2014 | CVE-2014-3158 | Heap corruption | Link |
| Ian Beer | Apple MacOS and IOS | 6/30/2014 | CVE-2014-1372, CVE-2014-1373, CVE-2014-1376, CVE-2014-1377, CVE-2014-1359, CVE-2014-1356, CVE-2014-1357, CVE-2014-1358, CVE-2014-1379 | Memory Corruption | Apple advisory |
| Michele Spagnuolo | Adobe Flash | 6/29/2014 | CVE-2014-4671 | Format malleability and data leak | Adobe bulletin |
| Michele Spagnuolo and Nicolas Ruff | libicu | 6/14/2014 | CVE-2014-4500 | Stack buffer overflow | Product advisory |
| Abhishek Arya | Mozilla Firefox | 6/10/2014 | CVE-2014-1536, CVE-2014-1537, CVE-2014-1538 | Memory Corruption | Mozilla advisory |
| Abhishek Arya | Mozilla Firefox | 6/10/2014 | CVE-2014-1545 | Memory Corruption | Mozilla advisory |
| Mateusz Jurczyk, Ivan Fratric, and Ben Hawkes | Microsoft Graphics Component | 6/10/2014 | CVE-2014-1818 | Memory Corruption | Microsoft bulletin |
| Felix Gröbert and Ivan Fratric | OpenSSL | 6/5/2014 | CVE-2014-3470 | Denial of Service | Openssl advisory |
| Clement Lecigne | Microsoft Internet Explorer | 5/27/2014 | CVE-2014-1815 | Use After Free | Microsoft bulletin |
| Fermin J. Serna | Microsoft Internet Explorer | 5/13/2014 | CVE-2014-0310 | Memory Corruption | Microsoft bulletin |
| Felix Gröbert and Ivan Fratric | PHP | 5/9/2014 | Memory Corruption | ||
| Abhishek Arya | Apple Safari | 5/5/2014 | CVE-2014-0948, CVE-2014-0949, CVE-2014-0950, CVE-2014-0952, CVE-2014-0953, CVE-2014-0958, CVE-2014-0959 | Memory Corruption | Apple advisory |
| Abhishek Arya | Mozilla Firefox | 4/29/2014 | CVE-2014-1525 | Memory Corruption | Mozilla advisory |
| Abhishek Arya | Mozilla Firefox | 4/29/2014 | CVE-2014-1524 | Memory Corruption | Mozilla advisory |
| Ian Beer | Apple Mac OS X | 4/22/2014 | CVE-2014-1318, CVE-2014-1320, CVE-2014-1322 | Memory Corruption | Apple advisory |
| Ian Beer | IOS | 4/22/2014 | CVE-2014-1300, CVE-2014-1320 | Memory Corruption | Apple advisory |
| Ivan Fratric | CyaSSL | 4/9/2014 | CVE-2014-2896, CVE-2014-2897, CVE-2014-2898, CVE-2014-2899 | Multiple Vulnerabilities | Product advisory |
| Neel Mehta | OpenSSL | 4/7/2014 | CVE-2014-0160 | Information Disclosure | OpenSSL advisory |
| Ivan Fratric | LibYAML | 3/26/2014 | CVE-2014-2525 | Heap overflow | Ocert advisory |
| Drew Hintz, Shane Huntley, and Matty Pellegrino | Microsoft Word | 3/16/2014 | CVE-2014-1761 | Code Execution | Microsoft bulletin |
| Lars Bull | Linux | 3/11/2014 | CVE-2014-0049 | VM Escape | Link |
| Felix Groebert | Apple MacOS | 2/25/2014 | CVE-2014-1254 | Memory Corruption | Apple advisory |
| Meder Kydyraliev | Apple MacOS | 2/25/2014 | CVE-2014-1262, CVE-2014-1255, CVE-2014-1256 | Memory Corruption | Apple advisory |
| Clement Lecigne | Adobe Flash | 2/20/2014 | CVE-2014-0502 | Memory Corruption | Adobe bulletin |
| Felix Gröbert | Kakadu | 2/18/2014 | Memory Corruption | ||
| Mateusz Jurczyk, Ivan Fratric, and Ben Hawkes | Microsoft Office | 1/14/2014 | CVE-2014-0259, CVE-2014-0260 | Memory Corruption | Microsoft bulletin |
| Mateusz Jurczyk and Gynvael Coldwind | Acrobat Reader and Acrobat | 1/14/2014 | CVE-2014-0493, CVE-2014-0495 | Memory Corruption | Adobe bulletin |
| Abhishek Arya | Apple Safari | 12/16/2013 | CVE-2011-2338, CVE-2011-2356, CVE-2011-2809, CVE-2011-2814, CVE-2011-2817, CVE-2011-2831, CVE-2011-3233, CVE-2011-3235, CVE-2011-3236, CVE-2011-3237 | Memory Corruption | Apple advisory |
| Lars Bull | Linux | 12/14/2013 | CVE-2013-6376 | Denial of Service | Link |
| Ivan Fratric | Nginx | 11/19/2013 | CVE-2013-4547 | Security Bypass | Product advisory |
| Ivan Fratric | Microsoft Internet Explorer | 10/8/2013 | CVE-2013-3882 | Memory Corruption | Microsoft bulletin |
| Mateusz Jurczyk, Ivan Fratric, and Ben Hawkes | Microsoft Sharepoint Server and Microsoft Excel | 10/8/2013 | CVE-2013-3889 | Memory Corruption | Microsoft bulletin |
| Mateusz Jurczyk, Ivan Fratric, and Ben Hawkes | Microsoft Excel | 10/8/2013 | CVE-2013-3890 | Memory Corruption | Microsoft bulletin |
| Mateusz Jurczyk, Ivan Fratric, and Ben Hawkes | Microsoft Word | 10/8/2013 | CVE-2013-3892 | Memory Corruption | Microsoft bulletin |
