This repository primarily houses my collection of old and occasional new findings related to CVEs and their references. Around 99% of these discoveries stem from personal endeavors outside of my professional commitments, though there may be occasional overlap.
Whenever I come across vulnerabilities in newer software or relatively recent releases, I strive to inform the respective project owners. Many times I get no response after multiple emails.
In cases where the software is several years old or has reached its end-of-life stage, I make it a point to verify newer versions before sharing my findings. For software versions that are considerably aged or belong to end-of-life software, I simply document and store them here without further action.
verified https://github.com/advisories?query=credit%3A4rdr
reviewed and unreviewed https://github.com/advisories?query=4rdr
https://web.archive.org/web/20250404012750/https://www.getontracks.org/news/
https://github.com/cypht-org/cypht/releases/tag/v2.4.2
https://rouilj.dynamic-dns.net/~rouilj/roundup_docs/docs/acknowledgements.html
https://community.sonarsource.com/t/sonarqube-sql-injection/127390 https://web.archive.org/web/20250427011218/https://community.sonarsource.com/t/sonarqube-sql-injection/127390
CVE-2021-3860 (artifactory)
CVE-2024-41678 (glpi)
CVE-2024-40646 (vertex)
CVE-2025-47929 (dumbdrop)