Vulnerabilities I've found and reported. This list grows over time.
A path traversal vulnerability in Grafana Loki that could allow unauthorized file access.
Grafana Path TraversalA Zip Slip vulnerability in the Ghidra reverse engineering tool that could lead to arbitrary file writes during archive extraction.
NSA Ghidra Zip SlipThe LDAP certificate processing API in Bouncy Castle did not sanitize X.500 names for LDAP wildcards, potentially leading to information disclosure when processing unvetted certificates.
Bouncy Castle LDAP Injection Cryptography