| Felix Gröbert | ESET | 10/2/2013 | ESET-Update-8866 | Memory Corruption | ESET updates |
| Felix Gröbert | Apple CoreGraphics | 9/12/2013 | CVE-2013-1025 | Memory Corruption | Apple advisory |
| Felix Gröbert | Apple ImageIO | 9/12/2013 | CVE-2013-1026 | Memory Corruption | Apple advisory |
| Mateusz Jurczyk, Ivan Fratric, and Ben Hawkes | Microsoft SharePoint Server, Microsoft Word, Microsoft Office Services and Web Apps | 9/10/2013 | CVE-2013-3847, CVE-2013-3848, CVE-2013-3849, CVE-2013-3857, CVE-2013-3858 | Memory Corruption | Microsoft bulletin |
| Mateusz Jurczyk, Ivan Fratric, and Ben Hawkes | Microsoft Office | 9/10/2013 | CVE-2013-3847, CVE-2013-3848, CVE-2013-3849, CVE-2013-3850, CVE-2013-3851, CVE-2013-3852, CVE-2013-3853, CVE-2013-3854, CVE-2013-3855, CVE-2013-3856, CVE-2013-3857, CVE-2013-3858 | Memory Corruption | Microsoft bulletin |
| Mateusz Jurczyk and Gynvael Coldwind | Acrobat Reader and Acrobat | 9/10/2013 | CVE-2013-3351, CVE-2013-3352, CVE-2013-3353, CVE-2013-3354, CVE-2013-3355, CVE-2013-3356 | Memory Corruption | Adobe bulletin |
| Mateusz Jurczyk and Ben Hawkes | Adobe Flash Player | 9/10/2013 | CVE-2013-3361, CVE-2013-3362, CVE-2013-3363, CVE-2013-5324 | Memory Corruption | Adobe bulletin |
| Ivan Fratric and Ben Hawkes | Microsoft Internet Explorer | 9/10/2013 | CVE-2013-3204 | Memory Corruption | Microsoft bulletin |
| Mateusz Jurczyk and Gynvael Coldwind | Microsoft Windows | 9/10/2013 | CVE-2013-1341, CVE-2013-1342, CVE-2013-1343, CVE-2013-3864, CVE-2013-3865 | Memory Corruption | Microsoft bulletin |
| Mateusz Jurczyk | Microsoft Windows | 9/10/2013 | CVE-2013-1344 | Memory Corruption | Microsoft bulletin |
| Fermin J. Serna | Microsoft Internet Explorer | 8/13/2013 | CVE-2013-3186 | Sandbox Escape | Microsoft bulletin |
| Ivan Fratric and Ben Hawkes | Microsoft Internet Explorer | 8/13/2013 | CVE-2013-3190 and CVE-2013-3191 | Memory Corruption | Microsoft bulletin |
| Mateusz Jurczyk | Microsoft Windows | 8/13/2013 | CVE-2013-3196, CVE-2013-3197, CVE-2013-3198 | Memory Corruption | Microsoft bulletin |
| Ivan Fratric | Microsoft Internet Explorer | 7/27/2013 | MSFT IE11 bug bounty | Memory Corruption | Microsoft bulletin |
| Fermin J. Serna | Microsoft Internet Explorer | 7/26/2013 | MSFT IE11 bug bounty | Memory Corruption | Microsoft bulletin |
| Mateusz Jurczyk | Microsoft Windows | 7/9/2013 | CVE-2013-3172 | Memory Corruption | Microsoft bulletin |
| Mateusz Jurczyk, Gynvael Coldwind and Fermin Serna | Adobe Flash Player | 7/9/2013 | CVE-2013-3344, CVE-2013-3345 | Memory Corruption | Adobe bulletin |
| Ivan Fratric and Ben Hawkes | Microsoft Internet Explorer | 7/9/2013 | CVE-2013-3115, CVE-2013-3161, CVE-2013-3162 | Memory Corruption | Microsoft bulletin |
| Abhishek Arya | Mozilla Firefox | 6/25/2013 | CVE-2013-1684, CVE-2013-1685, CVE-2013-1686 | Memory Corruption | Mozilla advisory |
| Mateusz Jurczyk and Ben Hawkes | Adobe Flash | 6/11/2013 | CVE-2013-3343 | Memory Corruption | Adobe bulletin |
| Ivan Fratric and Ben Hawkes | Microsoft Internet Explorer | 6/11/2013 | CVE-2013-3113, CVE-2013-3114, CVE-2013-3116 and CVE-2013-3117 | Memory Corruption | Microsoft bulletin |
| Andrew Lyons and Neel Mehta | Microsoft Office | 6/11/2013 | CVE-2013-1331 | Buffer Overflow | Microsoft bulletin |
| Mateusz "j00ru" Jurczyk | Microsoft Windows | 6/11/2013 | CVE-2013-3136 | Information Disclosure | Microsoft bulletin |
| Fermin J. Serna, Abhishek Arya | Apple Safari | 6/4/2013 | CVE-2013-1000, CVE-2013-0993, CVE-2013-0995, CVE-2013-0996, CVE-2013-1003, CVE-2013-1007, CVE-2013-1011, CVE-2013-1023 | Memory Corruption | Apple advisory |
| Felix Gröbert, Ivan Fratric | PHP | 5/20/2013 | CVE-2013-2110 | Memory Corruption | PHP advisory |
| Abhishek Arya | Apple Safari | 5/16/2013 | CVE-2013-0948, CVE-2013-0949, many | Memory Corruption | Apple advisory |
| Mateusz Jurczyk and Ben Hawkes | Adobe Flash | 5/14/2013 | CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332 | Memory Corruption | Adobe bulletin |
| Mateusz Jurczyk, Gynvael Coldwind, and Fermin J. Serna | Adobe Flash | 5/14/2013 | CVE-2013-3333, CVE-2013-3334, CVE-2013-3335 | Memory Corruption | Adobe bulletin |
