This repository details vulnerabilities disclosed by Mandiant. These vulnerabilities were discovered by internal research, through Red Team assessments, or in use in the wild. Proof of concepts (PoCs) may or may not be provided.
The following licenses/licensing apply to this Mandiant repository:
- CC BY-SA 4.0 - For CVE related information not including source code (such as PoCs)
- MIT - For source code contained within provided CVE information
Mandiant coordinates and handles Vulnerability Disclosures in accordance with Google's Vulnerability Disclosure Policy.
Mandiant's CVE Numbering Authority (CNA) Scope: Vulnerabilities within Mandiant code, and vulnerabilities in third-party software discovered by Mandiant that are not in another CNA's scope.