Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/fluidattacks/awesome-cvelabs
A list of all awesome CVELabs
https://github.com/fluidattacks/awesome-cvelabs
List: awesome-cvelabs
awesome awesome-lists cve cvelabs list research-teams
Last synced: about 1 month ago
JSON representation
A list of all awesome CVELabs
- Host: GitHub
- URL: https://github.com/fluidattacks/awesome-cvelabs
- Owner: fluidattacks
- License: mit
- Created: 2023-08-02T19:08:23.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2024-08-22T20:53:47.000Z (4 months ago)
- Last Synced: 2024-11-12T11:02:08.637Z (about 1 month ago)
- Topics: awesome, awesome-lists, cve, cvelabs, list, research-teams
- Language: Python
- Homepage: https://github.com/fluidattacks/awesome-cvelabs
- Size: 194 KB
- Stars: 15
- Watchers: 5
- Forks: 3
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- ultimate-awesome - awesome-cvelabs - A list of all awesome CVELabs. (Other Lists / Monkey C Lists)
README
# awesome-cvelabs
A list of all awesome CVELabs
## Criteria
An awesome CVELabs is an independent team that:
* Finds vulnerabilities without profiting economically (excludes bounty programs)
* Is not a hub CNA (like [Zero Day Initiative](https://www.zerodayinitiative.com/))
* Is not a vendor CNAs (vendors that index CVEs of his own products)
* Researchers that found CVEs work on the team
## Hall of fame
* Quantity: FortiGuard
* Productivity: FortiGuard
* Activity (opposite to Inactivity, with the most recent "Last" parameter): NCC Group
* Diversity (opposite to Concentration, with the oldest "First" parameter): Synacktiv
* Oldest: Sec Consult
* Fertility: Positive Technologies
## Columns
* (A)dvisories: Total Advisories
* (Q)uantity: Total CVEs
* (M)onths: Last CVE - First CVE
* (P)roductivity: Total CVE / Months (CVE per month)
* (V)endors: Unique vendors over CVE
* (C)oncentration: Total CVE / Vendors (CVE per vendor)
* (I)nactivity: Today - Last CVE (months since last CVE)
* (R)esearchers: Unique researchers over CVE
* (F)ertility: Total CVE / Researchers
## Labs
Descendent order according to CVE column:
| # | Lab | A | Q | First | Last | M | P | V | C | I | R | F |
| --- | ------------------------------------------------------------------- | --- | --- | ------------ | ------------ | --- | --- | --- | --- | --- | --- | --- |
| 1 | [FortiGuard (Fortinet)](https://www.fortiguard.com/zeroday) | 905 | 905 | 19/09/23 | 23/03/21 | 41 | 22.0| 179 | 5.0 | 7 | - | - |
| 2 | [Source Incite](https://srcincite.io/advisories/) |1515| 854 | 15/04/16 | 23/08/30 |100 | 8.5 | 30 | 28.4| 3 | 13 | 65.6|
| 3 | [Tenable](https://www.tenable.com/security/research) |486 | 777 | 06/07/11 | 23/11/15 |208 | 3.4 | 135 | 5.3 | 0 | - | - |
| 4 | [Google Project Zero](https://bugs.chromium.org/p/project-zero/issues/list) | | 700 | 14/03/11 | 23/06/01 |112 | 6.2 | 60 |11.6| 5 | 33 | 21.2|
| 5 | [Claroty](https://claroty.com/team82/disclosure-dashboard) | 525 | 525 | 18/05/06 | 23/11/07 | 63 | 8.3 | 101 | 5.1 | 0 | - | - |