| Tavis Ormandy | Adobe Reader and Acrobat | 5/14/2013 | CVE-2013-2718, CVE-2013-3337 | Memory Corruption | Adobe bulletin |
| Mateusz Jurczyk and Gynvael Coldwind | Adobe Reader and Acrobat | 5/14/2013 | CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2724, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2733, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, CVE-2013-3341 | Memory Corruption | Adobe bulletin |
| Ivan Fratric | Microsoft Internet Explorer | 5/14/2013 | CVE-2013-1307 | Use After Free | Microsoft bulletin |
| Mateusz "j00ru" Jurczyk and Gynvael Coldwind | Microsoft Windows | 5/14/2013 | CVE-2013-1332 | Double Fetch Vulnerability | Microsoft bulletin |
| Abhishek Arya | Mozilla Firefox | 5/14/2013 | CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681 | Memory Corruption | Mozilla advisory |
| Mateusz Jurczyk, Gynvael Coldwind, and Fermin J. Serna | Adobe Flash | 4/9/2013 | CVE-2013-1378, CVE-2013-1379, CVE-2013-1380 | Memory Corruption | Adobe bulletin |
| Ivan Fratric and Ben Hawkes | Microsoft Internet Explorer | 4/9/2013 | CVE-2013-1303 and CVE-2013-1304 | Use After Free | Microsoft bulletin |
| Andrew Lyons & Drew Hintz | Microsoft Office | 4/9/2013 | CVE-2013-1289 | XSS leading to privilege escalation | Microsoft bulletin |
| Mateusz "j00ru" Jurczyk and Gynvael Coldwind | Microsoft Windows | 4/9/2013 | CVE-2013-1283, CVE-2013-1292 and CVE-2013-1293 | Race Condition Vulnerabilities and NULL Pointer Dereference Vulnerability | Microsoft bulletin |
| Mateusz "j00ru" Jurczyk and Gynvael Coldwind | Microsoft Windows | 4/9/2013 | CVE-2013-1284 and CVE-2013-1294 | Race Condition | Microsoft bulletin |
| Abhishek Arya | Apple Safari | 3/14/2013 | CVE-2013-0948, CVE-2013-0949, many | Memory Corruption | Apple advisory |
| Mateusz Jurczyk, Gynvael Coldwind, and Fermin J. Serna | Adobe Flash | 3/12/2013 | CVE-2013-1371, CVE-2013-1375 | Memory Corruption | Adobe bulletin |
| Felix Groebert | BitDefender Antivirus | 3/11/2013 | many bugs reported and fixed in signature 9264365 / version 7.46034 | Memory Corruption | |
| Felix Groebert | ClamAV Antivirus | 3/11/2013 | CVE-2013-2020, CVE-2013-2021 | Memory Corruption | ClamAV release note |
| Abhishek Arya | Mozilla Firefox | 2/19/2013 | CVE-2013-0777, CVE-2013-0778, CVE-2013-0779, CVE-2013-0780, CVE-2013-0781, CVE-2013-0782 | Memory Corruption | Mozilla advisory |
| Niels Heinen | Apache | 2/18/2013 | CVE-2012-3499 CVE-2012-4558 | Multiple XSS vulnerabilities | Apache advisory |
| Mateusz Jurczyk, Gynvael Coldwind, and Fermin J. Serna | Adobe Flash | 2/12/2013 | CVE-2013-0642, CVE-2013-0644, CVE-2013-0645, CVE-2013-0647, CVE-2013-0649, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1368, CVE-2013-1369, CVE-2013-1370, CVE-2013-1372, CVE-2013-1373, CVE-2013-1374 | Memory Corruption | Adobe bulletin |
| Mateusz "j00ru" Jurczyk and Gynvael Coldwind | Microsoft Windows | 2/12/2013 | CVE-2013-1278 and CVE-2013-1279 | Race Condition | Microsoft bulletin |
| Mateusz "j00ru" Jurczyk and Gynvael Coldwind | Microsoft Windows | 2/12/2013 | Multiple vulenrabilities (30) | Race Condition | Microsoft bulletin |
| Felix Groebert, Mateusz Jurczyk, Gynvael Coldwind | ClamAV Antivirus | 2/5/2013 | multiple bugs reported | Memory Corruption | ClamAV release note |
| Gynvael Coldwind, Felix Groebert, Mateusz Jurczyk | ESET NOD32 | 1/29/2013 | 5 bugs reported, announced on ESET updates 7945, 7950, 7977, and 8007 | Memory Corruption | ESET updates |
| Mateusz Jurczyk, Gynvael Coldwind, and Fermin J. Serna | Adobe Flash | 1/8/2013 | CVE-2013-0630 | Memory Corruption | Adobe bulletin |
| Mateusz Jurczyk and Gynvael Coldwind | Adobe Reader and Acrobat | 1/8/2013 | CVE-2013-0601, CVE-2013-0602, CVE-2013-0605, CVE-2013-0606, CVE-2013-0607, CVE-2013-0608, CVE-2013-0609, CVE-2013-0610, CVE-2013-0611, CVE-2013-0612, CVE-2013-0613, CVE-2013-0614, CVE-2013-0615, CVE-2013-0616, CVE-2013-0617, CVE-2013-0618, CVE-2013-0619, CVE-2013-0620, CVE-2013-0621 | Memory Corruption | Adobe bulletin |
| Abhishek Arya | Mozilla Firefox | 1/8/2013 | CVE-2013-0760, CVE-2013-0762, many | Memory Corruption | Mozilla advisory |
