{"id":29037957,"url":"https://github.com/0xvpr/vpr-labs","last_synced_at":"2025-06-26T13:06:32.172Z","repository":{"id":301079184,"uuid":"1008078163","full_name":"0xvpr/vpr-labs","owner":"0xvpr","description":"Independent Software Research \u0026 Findings","archived":false,"fork":false,"pushed_at":"2025-06-25T03:33:10.000Z","size":4,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-06-25T03:38:19.678Z","etag":null,"topics":["open-source","security-research","testing","web-application"],"latest_commit_sha":null,"homepage":"https://0xvpr.io/research","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/0xvpr.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-06-25T02:00:41.000Z","updated_at":"2025-06-25T03:33:13.000Z","dependencies_parsed_at":"2025-06-25T03:38:21.997Z","dependency_job_id":"b6128bc4-3a94-4939-b292-5cd814d39857","html_url":"https://github.com/0xvpr/vpr-labs","commit_stats":null,"previous_names":["0xvpr/vpr-labs"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/0xvpr/vpr-labs","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xvpr%2Fvpr-labs","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xvpr%2Fvpr-labs/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xvpr%2Fvpr-labs/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xvpr%2Fvpr-labs/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/0xvpr","download_url":"https://codeload.github.com/0xvpr/vpr-labs/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xvpr%2Fvpr-labs/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":262072808,"owners_count":23254318,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["open-source","security-research","testing","web-application"],"created_at":"2025-06-26T13:06:31.748Z","updated_at":"2025-06-26T13:06:32.165Z","avatar_url":"https://github.com/0xvpr.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003ch1 align=\"center\" href=\"https://0xvpr.io/research/\"\u003eVPR Labs\u003c/h1\u003e\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://creativecommons.org/licenses/by-sa/4.0/\"\u003e\u003cimg src=\"https://img.shields.io/badge/License-CC_BY--SA_4.0-44CC11\"\u003e\u003c/a\u003e\n  \u003cbr\u003e\n  \u003ch3 align=\"center\"\u003eA repository dedicated to Independent security research of various hardware, software, platforms, and technologies.\u003c/h3\u003e\n  \u003cbr\u003e\n\u003c/p\u003e\n\nAll issues discovered by VPR Labs are subject to a 90-days disclosure deadline. After the deadline has passed, a report on a finding(s) is closed by the vendor without resolution, or a patch has been made available (whichever is earlier), the bug report will become visible to the public. As an exception, the timeline can be extended at the vendor’s request.\n\nThis work is licensed under the Createive Commons by ShareAlike - Attribution-ShareAlike 4.0 International License. To view a copy of this license, visit \u003ci\u003ehttps://creativecommons.org/licenses/by-sa/4.0/\u003c/i\u003e.\n\n## Vendors\n#### [IceWhale Tech](./01-IceWhale)\n| Discovered | Reported   | Vendor | Version   | Finding                | Script/PoC                         | CVSS v4 Score | CVSS v4 Metrics                                                 |\n|:----------:|:----------:|:------:|:---------:|:----------------------:|:------------------------------:|:-------------:|:---------------------------------------------------------------:|\n| 2025-04-17 | 2025-05-01 | CasaOS | \u003c= 0.4.15 | Information Disclosure | [VPR-2025-001](./01-IceWhale/VPR-2025-001) | 6.9/10        | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N |\n| 2025-04-18 | 2025-05-01 | CasaOS | \u003c= 0.4.15 | File Disclosure        | [VPR-2025-002](./01-IceWhale/VPR-2025-002) | 6.9/10        | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N |\n| 2025-04-18 | 2025-05-01 | ZimaOS | \u003c= v1.4.1 | File Disclosure        | [VPR-2025-002](./01-IceWhale/VPR-2025-002) | 6.9/10        | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N |\n| 2025-04-18 | 2025-05-01 | CasaOS | \u003c= 0.4.15 | Username Disclosure    | [VPR-2025-003](./01-IceWhale/VPR-2025-003) | 6.9/10        | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N |\n| 2025-04-18 | 2025-05-01 | CasaOS | \u003c= 0.4.15 | Privilege Escalation   | [VPR-2025-004](./01-IceWhale/VPR-2025-004) | 9.3/10        | CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H |\n| 2025-04-21 | 2025-05-01 | CasaOS | \u003c= 0.4.15 | Arbitrary File Read    | [VPR-2025-005](./01-IceWhale/VPR-2025-005) | 9.3/10        | CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H |\n| 2025-06-15 | 2025-06-15 | ZimaOS | \u003c= v1.4.1 | Privilege Escalation   | [VPR-2025-006](./01-IceWhale/VPR-2025-006) | 9.3/10        | CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H |\n| 2025-06-15 | 2025-06-15 | ZimaOS | \u003c= v1.4.1 | Arbitrary File Read    | [VPR-2025-007](./01-IceWhale/VPR-2025-007) | 9.3/10        | CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H |\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F0xvpr%2Fvpr-labs","html_url":"https://awesome.ecosyste.ms/projects/github.com%2F0xvpr%2Fvpr-labs","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F0xvpr%2Fvpr-labs/lists"}