The Android Security Team would like to thank the following people and parties for helping to improve Android security. They have done this either by finding and responsibly reporting security vulnerabilities through the AOSP bug tracker Security bug report template or by committing code that has a positive impact on Android security, including code that qualifies for the Patch Rewards program.
December
| Researchers | CVEs |
|---|---|
| Marc Newlin (https://twitter.com/marcnewlin) of (SkySafe) | CVE-2023-45866 |
| Alex Li of Google | CVE-2023-48407 |
| Aman Pandey of bugsmirror | CVE-2023-40079 |
| Andr. Ess | CVE-2023-21267 |
| Atneya Nair of Google | CVE-2023-40096 |
| Benoît Sevens of Google's Threat Analysis Group and Jann Horn of Google Project Zero | CVE-2023-33107 |
| CheolJun Park of KAIST SysSec Lab, Marc Egli (@Spittfires_) of EPFL & KAIST SysSec Lab | CVE-2023-37366 |
| Diego Zavala of Google | CVE-2023-40076 |
| Gengjia Chen ( @chengjia4574 ) from IceSword Lab | CVE-2022-48456, CVE-2022-48461 |
| Guile Chao using MTE | CVE-2023-48420 |
| Jann Horn of Google Project Zero | CVE-2023-4272 |
| Jeong Wook (Matt) Oh of Google | CVE-2023-40078, CVE-2023-40087, CVE-2023-40090, CVE-2023-48402 |
| Joel Voss of Google | CVE-2023-48406 |
| Lewei Qu(曲乐炜) | CVE-2022-48454, CVE-2022-48455, CVE-2022-48457, CVE-2022-48458, CVE-2022-48459 |
| lovepink | CVE-2023-22383, CVE-2023-48412 |
| luckyrb | CVE-2023-33063 |
| Marcel Busch (@0ddc0de) and Philipp Mao of EPFL | CVE-2023-32848 |
| Matthew Daley | CVE-2023-40094 |
| Michał Bednarski (michalbednarski) | CVE-2023-45777 |
| Mitch Phillips using GWP-ASan | CVE-2023-40103 |
| Pierre-Clément Tosi of Google | CVE-2023-40082 |
| Sithi | CVE-2023-40075 |
| Suhyung Park of Google | CVE-2023-40089 |
| Syzbot | CVE-2023-48414 |
| Tom Hebb from Meta Red Team X | CVE-2023-45779 |
| Xianfeng Lu(卢先锋) and Lei Ai(艾磊) of OPPO Amber Security Lab | CVE-2023-45781 |
| Xianfeng Lu(卢先锋) and Yu Qin(秦彧) of OPPO Amber Security Lab | CVE-2023-40083 |
| Xiling Gong of Google | CVE-2023-48409 |
| Xin Zhao of Google | CVE-2023-48421 |
| Xingyu Jin | CVE-2023-21162, CVE-2023-21163, CVE-2023-21164, CVE-2023-21166, CVE-2023-21215, CVE-2023-21216, CVE-2023-21217, CVE-2023-21218, CVE-2023-21227, CVE-2023-21228, CVE-2023-21263, CVE-2023-21401, CVE-2023-21402, CVE-2023-21403, CVE-2023-35690 |
| Yuxiu Zhang (张玉秀) from MultiMedia Engineering Dept. of MediaTek (Beijing) Inc. | CVE-2023-40077 |
| Zhongquan Li @ ADLab of VenusTech and XiLong Zhang (@Resery4) of Xiaomi | CVE-2023-32818 |
| Zinuo Han (https://twitter.com/ele7enxxh) of OPPO Amber Security Lab | CVE-2023-21634, CVE-2023-40080, CVE-2023-45773 |
| Zinuo Han(https://twitter.com/ele7enxxh) of OPPO Amber Security Lab | CVE-2023-32847, CVE-2023-32850, CVE-2023-32851 |
| 开元米粉实力代购 | CVE-2023-35668, CVE-2023-40092, CVE-2023-40095 |
November
| Researchers | CVEs |
|---|---|
| Marcel Busch (@0ddc0de) and Philipp Mao of EPFL | CVE-2023-32834, CVE-2023-32835 |
| Matthew Daley | CVE-2023-40105 |
| Miguel Aranda | CVE-2023-40104 |
| Pawan Wagh | CVE-2023-40115 |
| Seth Jenkins @ Google Project Zero | CVE-2023-32832 |
| Sithi | CVE-2023-21103, CVE-2023-21111 |
| Stephan Zeisberg (@stze) ofSecurity Research Labs | CVE-2023-40112 |
| Zinuo Han(https://twitter.com/ele7enxxh) of OPPO Amber Security Lab | CVE-2023-28570 |
| 开元米粉实力代购 | CVE-2023-40109 |
2023
Note: Starting in 2018 and continuing in 2023, the security acknowledgements are listed by month. In prior years, acknowledgements were listed together.