| Mateusz Jurczyk, Gynvael Coldwind, and Fermin J. Serna | Adobe Flash | 12/11/2012 | CVE-2012-5676 | Memory Corruption | Adobe bulletin |
| Tavis Ormandy | Adobe Flash | 12/11/2012 | CVE-2012-5678 | Memory Corruption | Adobe bulletin |
| Fermin J. Serna | Microsoft Internet Explorer | 12/11/2012 | CVE-2012-4787 | Use After Free | Microsoft bulletin |
| Abhishek Arya | Mozilla Firefox | 11/20/2012 | CVE-2012-4214, CVE-2012-4215, many | Memory Corruption | Mozilla advisory |
| Felix Groebert | System Center 2012 Endpoint Protection for Mac | 11/19/2012 | 1 reported bug and fixed in signature update 7853 | Memory Corruption | |
| Mateusz "j00ru" Jurczyk | Microsoft Windows | 11/13/2012 | CVE-2012-2553 | Use After Free | Microsoft bulletin |
| Mateusz Jurczyk, Gynvael Coldwind, and Fermin J. Serna | Adobe Flash | 11/6/2012 | CVE-2012-5274, CVE-2012-5275, CVE-2012-5276, CVE-2012-5277, CVE-2012-5279, CVE-2012-5280 | Memory Corruption | Adobe bulletin |
| Eduardo Vela Nava | Adobe Flash | 11/6/2012 | CVE-2012-5278 | Security Bypass | Adobe bulletin |
| Mateusz Jurczyk | FreeType2 | 10/24/2012 | CVE-2012-5668, CVE-2012-5669, CVE-2012-5670 | Memory Corruption | |
| Abhishek Arya | Mozilla Firefox | 10/9/2012 | CVE-2012-3995, CVE-2012-4179, many | Memory Corruption | Mozilla advisory |
| Drew Hintz and Andrew Lyons | Microsoft Office, Communications Platforms, Server software, and Office Web Apps | 10/9/2012 | CVE-2012-2520 | HTML Sanitization Vulnerability | Microsoft bulletin |
| Mateusz Jurczyk, Gynvael Coldwind, and Fermin J. Serna | Adobe Flash | 10/8/2012 | Multiple vulenrabilities (28) | Memory Corruption | Adobe bulletin |
| Niels Heinen | opencryptoki | 9/27/2012 | CVE-2012-4454, CVE-2012-4455 | Local privilege escalation | CVE |
| Thai Duong | Chrome, Firefox | 9/21/2012 | CVE-2012-4929 | TLS Compression Information Leak | CVE |
| Abhishek Arya | Mozilla Firefox | 8/28/2012 | CVE-2012-1972, CVE-2012-1973, many | Memory Corruption | Mozilla advisory |
| Cris Neckar | Microsoft Internet Explorer | 8/15/2012 | CVE-2012-2523 | Memory Corruption | Microsoft bulletin |
| Billy Rios | Tridium Niagara | 8/15/2012 | CVE-2012-3024 | Authentication Bypass | US-CERT |
| Billy Rios | Tridium Niagara | 8/15/2012 | CVE-2012-3025 | Plaintext Credential Storage | US-CERT |
| Billy Rios | Tridium Niagara | 8/15/2012 | CVE-2012-4027 | Privilege Escalation | US-CERT |
| Billy Rios | Tridium Niagara | 8/15/2012 | CVE-2012-4028 | Weak Credential Storage | US-CERT |
| Mateusz Jurczyk, Gynvael Coldwind | Adobe Reader | 8/14/2012 | CVE-2012-4149, CVE-2012-4160 | Memory Corruption | Adobe bulletin |
| Mateusz "j00ru" Jurczyk | Adobe Reader and Acrobat | 8/14/2012 | CVE-2012-2051 | Memory Corruption | Adobe bulletin |
| Mateusz Jurczyk and Gynvael Coldwind | Adobe Reader and Acrobat | 8/14/2012 | CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, CVE-2012-4160 | Memory Corruption | Adobe bulletin |
| Cris Neckar | Microsoft Internet Explorer | 8/14/2012 | CVE-2012-2523 | Integer Overflow Remote Code Execution | Microsoft bulletin |
| Mateusz "j00ru" Jurczyk | Microsoft Windows | 8/14/2012 | CVE-2012-2527 | Use After Free | Microsoft bulletin |
| Andrew Lyons & Drew Hintz | Tencent QQ Webmail | 8/7/2012 | TPSA12-05 | Persistent XSS | Tencent bulletin |
| Mateusz Jurczyk, Gynvael Coldwind | Google Chrome | 8/6/2012 | CVE-2012-2851, CVE-2012-2855, CVE-2012-2856, CVE-2012-2862, CVE-2012-2863, many more. | Memory Corruption | Blog |
| Abhishek Arya, Adam Barth, Cris Neckar, David Levin, Julien Chaffraix, Stephen Chenney, Thomas Sepez | Apple Safari 6 (WebKit) | 7/25/2012 | many | Memory Corruption | Apple advisory |
| Abhishek Arya | Mozilla Firefox | 7/17/2012 | CVE-2012-1951, CVE-2012-1954, CVE-2012-1953, CVE-2012-1952 | Memory Corruption | Mozilla advisory |
| Mateusz Jurczyk | libexif | 7/12/2012 | CVE-2012-2812, CVE-2012-2813, CVE-2012-2814 | Memory Corruption, Information Leak | Bugtraq |
| Google Security Team | Microsoft XML Core Services | 7/10/2012 | CVE-2012-1889 | Memory Corruption | Microsoft bulletin |
