Skip to content
View dellalibera's full-sized avatar
🎯
Focusing
🎯
Focusing
  • Switzerland

Block or report dellalibera

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Please don't include any personal information such as legal names or email addresses. Maximum 100 characters, markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
dellalibera/README.md

Hi there, I’m Alessio 👋

Summary


Blogs


CTF Challenges


Security Advisories

# Reference Vulnerability Project Language
107 GHSA-pf56-h9qf-rxq4 Stored Cross-Site Scripting (XSS) @saltcorn/server JavaScript
106 CVE-2024-47818 Path Traversal @saltcorn/server JavaScript
105 GHSA-78p3-fwcq-62c2 RCE/SQLi via Prototype Pollution @saltcorn/server JavaScript
104 GHSA-fm76-w8jw-xf8m Remote Code Execution (RCE) @saltcorn/plugins-loader JavaScript
103 GHSA-277h-px4m-62q8 Path Traversal @saltcorn/server JavaScript
102 GHSA-cfqx-f43m-vfh7 Exposure of Information Through Directory Listing @saltcorn/server JavaScript
101 CVE-2024-21526 Denial of Service (DoS) speaker JavaScript
100 CVE-2024-21525 Buffer Overflow node-twain JavaScript
99 CVE-2024-21524 Out-of-bounds Read node-stringbuilder JavaScript
98 CVE-2024-21523 Denial of Service (DoS) images JavaScript
97 CVE-2024-21522 Improper Validation of Array Index audify JavaScript
96 CVE-2024-21521 Denial of Service (DoS) @discordjs/opus JavaScript
95 CVE-2024-3817 Command Injection hashicorp/go-getter Go
94 CVE-2023-26148 CRLF Injection libhv C/C++
93 CVE-2023-26147 HTTP Response Splitting libhv C/C++
92 CVE-2023-26146 Cross-Site Scripting (XSS) libhv C/C++
91 CVE-2023-26142 HTTP Response Splitting Crow C/C++
90 CVE-2023-26138 CRLF Injection drogon C/C++
89 CVE-2023-26137 HTTP Response Splitting drogon C/C++
88 CVE-2022-25883 Regular Expression Denial of Service (ReDoS) semver JavaScript
87 CVE-2023-26131 Cross-Site Scripting (XSS) xyproto/algernon Go
86 CVE-2023-26130 CRLF Injection cpp-httplib C/C++
85 Link Cross-Site Scripting (XSS) grafana/grafana-json-datasource JavaScript
84 CVE-2023-26103 Regular Expression Denial of Service (ReDoS) deno Rust
83 CVE-2023-0040 CRLF Injection async-http-client Swift
82 CVE-2022-3918 CRLF Injection apple/swift-corelibs-foundation Swift
81 CVE-2022-3215 HTTP Response Splitting apple/swift-nio Swift
80 CVE-2022-24065 Command Injection cookiecutter Python
79 CVE-2022-26945 Command Injection hashicorp/go-getter Go
78 CVE-2022-25878 Prototype Pollution protobufjs JavaScript
77 CVE-2022-25865 Command Injection workspace-tools JavaScript
76 CVE-2022-21190 Prototype Pollution convict JavaScript
75 CVE-2022-29184 Remote Code Execution (RCE) gocd Java
74 CVE-2022-21189 Prototype Pollution dexie JavaScript
73 CVE-2022-25303 Cross-Site Scripting (XSS) whoogle-search Python
72 CVE-2022-25866 Command Injection czproject/git-php PHP
71 CVE-2022-25648 Command Injection git Ruby
70 CVE-2022-25766 Remote Code Execution (RCE) ungit JavaScript
69 CVE-2022-24440 Command Injection cocoapods-downloader Ruby
68 CVE-2022-24433 Command Injection simple-git JavaScript
67 CVE-2022-23915 Remote Code Execution (RCE) Weblate Python
66 CVE-2022-21803 Prototype Pollution nconf JavaScript
65 CVE-2022-21235 Command Injection Masterminds/vcs Go
64 CVE-2022-21223 Command Injection cocoapods-downloader Ruby
63 CVE-2022-21187 Command Injection libvcs Python
62 Link Remote Code Execution (RCE) mozilla/pontoon Python
61 CVE-2021-23820 Prototype Pollution json-pointer JavaScript
60 CVE-2021-23807 Prototype Pollution jsonpointer JavaScript
59 CVE-2021-23784 Cross-Site Scripting (XSS) tempura JavaScript
58 CVE-2021-23682 Prototype Pollution litespeed.js JavaScript
58 CVE-2021-23682 Prototype Pollution appwrite/server-ce JavaScript
57 CVE-2021-23624 Prototype Pollution dotty JavaScript
56 CVE-2021-23597 Denial of Service (DoS) fastify-multipart JavaScript
55 CVE-2021-23509 Prototype Pollution json-ptr JavaScript
54 CVE-2021-23472 Cross-Site Scripting (XSS) bootstrap-table JavaScript
53 CVE-2021-23447 Cross-Site Scripting (XSS) teddy JavaScript
