research notes
All notes
Vulnerability research published after vendor coordination and patch availability.
MERGED
Ray runtime_env zip extraction hardening
Open-source hardening contribution that improved Ray's runtime_env zip extraction path validation through upstream PR #63786.
StatusMerged
CategoryOSS
DetailPR #63786
CVE-2026-48020
Traefik StripPrefix route-level auth bypass
Public note for a path normalization issue in Traefik where StripPrefix middleware could affect route-level authorization boundaries.
StatusPatched / Public
SeverityHigh
DetailGHSA-xf64-8mw2-4gr2
WITHHELD
Access control boundary issue
Public placeholder for a Broken Access Control finding. Vendor and product details remain withheld.
StatusPatch in progress
CategoryWeb
DetailWithheld