| Niels Heinen | Apache | 6/13/2012 | CVE-2012-2687 | XSS | Apache bug tracker |
| Google Inc | Microsoft Internet Explorer | 6/12/2012 | CVE-2012-1875 | Remote Code Execution | Microsoft bulletin |
| Mateusz "j00ru" Jurczyk | Microsoft Windows | 6/12/2012 | CVE-2012-1867 | Integer Overflow | Microsoft bulletin |
| Billy Rios | Microsoft Windows | 6/12/2012 | CVE-2007-2219 | Remote Code Execution | MS bulletin |
| Tavis Ormandy | Adobe Flash | 6/8/2012 | CVE-2012-2039 | NULL Pointer Dereference Vulnerability | Adobe bulletin |
| Abhishek Arya | Mozilla Firefox | 6/5/2012 | CVE-2012-1947, CVE-2012-1940, CVE-2012-1941 | Memory Corruption | Mozilla advisory |
| Kees Cook | nVidia graphics drivers | 5/17/2012 | CVE-2012-0951, CVE-2012-0952, CVE-2012-0953 | Privilege Escalation | Bug tracker |
| Andrew Lyons & Drew Hintz | Microsoft Hotmail | 5/1/2012 | CVE-2012-2520 | Persistent XSS | MS bulletin |
| Tavis Ormandy | OpenSSL | 4/19/2012 | CVE-2012-2110 | ASN.1 parsing bug in OpenSSL | |
| Billy Rios | Siemens WinCC | 4/18/2012 | CVE-2011-4508 | Authentication Bypass | US-CERT |
| Billy Rios | Siemens WinCC | 4/18/2012 | CVE-2011-4509 | Weak Credentials | US-CERT |
| Billy Rios | Siemens WinCC | 4/18/2012 | CVE-2011-4510 | XSS | US-CERT |
| Billy Rios | Siemens WinCC | 4/18/2012 | CVE-2011-4511 | XSS | US-CERT |
| Billy Rios | Siemens WinCC | 4/18/2012 | CVE-2011-4513 | Client side attacks via specially crafted files | US-CERT |
| Ken Mixter & Daniel Kurtz | Xorg | 4/18/2012 | CVE-2012-2118 | Format string flaw when logging input device names | Blog |
| Niels Heinen | Apache (debian) | 4/15/2012 | CVE-2012-0216 | Code execution on specific setups | Debian advisory |
| Mateusz Jurczyk, Gynvael Coldwind | FFmpeg, libav | 4/14/2012 | CVE-2011-3930 up to CVE-2011-3952; many more. | Memory Corruption | Link |
| Drew Hintz and Andrew Lyons | Microsoft SharePoint Server, Groove Server, SharePoint Foundation, and Office Web Apps | 4/9/2012 | CVE-2013-1289 | HTML Sanitization Vulnerability | Microsoft bulletin |
| Billy Rios | Invensys Information Portal | 4/2/2012 | CVE-2012-0225 | XSS | US-CERT |
| Billy Rios | Invensys Information Portal | 4/2/2012 | CVE-2012-0226 | SQLi | US-CERT |
| Billy Rios | Invensys Information Portal | 4/2/2012 | CVE-2012-0228 | Privilege Escalation | US-CERT |
| Fermin J. Serna | Adobe Flash | 3/28/2012 | CVE-2012-0724, CVE-2012-0725 | Memory Corruption | Adobe bulletin |
| Mateusz Jurczyk | FreeType2 | 3/8/2012 | CVE-2012-1126 up to CVE-2012-1144 | Memory Corruption | Link |
| Abhishek Arya, Adam Klein, Cris Neckar, Dave Levin, Lei Zhang, Jeremy Apthorp, Julien Chaffraix, Lei Zhang | Apple Safari 5.1.4, iTunes 10.6 (WebKit) | 3/7/2012 | many | Memory Corruption | Apple advisory |
| Tavis Ormandy | Adobe Flash | 3/5/2012 | CVE-2012-0768 | Memory Corruption | Adobe bulletin |
| Kees Cook | glibc | 3/5/2012 | CVE-2012-0864 | FORTIFY_SOURCE bypass via format string nargs integer overflow. NOTE: fix vuln only, did not find. | Link |
| Mateusz Jurczyk | OpenType Sanitizer | 3/2/2012 | CVE-2011-3062 | Off-by-one | Chrome bug tracker |
| Fermin Serna | Adobe Flash | 2/23/2012 | CVE-2012-0769 | Information leak | Link |
| Google Security Team | Adobe Flash | 2/16/2012 | CVE-2012-0767 | Universal XSS | Adobe bulletin |
| Mateusz Jurczyk, Gynvael Coldwind | FFmpeg | 2/16/2012 | CVE-2011-3019, CVE-2011-3929, CVE-2011-3934, CVE-2011-3935 to CVE-2011-3937, CVE-2011-3940, CVE-2011-3941, CVE-2011-3944 to CVE-2011-3947, CVE-2011-3949 to CVE-2011-3952, CVE-2012-0853, CVE-2012-0947, CVE-2012-2774 to CVE-2012-2777, CVE-2012-2779, CVE-2012-2782 to CVE-2012-2804, CVE-2013-0861 to CVE-2013-0869, CVE-2013-0872 to CVE-2013-0878, CVE-2013-2276, CVE-2013-2277, CVE-2013-2495, CVE-2013-2496, many more | Memory Corruption | |
| Eduardo Vela | Adobe Flash | 2/15/2012 | CVE-2012-0755 | Flash Origin Spoofing | Adobe bulletin |
| Billy Rios | Invensys HMI Reports | 2/8/2012 | CVE-2011-4038 | XSS | US-CERT |
| Billy Rios | Invensys HMI Reports | 2/8/2012 | CVE-2011-4039 | Memory Corruption | US-CERT |
| Ben Hawkes | Mozilla Firefox | 1/31/2012 | CVE-2012-0443 | Memory Corruption | Mozilla advisory |