October
| Researchers | CVEs |
|---|---|
| @agnostic-apollo | CVE-2023-21309, CVE-2023-40101 |
| Alena Skliarova | CVE-2023-21252, CVE-2023-21348, CVE-2023-21350 |
| Alexander Yukhanov of Google | CVE-2021-39810 |
| Aman Pandey of bugsmirror | CVE-2022-20264, CVE-2022-20531, CVE-2023-21293, CVE-2023-21294, CVE-2023-21295, CVE-2023-21296, CVE-2023-21298, CVE-2023-21299, CVE-2023-21300, CVE-2023-21301, CVE-2023-21303, CVE-2023-21304, CVE-2023-21305, CVE-2023-21306, CVE-2023-21316, CVE-2023-21317, CVE-2023-21318, CVE-2023-21319, CVE-2023-21320, CVE-2023-21321, CVE-2023-21324, CVE-2023-21327, CVE-2023-21328, CVE-2023-21329, CVE-2023-21331, CVE-2023-21332, CVE-2023-21333, CVE-2023-21334, CVE-2023-21335, CVE-2023-21336, CVE-2023-21337, CVE-2023-21338, CVE-2023-21344, CVE-2023-21345, CVE-2023-21346, CVE-2023-21376, CVE-2023-21378, CVE-2023-21391 |
| Andrey Artemiev of Google | CVE-2023-35660 |
| Antonio Ruggia and Simone Aonzo | CVE-2023-21377 |
| Apple Security Engineering and Architecture (SEAR) and The Citizen Lab at The University of Torontoʼs Munk School | CVE-2023-4863 |
| Azhara Assanova of Google | CVE-2023-21341 |
| Bram Bonné of Google | CVE-2023-21297 |
| Bubb1e | CVE-2023-21253 |
| David Chiang | CVE-2023-3781 |
| Dileep Peethani of Google | CVE-2023-35655 |
| Eric Wei and Elijah Bowman of Accenture | CVE-2023-40117 |
| H3C GuanYu Team ZhongQing Jiang, WenMing Jiang | CVE-2023-21372 |
| Florian Draschbacher, Secure Information Technology Center Austria (A-SIT) and Institute for Applied Information Processing and Communications (IAIK), Graz University of Technology | CVE-2023-21387 |
| Gulshan Singh of Google | CVE-2023-21310, CVE-2023-21380 |
| Ha Lo | CVE-2023-40120 |
| Honor Cyber Security Lab(HCSL) | CVE-2023-21358 |
| hsia.angsh | CVE-2023-21325, CVE-2023-21330 |
| Jeong Wook Oh of Google | CVE-2023-40129 |
| Jeong Wook Oh of Google | CVE-2023-35681 |
| Jiachen Shao of Xiaomi ShadowBlade Security Lab | CVE-2023-40127 |
| Jianliang Wu of PurSec Lab at Purdue University | CVE-2023-21307 |
| JunjiSu (CoinIsMoney) | CVE-2023-21362 |
| Lei Ai(艾磊) and Xianfeng Lu(卢先锋) of OPPO Amber Security Lab | CVE-2023-21347, CVE-2023-21395 |
| Lewei Qu (曲乐炜) | CVE-2023-40638 |
| Lucian and Johnson of OPPO Amber Security Lab | CVE-2023-21326 |
| Lucian of OPPO Amber Security Lab | CVE-2023-21266 |
| Lucian of OPPO Amber Security Lab | CVE-2023-21302, CVE-2023-21349, CVE-2023-21354, CVE-2023-21369 |
