Here are the vulnerabilities i've found:
| status | discovered | project | item | note |
|---|---|---|---|---|
| [FIXED] | 2021-02-23 | bitnami/laravel | CVE-2021-21979: APP_KEY is fixed in docker image bitnami/laravel | |
| [FIXED] | 2021-04-20 | meshery | CVE-2021-31856: A Sql Injection in Meshery | |
| [FIXED] | 2021-04-30 | docker | CVE-2021-41089: docker cp allows unexpected chmod of host files | |
| [FIXED] | 2021-05-26 | kernel/cgroups | CVE-2022-0492 (co-author) | |
| [FIXED] | 2021-07-14 | runc | host infomation disclosure | It was later proven to be the same issue as CVE-2025-31133, but at the time, no exploitation approach had been considered. |
| [REJECTED] | 2021-08-24 | docker | docker dos | reported but no response |
| [REJECTED] | 2022-06-17 | runc | runc capability escape | maintainer did not think it's a vuln |
| [FIXED] | 2022-07-29 | runc | CVE-2023-28642: AppArmor/SELinux bypass with symlinked /proc | |
| [REJECTED] | 2022-08-04 | runc | runc host infomation disclosure | maintainer did not think it's a vuln |
| [FIXED] | 2023-03-10 | apport-cli | CVE-2023-1326 (co-author) | |
| [FIXED] | 2023-03-30 | runc | CVE-2025-31133: container escape | |
| [FIXED] | 2023-04-07 | runc | escape, containerd only | actually a escape tech, got fixed unintentionally in runc v1.1.5 |
| [FIXED] | 2024-12-17 | nvidia-container-toolkit | CVE-2025-23359 | |
| [FIXED] | 2025-03-13 | nvidia-container-toolkit | CVE-2025-23267 | |
| [FIXED] | 2025-04-29 | runc | CVE-2025-52565, container escape (co-author) |
Here are some of my repositories i want to introduce to you:
- container
- ctrsploit: A penetration toolkit for container environment
- docker_archive: Provide many versions of docker and docker's components
- registry_v2_client: A cli for registry v2
- docker_secret: An alternative of docker secret
- golang
- go_instrumentation: A generic instrumentation tool for golang
- awesome_libs
- lightweight_api
- lightweight_db
- codeql-go-vendor: A codeql extractor for go vendor mode project
- my poc/exp
- docker-cve-2022-39253-poc: docker host file read (using cve-2022-39253) poc
- security research
- security-research-specification
- source-analysis-system: Next Generation Source Analysis Report
- GHSA-NOTIFY: open source software security advisories based on GHSA
- ctf
- my_ctf_challenges: The ctf challenges i've designed
- waterdropctf
- reverse
- opdb: an opcode level debugger for python
- crypto
- yafu_docker: unofficial container image for yafu
- awd
- portable-git: portable git
- common security tools
- sectools
- go-shijack: tcp connection hijacker, go rewrite of shijack from 2001.
- other
- awesome_scripts: A collection of awesome scripts
- sshtunnel: A nice useful ssh tunnel
updated at 2023-04-23