| Meder Kydyraliev | Struts2/XWork | 1/22/2012 | CVE-2011-3923 | Remote Code Execution | Link |
| Tavis Ormandy | Adobe Reader and Acrobat | 1/10/2012 | CVE-2011-4370 | Memory Corruption | Adobe bulletin |
| Billy Rios | Adobe Reader and Acrobat | 1/10/2012 | CVE-2011-4371 | Memory Corruption | Adobe bulletin |
| Neel Mehta | Microsoft Windows | 1/10/2012 | CVE-2012-0004 | Remote Code Execution | Microsoft bulletin |
| Ben Laurie | OpenSSL | 1/4/2012 | CVE-2011-4109 | Double Free | OpenSSL security advisory |
| Mateusz Jurczyk | Microsoft Windows | 12/13/2011 | CVE-2011-2018 | Exception Handler Vulnerability | MS bulletin |
| Michal Zalewski | Firefox / Chrome / Safari / Opera/ Internet Explorer | 12/6/2011 | CVE-2011-4692 CVE-2011-4691 CVE-2011-4690 CVE-2011-4689 CVE-2011-4688 | Cache timing attack | Link |
| Billy Rios | Apple Safari | 11/17/2011 | CVE-2010-0045 | Remote Code Execution | Apple advisory |
| Billy Rios | Apple Safari | 11/16/2011 | CVE-2010-1778 | File Theft | Apple advisory |
| Eduardo Vela | Netflix | 11/11/2011 | Script Inclusion and XSS | ||
| Ben Hawkes | Adobe Flash | 11/10/2011 | CVE-2011-2456 | Memory Corruption | Adobe bulletin |
| Tavis Ormandy | Adobe Flash | 11/10/2011 | CVE-2011-2450, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2457, CVE-2011-2460 | Memory Corruption | Adobe bulletin |
| Felix Groebert | Apple FileVault | 10/14/2011 | CVE-2011-3212 | Information Leak | |
| Billy Rios | Apple Safari, AppleTV | 10/12/2011 | CVE-2011-0216 | Heap Overflow | Apple advisory |
| Abhishek Arya, Adam Barth, Cris Neckar, Dimitri Glazkov, Dominic Cooney, John Knottenbelt, Kent Tamura, Philip Rogers, Raman Tenneti, Sadrul Habib Chowdhury, SkyLined | iTunes 10.5 (WebKit) | 10/11/2011 | many | Memory Corruption | Apple advisory |
| Abhishek Arya, Adam Barth, Cris Neckar, Dimitri Glazkov, Dominic Cooney, Kent Tamura, Philip Rogers, Raman Tenneti, Sadrul Habib Chowdhury, SkyLined | Apple Safari 5.1.1 | 10/11/2011 | many | Memory Corruption | Apple advisory |
| Ben Hawkes | Mozilla Firefox | 9/27/2011 | CVE-2011-3003 | Memory Corruption | Mozilla advisory |
| Ben Hawkes | nginx | 9/11/2011 | CVE-2011-4315 | Memory Corruption | Link |
| Ben Hawkes | Squid | 8/28/2011 | CVE-2011-3205 | Memory Corruption | Link |
| Eduardo Vela | 8/15/2011 | XSS and RPC spoofing | Blog | ||
| Tavis Ormandy | Adobe Flash | 8/12/2011 | CVE-2011-2424 (one CVE, dozens of bugs) | Memory Corruption | Blog |
| Michal Zalewski | Microsoft Internet Explorer | 8/9/2011 | MS11-057 | Defense in Depth | MS bulletin |
| Billy Rios | Adobe Reader | 6/14/2011 | CVE-2011-2101 | Remote Code Execution | Adobe bulletin |
| Robert Swiecki | Microsoft Internet Explorer | 6/14/2011 | CVE-2011-1246 | Universal XSS | MS bulletin |
| Chris Evans | libxml | 5/27/2011 | Integer Problems / Memory Corruption | Blog | |
| Niels Heinen | Python | 5/24/2011 | CVE-2011-1521 | File Disclosure | Python Blog |
| Eduardo Vela | easyXDM | 4/14/2011 | XSS and RPC spoofing | Link | |
| Felix Groebert | Apple CoreGraphics and TypeServer | 3/23/2011 | CVE-2011-0175, CVE-2011-0176, CVE-2011-0202 | Code Execution | |
| Chris Evans | Chrome, Firefox, Internet Explorer, Opera, Safari | 3/9/2011 | Information leak | Blog | |
| Abhishek Arya, Chris Evans, Emil A Eklund, Michal Zalewski, Mihai Parparita, SkyLined, Yuzo Fujishima | iTunes 10.2 | 3/9/2011 | many | Memory Corruption | Apple advisory |
| Abhishek Arya, Chris Evans, Emil A Eklund, Erik Wong, Michal Zalewski, Mihai Parparita, SkyLined, Yuzo Fujishima | iOS 4.3 | 3/9/2011 | many | Memory Corruption | Apple advisory |
| Abhishek Arya, Chris Evans, Emil A Eklund, Michal Zalewski, Mihai Parparita, SkyLined, Yuzo Fujishima | Apple Safari 5.0.4 | 3/9/2011 | many | Memory Corruption | Apple advisory |
| Chris Evans | Foxit PDF Reader | 3/5/2011 | Arbitrary file write | Blog | |
| Billy Rios | Adobe Reader | 2/8/2011 | CVE-2011-0587 | XSS | Adobe bulletin |
| Billy Rios | Adobe Reader | 2/8/2011 | CVE-2011-0604 | XSS | Adobe bulletin |
| Felix Groebert | Ruby on Rails | 2/8/2011 | CVE-2011-0447 | XSRF | |
