Skip to content

Security: diedromeo/Patch-Diff-Research

Security

SECURITY.md

Security Policy

⚠️ Ethical Use & Legal Disclaimer

This repository contains educational security research: reproductions of publicly disclosed vulnerabilities, proof-of-concept code, and detection content. It exists to help defenders understand, detect, and remediate real threats.

  • Every technique here targets software you deploy yourself inside the provided isolated, disposable lab environments.
  • Do not use any material here against systems you do not own or lack explicit written authorization to test. Doing so is illegal in most jurisdictions.
  • No zero-days, no undisclosed vulnerabilities, and no live-target tooling are published here. Every CVE references its official NVD entry and vendor advisory.
  • The author accepts no liability for misuse. Use is governed by the LICENSE.

By using this repository you agree to use it lawfully and ethically.

Reporting a Vulnerability in this repository

If you find a security issue in the lab tooling or automation itself (not in the target software, which is intentionally vulnerable), please report it privately:

  1. Open a GitHub Security Advisory (preferred), or
  2. Email the maintainer via the address on the GitHub profile.

Please include: affected file/component, reproduction steps, and impact.

Response target within 5 business days
Fix target severity-dependent; tracked in CHANGELOG.md
Coordinated disclosure supported and appreciated

Please do not open public issues for security-tooling vulnerabilities until they have been addressed.

Supported Versions

The latest tagged release (see Releases) receives fixes. Labs pin the specific vulnerable versions of target software by design and are not "upgraded" — that is the point of the reproduction.

There aren't any published security advisories