| 6 | [NCC Group](https://research.nccgroup.com/category/technical-advisories/) |219 | 379 | 06/02/03 | 23/10/31 |212 | 1.6 | 80 | 4.1 | 1 | 50 | 7.0 |
| 7 | [Core Security](https://www.coresecurity.com/core-labs/advisories) | 260 | 352 | 16/05/18 | 22/02/01 | 69 | 5.1 | 90 | 3.9 | 19 | 33 | 10.6|
| 8 | [Sec Consult](https://sec-consult.com/vulnerability-lab/) |15 | 274 | 03/02/28 | 23/10/05 |247 | 1.1 | 84 | 3.3 | 1 | - | - |
| 9 | [Fluid Attacks](https://fluidattacks.com/advisories/) | 155 | 260 | 20/12/15 | 24/01/03 | 35 | 7.0 | 82 | 3.8 | 0 | 10 | 27.4|
| 10 | [Positive Technologies](https://www.ptsecurity.com/ww-en/analytics/threatscape/) |471 | 256 | 09/03/04 | 22/12/03 | 137 | 1.5 | 133 | 1.8 | 20 | 1 | 249.0|
| 11 | [Trustwave - SpiderLabs](https://www.trustwave.com/en-us/resources/security-resources/security-advisories/) |195 | 225 | 09/05/19 | 23/11/07 |125 | 1.2 | 120 | 1.7 | 0 | 60 | 3.5 |
| 12 | [Withsecure](https://labs.withsecure.com/advisories/) | 211 | 170 | 06/11/28 | 23/10/26 |202 | 0.8 | 73 | 1.7 | 1 | - | - |
| 13 | [Flashback](https://www.flashback.sh/) | | 165 | 13/08/01 | 23/06/23 |107 | 1.5 | 30 | 5.5 | 5 | 2 | 82.5|
| 14 | [Bishopfox](https://bishopfox.com/blog/advisories) | 72 | 159 | 05/12/07 | 23/07/20 |211 | 0.7 | 44 | 3.4 | 4 | 42 | 3.5 |
| 15 | [Mandiant](https://github.com/mandiant/Vulnerability-Disclosures) | 114 | 134 | 19/09/20 | 23/11/03 | 72 | 1.8 | 26 | 4.4 | 0 | 27 | 4.2 |
| 16 | [Synacktiv](https://www.synacktiv.com/en/advisories) |419 | 130 | 10/04/27 | 23/10/31 |163 | 0.6 | 52 | 2.9 | 1 | 42 | 3.6 |
| 17 | [Qualys](https://www.qualys.com/research/security-advisories/) | 68 | 128 | 12/05/04 | 23/10/03 |138 | 0.8 | 41 | 2.8 | 1 | - | - |
| 18 | [CyberArk](https://labs.cyberark.com/cyberark-labs-security-advisories/) | 12 | 124 | 18/11/07 | 22/10/02 | 47 | 2.6 | 55 | 2.2 | 12 | 22 | 5.6 |
| 19 | [JFrog](https://research.jfrog.com/) | 117 | 117 | 19/02/05 | 23/11/14 | 55 | 2.1 | 56 | 2.0 | 0 | 7 | 16.2|
| 20 | [Starlabs](https://starlabs.sg/advisories) |126 | 110 | 18/11/27 | 23/11/01 | 56 | 1.9 | 24 | 4.4 | 0 | 13 | 8.1 |
| 21 | [Nozomi Networks](https://www.nozominetworks.com/vulnerability-advisories) | 201 | 100 | 22/05/17 | 23/10/30 | 77 | 1.2 | 8 | 5.6 | 1 | - | - |
| 22 | [Ioactive](https://ioactive.com/resources/disclosures/) |68 | 80 | 07/03/26 | 21/07/08 |172 | 0.4 | 46 | 1.7 | 30 | 45 | 1.7 |
| 23 | [Integrity Labs](https://labs.integrity.pt/advisories/) |66 | 62 | 13/07/09 | 23/10/23 |123 | 0.4 | 30 | 2.3 | 1 | 18 | 4.0 |
| 24 | [SentinelOne](https://www.sentinelone.com/labs/our-cves/) | 114 | 57 | 16/03/24 | 22/05/05 | 74 | 0.7 | 25 | 2.2 | 19 | 5 | 11.4|
| 25 | [Sonarsource](https://www.sonarsource.com/blog/tag/security/) | 57 | 43 | 21/04/26 | 23/10/17 | 30 | 1.7 | 23 | 1.8 | 1 | 9 | 4.7 |
| 26 | [Orange Cyberdefense](https://github.com/Orange-Cyberdefense/CVE-repository) | 43 | 43 | 19/07/28 | 23/11/06 | 63 | 0.6 | 26 | 1.5 | 0 | 18 | 2.1 |
| 27 | [Secpod](https://www.secpod.com/blog/category/security-research/) | 54 | 41 | 10/08/05 | 15/06/18 | 59 | 0.7 | 35 | 1.1 | 97 | 8 | 5.1 |