| Eduardo Vela | Oracle Java Applets | 2/1/2011 | CVE-2010-4466 | Java Universal XSS Vulnerability | Oracle advisory |
| Eduardo Vela | Marcaria.com | 1/12/2011 | Authentication Bypass | ||
| Michal Zalewski | Microsoft Internet Explorer | 1/1/2011 | CVE-2011-0347 | Graphics rendering problem | Blog |
| Michal Zalewski | Microsoft Internet Explorer 6, 7, 8 | 1/1/2011 | MS11-018 CVE-2011-0346 | Use After Free | Blog |
| Abhishek Arya, Cris Neckar, Rohit Makasana | Apple Safari 5.0.3 | 11/22/2010 | many | Memory Corruption | Apple advisory |
| Abhishek Arya, Cris Neckar, Rohit Makasana | iOS4.2 | 11/22/2010 | many | Memory Corruption | Apple advisory |
| Chris Evans | Microsoft Internet Explorer | 10/21/2010 | Cross-origin Infomation Disclosure | Blog | |
| Eduardo Vela | Mozilla Firefox | 10/19/2010 | CVE-2010-3178 | Cross-site Information Disclosure | Mozilla advisory |
| Michal Zalewski | Apple Safari 5 (WebKit) | 10/7/2010 | CVE-2010-1119 CVE-2010-3811 | Use After Free | Blog |
| Billy Rios | Adobe Reader | 10/5/2010 | CVE-2010-3625 | Remote Code Execution | Adobe bulletin |
| Michal Zalewski | Firefox 3.5, Safari 5 (WebKit) | 10/5/2010 | CVE-2010-1206 MFSA 2010-45 CVE-2010-3774 MFSA 2010-83 CVE-2010-2454 | URL bar spoofing vulnerabilities | Blog |
| Chris Evans | Microsoft Internet Explorer | 9/29/2010 | Universal XSS | Blog | |
| Ben Hawkes | Linux kernel | 9/14/2010 | CVE-2010-3301 | Local Privilege Escalation | Link |
| Michal Zalewski | Mozilla Firefox 3.6 | 9/7/2010 | MFSA 2010-49 CVE-2010-3169 MFSA 2010-64 CVE-2010-3175 | Memory Corruption | Mozilla advisory |
| Ben Hawkes | Linux kernel | 9/7/2010 | CVE-2010-3081 | Local Privilege Escalation | Link |
| Ben Hawkes | Linux kernel | 8/20/2010 | CVE-2010-2959 | Local Privilege Escalation | Link |
| Meder Kydyraliev | JBoss Seam | 7/28/2010 | CVE-2010-1871 | Remote Code Execution | Blog |
| Meder Kydyraliev | Struts2/XWork | 7/9/2010 | CVE-2010-1870 | Remote Code Execution | Link |
| Robert Swiecki | FreeType2 | 6/5/2010 | CVE-2010-2497 CVE-2010-2498 CVE-2010-2499 CVE-2010-2500 CVE-2010-2519 CVE-2010-2520 CVE-2010-2527 | Memory Corruption | Link |
| Eduardo Vela | Apple Safari | 4/15/2010 | CVE-2010-1394 | HTML Serialization Bug | Apple advisory |
| Michal Zalewski | Firefox 3.5, Safari 5 (WebKit) | 4/15/2010 | MFSA 2010-31 CVE-2010-1125 CVE-2010-1422 | Strokejacking | Blog |
| Billy Rios | Adobe Reader | 4/13/2010 | CVE-2010-0190 | Remote Code Execution | Adobe bulletin |
| Billy Rios | Adobe Reader | 4/13/2010 | CVE-2010-0191 | Remote Code Execution | Adobe bulletin |
| Michal Zalewski | Microsoft Internet Explorer 6 | 4/5/2010 | MS10-035 CVE-2010-1259 | Uninitialized memory corruption vulnerability | Microsoft bulletin |
| Eduardo Vela | Microsoft Internet Explorer | 2/10/2010 | CVE-2010-3243 | CSS Serialization Problem | Microsoft bulletin |
| Neel Mehta, Sumit Gwalani, Drew Hintz | Microsoft Windows | 2/9/2010 | CVE-2010-0239, CVE-2010-0240, CVE-2010-0241 | Remote Code Execution | Microsoft bulletin |
| Michal Zalewski | Apple Safari 5 (WebKit) | 2/3/2010 | CVE-2010-0544 | Universal XSS | Blog |
| Eduardo Vela | Microsoft Internet Explorer | 1/21/2010 | CVE-2009-4074, CVE-2010-1489 | Universal XSS | Microsoft bulletin |
| Tavis Ormandy | Microsoft Windows | 1/21/2010 | CVE-2010-0232 | Microsoft Windows NT #GP Trap Handler Allows Users to Switch Kernel Stack | Blog |
| Chris Evans | Chrome, Firefox, Internet Explorer, Opera, Safari | 12/28/2009 | Cross-origin Infomation Disclosure | Blog | |
| Billy Rios | Mozilla Firefox | 11/25/2009 | CVE-2008-2933 | Protocol handling issue | Mozilla bug tracker |
| Tavis Ormandy, Julien Tinnes | VMware | 10/30/2009 | CVE-2009-2267 | Guest Privilege Escalation | Blog |
| Michal Zalewski | Apple Safari 4 (WebKit) | 9/24/2009 | CVE-2009-3384 | Code Execution | |
| Julien Tinnes, Tavis Ormandy | NetBSD and other kernels. | 9/16/2009 | CVE-2009-2793 | Privilege Escalation | Link |
| Drew Hintz | Microsoft Silverlight.net | 9/1/2009 | MSRC 9210 | SQL Injection | |
| Tavis Ormandy, Julien Tinnes | Linux Kernel | 8/28/2009 | CVE-2009-2698 | Privilege Escalation | Blog |
