This project hosts security advisories and their accompanying proof-of-concepts related to research conducted at Google which impact non-Google owned code. (by google)

Security-research Alternatives

Similar projects and alternatives to security-research

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a better security-research alternative or higher similarity.

Suggest an alternative to security-research

Reviews and mentions

Posts with mentions or reviews of security-research. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2021-10-19.
  • TPM Carte Blance attack (correct link) | 2021-10-20
  • TPM Carte Blanche write-up | 2021-10-19
    moved here:
  • AWS Cognito? | 2021-07-16
  • 15 years old heap out-of-bounds write vulnerability in Linux Netfilter powerful enough to bypass all modern security mitigations and achieve kernel code execution | 2021-07-15
  • CVE-2021-22555: Turning \x00\x00 into 10000$ | 2021-07-15
    Sorry, it's from [0] linked further down in the comments. I didn't notice that when posting, or I would have made my comment a reply to that post [1].


    [1] | 2021-07-15
    To quickly identify affected and patched kernel versions see

  • Google Compute Engine (GCE) VM Takeover via DHCP Flood | 2021-06-29
    Funny thing is I agree with you that Google should hold itself to that bar, but I don't agree as to Project Zero being the reason. I think we very much should distinguish Google from P0, and that P0's policy should be irrelevant here; their entire purpose is to be an independent team of security researchers finding vulnerability in software, indiscriminately. It seems a number of others here feel similarly (judging by the responses), and ironically their support for the position is probably being lost by dragging P0 into the conversation.

    The reason I think Google should hold itself to that bar is something else: Google itself uses that bar for other vendors. From the horse's mouth [1]:

    > This is why Google adheres to a 90-day disclosure deadline. We notify vendors of vulnerabilities immediately, with details shared in public with the defensive community after 90 days, or sooner if the vendor releases a fix.

    If they're going to do this to others as general company policy, they need to do this to themselves.


  • It's not a virus, I swear... | 2021-04-17
    There is malware that doesn't require execution privileges or user interaction, it exploits vulnerabilities like this one.
  • BleedingTooth: Linux Bluetooth Zero-Click Remote Code Execution | 2021-04-07
  • PS4 Homebrew Q&A General | March 2021 Edition | POST YOUR QUESTION HERE INSTEAD OF MAKING A NEW THREAD -TheFlow's writeup for the current kernel vuln
  • 755 Jailbreak Discussion Thread
    The poc.c is likely just this and the ps4.c just that but with adjustments made for the ps4. I guess we can't know for sure though.
  • TheFlow0 disclosed another expliot to pubic, hope somthing useful can come from it as the last expliot from him ;)


Basic security-research repo stats
9 days ago

google/security-research is an open source project licensed under Apache License 2.0 which is an OSI approved license.

SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
Find remote Go jobs at our new job board There are 7 new remote jobs listed recently.
Are you hiring? Post a new remote job listing for free.