angler-fish The Vulnerability History Project
angler-fish The Vulnerability History Project


Tags are one of the main ways we use organize vulnerabilities in VHP. Tags can be gathered automatically, or manually, or with a combination of both. Here are a few different types of tags below.

Lesson tags are about broader lessons that can be learned from that vulnerability. These are security principles and engineering pitfalls that we believe should be taught to all software engineers.

Discovered tags are about how the vulnerability was originally found.

Lifetime tags indicate how long we believe the vulnerability remained in the system.

CWE, or Common Weakness Enumeration, tags are manually assigned by curators to describe the particular type of vulnerability.

Subsystem tags are the curators' best efforts at determining what part of the system this vulnerability affected.

Project tags are the case study the vulnerability is from.

Language tags are what type of source code was fixed.

Severity tags are based on the NVD's CVSS.

CWE-732: Incorrect Permission Assignment for Critical Resource Not Auto Discoverable Lesson: Frameworks are Optional Linux Kernel subsystem: kvm CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer Lesson: Least Privilege CWE-703: Improper Check or Handling of Exceptional Conditions CWE-290: Authentication Bypass by Spoofing Lesson: Environment Variables CWE-749: Exposed Dangerous Method or Function Chromium subsystem: omnibox Chromium subsystem: navigation Lesson: Defense in Depth CWE-754: Improper Check for Unusual or Exceptional Conditions Lesson: Fix Untested Linux Kernel subsystem: bluetooth Fix: Big CWE-667: Improper Locking Language: Python Discovered Manually CWE-476: NULL Pointer Dereference CWE-86: Improper Neutralization of Invalid Characters in Identifiers in Web Pages CWE-451: User Interface (UI) Misrepresentation of Critical Information Severity: Attack Vector - Local CWE-789: Memory Allocation with Excessive Size Value CWE-358: Improperly Implemented Security Check for Standard CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-252: Unchecked Return Value Project: HTTPD Django subsystem: backends CWE-361: 7PK - Time and State CWE-400: Uncontrolled Resource Consumption Order of Operations Linux Kernel subsystem: arch Chromium subsystem: speech Severity: Integrity Impact - Partial Language: C++ Chromium subsystem: media CWE-824: Access of Uninitialized Pointer Lesson: Reverting Codebase CWE-193: Off-by-one Error CWE-126: Buffer Over-read Lifetime: 2 to 5 years CWE-352: Cross-Site Request Forgery (CSRF) CWE-189: Numeric Errors Lifetime: 30 to 90 days CWE-285: Improper Authorization CWE-668: Exposure of Resource to Wrong Sphere Severity: Confidentiality Impact - Partial Chromium subsystem: renderer_host CWE-908: Use of Uninitialized Resource CWE-303: Incorrect Implementation of Authentication Algorithm CWE-183: Permissive List of Allowed Inputs Project: systemd Chromium subsystem: openjpeg Linux Kernel subsystem: lib Dependency Issue Chromium subsystem: chrome Django subsystem: auth Lesson: Too Many Cooks Lesson: Lacked Test Chromium subsystem: frame Severity: Availability Impact - Low CWE-644: Improper Neutralization of HTTP Headers for Scripting Syntax CWE-159: Improper Handling of Invalid Use of Special Elements systemd subsystem: shared CWE-281: Improper Preservation of Permissions CWE-150: Improper Neutralization of Escape, Meta, or Control Sequences CWE-266: Incorrect Privilege Assignment Specification CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Chromium subsystem: webgl systemd subsystem: systemd-journald CWE-664: Improper Control of a Resource Through its Lifetime CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') CWE-426: Untrusted Search Path CWE-401: Missing Release of Memory after Effective Lifetime Linux Kernel subsystem: crypto CWE-770: Allocation of Resources Without Limits or Throttling CWE-20: Improper Input Validation HTTPD subsystem: mod_ssl Chromium subsystem: serviceworker HTTPD subsystem: cache Stacktrace: Any CWE-125: Out-of-bounds Read systemd subsystem: core Django subsystem: files Severity: Attack Vector - Adjacent Network Chromium subsystem: pdfium Chromium subsystem: autofill Lesson: Security By Obscurity CWE-203: Observable Discrepancy Stacktrace: With Fix CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Django subsystem: models CWE-294: Authentication Bypass by Capture-replay CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') Struts subsystem: xwork Chromium subsystem: sfntly CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') Lifetime: 5+ years Project: Linux Kernel Lesson: Secure By Default Lifetime: 1 to 2 years Django subsystem: forms Struts subsystem: mapper Struts subsystem: validator FFmpeg subsystem: avfilter Lesson: Complex Inputs CWE-601: URL Redirection to Untrusted Site ('Open Redirect') Linux Kernel subsystem: bpf Severity: Attack Vector - Physical Chromium subsystem: video Chromium subsystem: translate CWE-94: Improper Control of Generation of Code ('Code Injection') Chromium subsystem: browser CWE-295: Improper Certificate Validation Linux Kernel subsystem: btrfs Lesson: Code Refactors Chromium subsystem: blink svg Severity: Confidentiality Impact - Complete Severity: Privileges Required - Low Chromium subsystem: ui CWE-697: Incorrect Comparison CWE-787: Out-of-bounds Write Severity: Integrity Impact - Low CWE-909: Missing Initialization of Resource CWE-347: Improper Verification of Cryptographic Signature Chromium subsystem: workers Chromium subsystem: gpu CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') Chromium subsystem: third_party HTTPD subsystem: server Chromium subsystem: web_contents Lesson: Serial Killer Chromium subsystem: parser Chromium subsystem: audio Project: Tomcat Tomcat subsystem: catalina Chromium subsystem: clipboard CWE-359: Exposure of Private Personal Information to an Unauthorized Actor CWE-276: Incorrect Default Permissions CWE-416: Use After Free Django subsystem: urls CWE-606: Unchecked Input for Loop Condition CWE-354: Improper Validation of Integrity Check Value CWE-415: Double Free Chromium subsystem: extensions Chromium subsystem: cc Lesson: Distrust Input Severity: User Interaction - Required Discovered Automatically Django subsystem: xml_parsers Vouch systemd subsystem: vconsole Bounty Awarded Chromium subsystem: ffmpeg Project: FFmpeg Severity: Privileges Required - None Chromium subsystem: base HTTPD subsystem: proxy Severity: Privileges Required - High Util CWE-122: Heap-based Buffer Overflow Discovered in Contest CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') i18n CWE-502: Deserialization of Untrusted Data Django subsystem: admin Chromium subsystem: ssl Chromium subsystem: safebrowsing Chromium subsystem: plugins CWE-763: Release of Invalid Pointer or Reference CWE-384: Session Fixation Django subsystem: contrib CWE-653: Improper Isolation or Compartmentalization Project: Struts Django subsystem: authentication Severity: Scope - Unchanged Discovered Externally CWE-345: Insufficient Verification of Data Authenticity HTTPD subsystem: core CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) Struts subsystem: interceptor Chromium subsystem: appcache CWE-287: Improper Authentication CWE-825: Expired Pointer Dereference Lesson: You Ain't Gonna Need It Severity: Availability Impact - High CWE-641: Improper Restriction of Names for Files and Other Resources CWE-16: Configuration Severity: Privileges Required - None Chromium subsystem: content Sandbox Chromium subsystem: tab_contents CWE-310: Cryptographic Issues CWE-680: Integer Overflow to Buffer Overflow Chromium subsystem: internals CWE-255: Credentials Management Errors CWE-200: Exposure of Sensitive Information to an Unauthorized Actor Severity: Confidentiality Impact - Low Severity: Availability Impact - Complete CWE-791: Incomplete Filtering of Special Elements CWE-250: Execution with Unnecessary Privileges Lifetime: Less than 30 days FFmpeg subsystem: avformat Django subsystem: views Fix: Small CWE-185: Incorrect Regular Expression Chromium subsystem: blink Chromium subsystem: websockets CWE-707: Improper Neutralization Forgotten Check HTTPD subsystem: http2 Django subsystem: middleware Severity: Attack Complexity - Low CWE-862: Missing Authorization CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') Severity: Attack Complexity - Medium Chromium subsystem: harfbuzz CWE-755: Improper Handling of Exceptional Conditions HTTPD subsystem: http Severity: Privileges Required - Low CWE-209: Generation of Error Message Containing Sensitive Information Django subsystem: http Chromium subsystem: libxml Chromium subsystem: v8 systemd subsystem: journald Severity: Availability Impact - Partial systemd subsystem: dbus CWE-1284: Improper Validation of Specified Quantity in Input Chromium subsystem: pdf Lifetime: 90 to 180 days Severity: Attack Complexity - High CWE-190: Integer Overflow or Wraparound Severity: Integrity Impact - Complete CWE-284: Improper Access Control Chromium subsystem: views Lesson: Changing Owners Linux Kernel subsystem: net CWE-682: Incorrect Calculation Lifetime: 180 days to 1 year FFmpeg subsystem: libavcodec Chromium subsystem: downloads Chromium subsystem: devtools Language: Javascript CWE-121: Stack-based Buffer Overflow Django subsystem: utils CWE-456: Missing Initialization of a Variable CWE-399: Resource Management Errors Chromium subsystem: webdata Linux Kernel subsystem: drivers CWE-863: Incorrect Authorization Chromium subsystem: common Chromium subsystem: permissions Severity: Confidentiality Impact - High Discovered Internally Chromium subsystem: renderer CWE-19: Data Processing Errors CWE-CWE-ID: Name Chromium subsystem: storage Severity: Integrity Impact - High Struts subsystem: ognl. Tomcat subsystem: authenticator Chromium subsystem: dom Language: Java CWE-129: Improper Validation of Array Index CWE-23: Relative Path Traversal FFmpeg subsystem: avcodec CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition Severity: User Interaction - None systemd subsystem: resolve systemd subsystem: polkit CWE-434: Unrestricted Upload of File with Dangerous Type CWE-269: Improper Privilege Management Chromium subsystem: svg Chromium subsystem: webkit CWE-457: Use of Uninitialized Variable Chromium subsystem: CWE-459: Incomplete Cleanup CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Struts subsystem: xwork core VCC Severity: Attack Vector - Network CWE-834: Excessive Iteration CWE-681: Incorrect Conversion between Numeric Types CWE-319: Cleartext Transmission of Sensitive Information Chromium subsystem: network CWE-617: Reachable Assertion CWE-366: Race Condition within a Thread Linux Kernel subsystem: usb CWE-488: Exposure of Data Element to Wrong Session Struts subsystem: xwork2 Chromium subsystem: skia Chromium subsystem: webcore CWE-704: Incorrect Type Conversion or Cast Lesson: Native Wrappers CWE-279: Incorrect Execution-Assigned Permissions Language: C CWE-330: Use of Insufficiently Random Values CWE-297: Improper Validation of Certificate with Host Mismatch CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Chromium subsystem: net Project: Chromium Django subsystem: sessions Discussion: Any CWE-327: Use of a Broken or Risky Cryptographic Algorithm Project: Django CWE-267: Privilege Defined With Unsafe Actions Severity: Scope - Changed CWE-201: Insertion of Sensitive Information Into Sent Data CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-346: Origin Validation Error CWE-131: Incorrect Calculation of Buffer Size CWE-254: 7PK - Security Features CWE-665: Improper Initialization CWE-184: Incomplete List of Disallowed Inputs CWE-807: Reliance on Untrusted Inputs in a Security Decision Discussion: Security CWE-311: Missing Encryption of Sensitive Data HTTPD subsystem: ssl Linux Kernel subsystem: fs CWE-264: Permissions, Privileges, and Access Controls CWE-404: Improper Resource Shutdown or Release CWE-116: Improper Encoding or Escaping of Output

Tags are sized by the number of times they have been applied. Tags with zero or one vulnerability are not shown.

What is a VCC?

A **Vulnerability-Contributing Commit** is the change to source code that is likely the origin of a vulnerability. Finding a VCC is our attempt at finding the original mistake that was made... and missed... that led to a vulnerability. Full Article

Let's Just Undo That

A revert is when a commit is reversed, indicating that developers have decided to roll back changes that were originally approved and integrated into the system. Full Article

Beware of complex inputs

Don't just think about code complexity, think about *input* complexity. Full Article

Bad things happen when integers wrap around

Loop counters, file sizes, malloc arguments, session tokens, primary keys... numbers are everywhere in our code. What happens when our numbers get very, _very_ big? Integer overflow, or wraparound, is much more dangerous than it seems. Full Article