| Tavis Ormandy, Julien Tinnes | Linux Kernel | 8/13/2009 | CVE-2009-2692 | Privilege Escalation | Link |
| Peter Valchev | libexpat | 8/6/2009 | CVE-2009-3720 | Memory Corruption, DoS | NVD |
| Chris Evans | Apple CoreGraphics | 8/5/2009 | Memory Corruption | Blog | |
| Julien Tinnes, Tavis Ormandy | Pulseaudio | 7/16/2009 | CVE-2009-1894 | Privilege Escalation | Blog |
| Tavis Ormandy, Julien Tinnes | Microsoft VirtualPC | 7/15/2009 | CVE-2009-1542 | Guest Privilege Escalation | Microsoft bulletin |
| Chris Evans | mimetex | 7/10/2009 | Memory Corruption, Information Disclosure | Link | |
| Chris Palmer | Android | 7/6/2009 | CVE-2009-2348 | Authorization Bypass | oCERT advisory |
| Julien Tinnes, Tavis Ormandy | Linux kernel | 6/26/2009 | CVE-2009-1895 | mmap_min_addr bypass | Blog |
| Chris Evans | Apple Safari | 6/9/2009 | Cross-origin Infomation Disclosure | Blog | |
| Chris Evans | Apple Safari | 6/8/2009 | File theft | Blog | |
| Michal Zalewski | Apple Safari 4 (WebKit) | 5/20/2009 | CVE-2009-1684 | Universal XSS | |
| Chris Evans | Java | 3/27/2009 | Memory Corruption | Blog | |
| Chris Evans | LittleCMS (lcms) | 3/17/2009 | Memory Corruption | Blog | |
| Chris Evans | Linux kernel | 2/24/2009 | Bypass signal restrictions | Blog | |
| Michal Zalewski | Microsoft Internet Explorer | 2/12/2009 | MS09-014 CVE-2009-0551 | Memory Corruption | MS bulletin |
| Chris Evans | Linux kernel | 1/23/2009 | Syscall filter bypass | Blog | |
| Chris Evans | Mozilla Firefox | 12/7/2008 | Cross-origin Infomation Disclosure | Blog | |
| Billy Rios | Java | 12/5/2008 | CVE-2008-5343 | GIFAR | NVD |
| Chris Evans | Mozilla Firefox | 11/17/2008 | Cross-origin Infomation Disclosure | Blog | |
| Michal Zalewski, Chris Evans | Mozilla Firefox 2 | 11/12/2008 | MFSA 2008-48 CVE-2008-5012 | Cross-domain Data Disclosure | Mozilla advisory |
| Drew Hintz | Apple Mailing Lists | 11/3/2008 | XSS | ||
| Chris Evans | Python | 10/20/2008 | Memory Corruption | Blog | |
| Ben Laurie | Various OpenID providers | 8/8/2008 | CVE-2008-3280 | Weak SSL keys in OpenID providers | Link |
| Chris Evans | libxslt | 7/31/2008 | Memory Corruption | Blog | |
| Michal Zalewski | Apple Mac OS X | 5/18/2008 | CVE-2008-2321 | Code Execution | |
| Chris Evans | Java | 3/5/2008 | Memory Corruption | Blog | |
| Chris Evans | Ghostscript | 2/27/2008 | Memory Corruption | Blog | |
| Michal Zalewski | Mozilla Firefox 2 | 2/7/2008 | MFSA 2008-02 CVE-2008-0414 | Strokejacking | Mozilla advisory |
| Michal Zalewski | Mozilla Firefox 2 | 2/7/2008 | MFSA 2008-08 CVE-2008-0591 | Trusted UI problem | Mozilla advisory |
| Martin Straka | Mozilla Firefox | 2/1/2008 | CVE-2008-0593 | Information Leak | Mozilla advisory |
| Rich Cannings | Multiple Adobe products | 1/3/2008 | CVE-2007-6637 | Universal XSS | Adobe bulletin |
| Rich Cannings | Adobe Flash | 12/5/2007 | CVE-2007-6244 | XSS | Adobe bulletin |
| Peter Valchev | libcairo | 11/16/2007 | CVE-2007-5503 | Memory Corruption | NVD |
| Chris Evans | pcre | 11/7/2007 | Memory Corruption | Link | |
| Michal Zalewski | Apple Mac OS X | 11/6/2007 | CVE-2007-5854 | XSS | |
| Billy Rios | Microsoft Windows | 10/11/2007 | CVE-2007-3896 | Remote Code Execution | NVD |
| Billy Rios | Java | 10/3/2007 | CVE-2007-5232 | DNS Rebinding | NVD |
| Michal Zalewski | Apple Safari 3 (WebKit) | 7/12/2007 | CVE-2007-3758 CVE-2007-3760 CVE-2007-3756 | Universal XSS | |
| Billy Rios | Mozilla Firefox | 7/10/2007 | CVE-2007-3670 | Protocol handling issue | NVD |
| Martin Straka | Java 2 Platform, Standard Edition | 6/1/2007 | Security Sun Alert 201348 | XSS | Oracle advisory |
| Chris Evans | Java | 5/15/2007 | Memory Corruption | Link | |
| Robert Swiecki | Linux kernel | 3/27/2007 | CVE-2007-1734 | Kernel memory disclosure | Security Focus |
| Chris Evans | OpenBSD kernel | 10/7/2006 | Memory Corruption | Link | |
| Tavis Ormandy | gzip | 8/28/2006 | CVE-2006-4336, CVE-2006-4337, CVE-2006-4338 | Memory Corruption | Link |
| Tavis Ormandy | libtiff | 6/16/2006 | CVE-2006-3460, CVE-2006-3461, CVE-2006-3462 | Memory Corruption | Link |
| Chris Evans | libgif | 11/6/2005 | Memory Corruption | Link |