| 28 | [Safe Breach](https://www.safebreach.com/cve-discoveries/) | 13 | 39 | 19/06/19 | 23/04/21 | 45 | 0.9 | 25 | 1.6 | 6 | - | - |
| 29 | [Census Labs](https://census-labs.com/news/category/advisories/) | 31 | 38 | 09/01/21 | 23/11/08 |167 | 0.2 | 24 | 1.5 | 0 | 15 | 2.4 |
| 30 | [Versprite](https://versprite.com/advisories/) |41 | 35 | 17/12/20 | 21/04/23 | 40 | 0.9 | 25 | 1.4 | 32 | - | - |
| 31 | [SecureWorks (Dell)](https://www.secureworks.com/research/#resource-type=Advisory) | 38 | 34 | 09/11/11 | 18/12/20 |109 | 0.3 | 21 | 1.6 | 59 | 14 | 2.4 |
| 32 | [Vulncheck](https://vulncheck.com/advisories) | 29 | 29 | 22/10/14 | 2023/10/10 |12 | 2.4 | 16 | 1.3 | 1 | - | - |
| 33 | [Horizon3.ai](https://www.horizon3.ai/red-team-blog/#disclosures) | 10 | 27 | 21/01/05 | 23/02/14 | 25 | 1.0 | 8 | 3.3 | 8 | 5 | 5.4 |
| 34 | [Portcullis Labs](https://labs.portcullis.co.uk/advisories/) | 25 | 25 | 17/07/19 | 19/10/30 | 28 | 1.2 | 10 | 2.5 | 48 | - | - |
| 35 | [Patchstack](https://patchstack.com/category/security-advisories/) |18 | 20 | 23/01/24 | 23/11/15 | 10 | 4.3 | 42 | 0.8 | 9 | - | - |
| 36 | [Assetnote](https://www.assetnote.io/resources/research) | 16 | 20 | 21/11/02 | 23/10/04 |23 | 0.7 | 14 | 1.0 | 1 | 2 | 7.5 |
| 37 | [Cipher Labs](https://labs.cipher.com/projects/vulnerability-research/index.html) | 24 | 19 | 11/11/22 | 2019/02/20 | 81 | 0.2 | 18 | 1.3 | 57 | 1 | 24.0|
| 38 | [Nettitude](https://labs.nettitude.com/category/blog/advisories/) | 12 | 17 | 17/11/28 | 23/01/04 |61 | 0.2 | 11 | 1.1 | 9 | 8 | 1.6 |
| 39 | [WatchTowr Labs](https://labs.watchtowr.com/) | 14 | 14 | 22/07/01 | 23/06/13 |11 | 1.3 | 10 | 1.4 | 5 | 4 | 3.5 |
| 40 | [Yoroi](https://yoroi.company/research/) | 7 | 12 | 22/11/02 | 23/04/24 | 14 | 0.8 | 3 | 4.0 | 6 | 2 | 6.0 |
| 41 | [Synopsys](https://www.synopsys.com/blogs/software-security/tag/cybersecurity-research-center/) | 23 | 6 | 23/01/31 | 23/08/15 | 8 | 0.9 | 5 | 1.2 | 9 | 6 | 1.0 |
| 42 | [Oxeye](https://www.oxeye.io/resources-category/research) | 5 | 6 | 22/07/28 | 23/08/22 | 13 | 0.7 | 4 | 1.5 | 3 | 2 | 3.0 |
| 43 | [SSD Labs](https://ssd-disclosure.com/advisories/) | 5 | 5 | 22/07/27 | 23/04/03 | 9 | 0.3 | 3 | 1.6 | 6 | 2 | 2.5 |
| 44 | [Viettel Cyber Security](https://blog.viettelcybersecurity.com/tag/researches/) | 4 | 4 | 22/03/23 | 23/06/16 | 15 | 0.3 | 4 | 1.0 | 5 | 7 | 0.5 |
| 45 | [Wiz](https://www.wiz.io/blog/tag/research) | 2 | 4 | 21/09/14 | 23/07/27 | 1 | 2.0 | 2 | 2.0 | 4 | 2 | 2.0 |
| 46 | [Securitum](https://research.securitum.com/) | 2 | 2 | 16/06/14 | 20/02/12 | 44 | 0.1 | 2 | 1.0 | 42 | 1 | 2.0 |
| 47 | [Legit Security](https://www.legitsecurity.com/) | 1 | 1 | 23/02/14 | 23/02/14 | 1 | 1.0 | 1 | 1.0 | 8 | 1 | 1.0 |
* (-) Not applicable: Poorly structured researcher records
* ( ) Blank space: Researcher pending or not available at the moment
## Discarded
* https://www.3ds.com/vulnerability/advisories: Credits to researchers outside of the organization / NOT_A_LAB_IS_AN_INDEX
* https://www.trellix.com/: The data is not structured correctly / UNSTRUCTURED_DATA