Skip to content
View MuhammedHussein17's full-sized avatar

Block or report MuhammedHussein17

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
MuhammedHussein17/README.md

Security Research

Advisory Project Vulnerability Severity Status
CVE-2026-50142 libheif Unbounded heap allocation in HEIF sequence parser High (CVSS 7.5) ✅ Fixed
CVE-2026-53532 OpenEXR Unhandled assert abort in HTJ2K decoder — DoS via vendored OpenJPH Moderate ✅ Fixed in v3.4.13
CVE pending LibRaw Integer overflow → heap-buffer-overflow-write in CRX/CR3 decoder High (CVSS 7.5) 🔒 Fixed; CVE pending
GHSA-x6m8-gjm4-87c3 Cacti IDOR — missing ownership check in reports_form_actions() High (CVSS 8.8) 🔄 Fix merged
GHSA-44c9-hrq8-9r46 Cacti Path traversal via unserialize() in package_import.php Medium (CVSS 6.6) 🔄 Fix in progress
CVE-2026-9794 Keycloak Unauthenticated client ID enumeration via SAML ECP oracle Medium (CVSS 5.3) ✅ Fixed in 26.6.3
GHSA-v4hc-2928-gmm5 libarchive Integer overflow in XAR parser → checksum bypass & DoS Medium (CVSS 4.3) 🔄 Fix merged
GHSA-hvq5-gp2g-6rmv libarchive Integer truncation in 7zip numDigests → heap OOB read Medium 🔄 Pending triage
GHSA-3p4v-475w-5wxv libarchive Missing recursion depth guard in ISO9660 Joliet → stack overflow Medium (CVSS 4.3) 🔄 Pending triage
CVE Request 2040466 mtr 0.96 Arbitrary file read as root via MTR_OPTIONS=-F under sudo Medium (CVSS 5.5) 🔄 CVE pending
Nmap changelog Ncat 5 memory-safety issues: double-free, UAF, OOB read, NULL deref (pre-auth) Medium ✅ Fixed; credited
Nmap changelog Nmap Stack buffer over-read in cstring_unescape() — ASan-confirmed ✅ Fixed; credited
RUSTSEC-2026-0199 rust-bcrypt DoS panic regression Medium (CVSS 5.3) ✅ Fixed in 0.19.2

ONNX — Fuzzing & Security (2026)

  • Co-authored OSS-Fuzz integration (PR #15382, google/oss-fuzz)
  • Merged seed corpus (PR #8062) and fuzz_compose harness (PR #8067)
  • Discovered OSS-Fuzz Issue 523734453: null-deref WRITE in ir_pb_converter.cc:381 — fixed in PR #8121 (June 2026)

Pinned Loading

  1. onnxruntime-fuzzing-suite onnxruntime-fuzzing-suite Public

    Production-ready libFuzzer harnesses for ONNX Runtime with OSS-Fuzz integration

    C++

  2. libheif-cve-2026-50142 libheif-cve-2026-50142 Public

    CVE-2026-50142 — Heap allocation vulnerability in libheif HEIF sequence parser