52 CVE-2021-23445 Cross-Site Scripting (XSS) datatables.net JavaScript
51 CVE-2021-23444 Prototype Pollution jointjs JavaScript
50 CVE-2021-23443 Cross-Site Scripting (XSS) edge.js JavaScript
49 CVE-2021-23440 Prototype Pollution set-value JavaScript
48 CVE-2021-23438 Prototype Pollution mpath JavaScript
47 CVE-2021-23436 Prototype Pollution immer JavaScript
46 CVE-2021-23434 Prototype Pollution object-path JavaScript
45 CVE-2021-23390 Arbitrary Code Execution total4 JavaScript
44 CVE-2021-23389 Arbitrary Code Execution total.js JavaScript
43 CVE-2021-23358 Arbitrary Code Execution underscore JavaScript
42 CVE-2021-23352 Command Injection madge JavaScript
41 CVE-2021-23335 LDAP Injection is-user-valid JavaScript
40 CVE-2020-8186 Command Injection devcert JavaScript
39 CVE-2020-7792 Prototype Pollution mout JavaScript
38 CVE-2020-7789 Command Injection node-notifier JavaScript
37 CVE-2020-7777 Arbitrary Code Execution jsen JavaScript
36 CVE-2020-7772 Prototype Pollution doc-path JavaScript
35 CVE-2020-7770 Prototype Pollution json8 JavaScript
34 CVE-2020-7766 Prototype Pollution json-ptr JavaScript
33 CVE-2020-7746 Prototype Pollution chart.js JavaScript
32 CVE-2020-7743 Prototype Pollution mathjs JavaScript
31 CVE-2020-7742 Prototype Pollution simpl-schema JavaScript
30 CVE-2020-28499 Prototype Pollution merge JavaScript
29 CVE-2020-28495 Prototype Pollution total.js JavaScript
28 CVE-2020-28494 Command Injection total.js JavaScript
27 CVE-2020-28480 Prototype Pollution jointjs JavaScript
26 CVE-2020-28478 Prototype Pollution gsap JavaScript
25 CVE-2020-28477 Prototype Pollution immer JavaScript
24 CVE-2020-28464 Arbitrary Code Execution djv JavaScript
23 CVE-2020-28458 Prototype Pollution datatables.net JavaScript
22 CVE-2020-28442 Prototype Pollution js-data JavaScript
21 Snyk Advisory Prototype Pollution style-dictionary JavaScript
20 Snyk Advisory Prototype Pollution highcharts JavaScript
19 Snyk Advisory Prototype Pollution jiff JavaScript
18 Snyk Advisory Prototype Pollution i18next JavaScript
17 Snyk Advisory Unsafe Deserialization props JavaScript
16 HackerOne Report Prototype Pollution @firebase/util JavaScript
15 HackerOne Report LDAP Injection meemo-app JavaScript
14 HackerOne Report LDAP Injection cloudron-surfer JavaScript
13 HackerOne Report Command Injection wireguard-wrapper JavaScript
12 HackerOne Report Prototype Pollution plain-object-merge JavaScript
11 HackerOne Report Prototype Pollution extend-merge JavaScript
10 HackerOne Report Command Injection gfc JavaScript
9 HackerOne Report Command Injection diskstats JavaScript
8 HackerOne Report Prototype Pollution objtools JavaScript
7 HackerOne Report Prototype Pollution keyd JavaScript
6 HackerOne Report Cross-Site Scripting (XSS) flsaba JavaScript
5 HackerOne Report Command Injection extra-asciinema JavaScript
4 HackerOne Report Command Injection vboxmanage.js JavaScript
3 HackerOne Report Command Injection extra-ffmpeg JavaScript
2 HackerOne Report Prototype Pollution object-path-set JavaScript
1 HackerOne Report Command Injection xps JavaScript

Public Acknowledgements


Academic Papers

  • Are mHealth Apps Secure? A Case Study. Chiara Braghin, Stelvio Cimato, and Alessio Della Libera. In: 2018 IEEE 42nd Annual Computer Software and Applications Conference, COMPSAC 2018, Tokyo, Japan, 23-27 July 2018, Volume 2. pp. 335-340. doi: 10.1109/COMPSAC.2018.10253

Popular repositories Loading

  1. td-gammon td-gammon Public

    TD-Gammon implementation

    Python 44 13

  2. gym-backgammon gym-backgammon Public

    Backgammon OpenAI Gym

    Python 43 14

  3. titlextractor titlextractor Public

    Extract <title> tag from HTML page

    Go 6 4

  4. thymio-cnn thymio-cnn Public

    Real robot place recognition using Convolutional Neural Network (CNN) and ROS

    Python 1 1

  5. dellalibera.github.io dellalibera.github.io Public

    Personal Blog

    HTML 1

  6. ctf-writeups ctf-writeups Public

    Collection of personal CTF challenges write-ups

    1