Original Proof-of-Concepts for React2Shell CVE-2025-55182

Dex to Java decompiler

Statistics of acceptance rate for the top conferences: Oakland, CCS, USENIX Security, NDSS.

Coverage-guided, in-process fuzzing for Node.js

coverage guided fuzz testing for javascript

A simple pip-installable Python tool to generate your own HTML citation world map from your Google Scholar ID.

XSS payloads for exploiting Markdown syntax

Eclipse Theia is a cloud & desktop IDE framework implemented in TypeScript.

AI Browser

A collection of client-side libraries with HTML injection vulnerabilities and DOM clobbering gadgets.

TheHulk is a dynamic analysis tool designed to detect and exploit DOM Clobbering vulnerabilities.

A python library for classify the type of the git repo based on the README.md file

A curated list of awesome resources about LLM supply chain security (including papers, security reports and CVEs)

Silent Spring: Prototype Pollution Leads to Remote Code Execution in Node.js

A markdown parser and compiler. Built for speed.

OSS-Fuzz - continuous fuzzing for open source software.

A curated list of awesome resources about Electron.js (in)security

The Markdown-based note-taking app that doesn't suck.

Collection of manifest files for 100k Chrome extensions

Visual Studio Code

A continuously updated collection of CodeLLM papers maintained by PurCL group @ Purdue

Awesome MXSS ??

A glossy Matrix collaboration client for desktop.

Files is a single-file PHP application that can be dropped into any directory, allowing browsing of files and directories inside.

Take over macOS Electron apps' TCC permissions

Inspectron: A dynamic analysis tool that uses an instrumented version of the Electron framework to audit cross-platform apps.