| Miao Hu and Yufei Liu of KeenLab (@keen_lab), Tencent | CVE-2023-21340 |
| Michał Bednarski (michalbednarski) | CVE-2023-21398 |
| Mohammed Anwarullah of Google | CVE-2023-21381 |
| Nevv and SunQing | CVE-2023-20819 |
| Maddie Stone of Google's Threat Analysis Group and Jann Horn of Google Project Zero | CVE-2023-4211 |
| QQQ and Huinian Yang (@vmth6) of OPPO Amber Security Lab | CVE-2023-40141 |
| Rafał Prymus of Ergonode | CVE-2023-21313 |
| Ronak | CVE-2023-35653 |
| Sergey Toshin (@bagipro) from Oversecured Inc. (https://blog.oversecured.com/Discovering-vendor-specific-vulnerabilities-in-Android/) | CVE-2023-21383 |
| Seth Jenkins of Google Project Zero | CVE-2023-35645 |
| SHIHAB P M | CVE-2023-40142 |
| Sithi | CVE-2023-40125 |
| Vladyslav Kotko | CVE-2023-21382 |
| WeiMin Cheng (@Qi-AnXin) of Tiangong Lab | CVE-2023-40116 |
| wrlu | CVE-2023-40130 |
| Xianfeng Lu (卢先锋) and Lei Ai (艾磊) of OPPO Amber Security Lab | CVE-2023-21315, CVE-2023-21359 |
| Xianfeng Lu (卢先锋) and Yu Qin (秦彧) of OPPO Amber Security Lab | CVE-2023-21357 |
| XiLong Zhang (@Resery4) of Xiaomi | CVE-2023-32819 |
| Xuan Xing (Android Security Assurance Red Team) | CVE-2023-21356, CVE-2023-21366, CVE-2023-21367 |
| Yifei Xie | CVE-2023-32820 |
| Yu-Cheng Lin (林禹成) (@AndroBugs) | CVE-2023-21373, CVE-2023-21388, CVE-2023-21390, CVE-2023-21393 |
| Zinuo Han (https://twitter.com/ele7enxxh) of OPPO Amber Security Lab | CVE-2022-40524, CVE-2023-21636, CVE-2023-21360, CVE-2023-21644, CVE-2023-21654, CVE-2023-21655, CVE-2023-21663 |
| 余尘炬 | CVE-2023-21339 |
| 开元米粉实力代购 | CVE-2023-40123 |
| 开元米粉实力代购 | CVE-2023-21312 |
September
| Researchers | CVEs |
|---|---|
| Zinuo Han (https://twitter.com/ele7enxxh) of OPPO Amber Security Lab | CVE-2023-21308, CVE-2023-21371, CVE-2023-21370, CVE-2023-35664 |
| Tiziano Marra | CVE-2023-35671 |
| hluwa of iJiami Technology Co. Ltd | CVE-2023-35676 |
| Hongjian Cao of Ant Security Frontage Lab | CVE-2023-33019, CVE-2023-28584 |
| Hui Peng of Google | CVE-2023-35684 |
| Jeong Wook Oh of Google | CVE-2023-35673 |
| Joshua Steiner | CVE-2023-35677 |
| Peter Park (peterpark) | CVE-2023-28573 |
| Sithi | CVE-2023-35665, CVE-2023-35680 |
| Xuan Xing (Android Security Assurance Red Team) | CVE-2023-35658 |
August
| Researchers | CVEs |
|---|---|
| Alexander Yukhanov of Google | CVE-2023-35689 |
| Andr. Ess | CVE-2023-21267 |
| Bob Beck of Google | CVE-2023-21242 |
| Christopher Menon (https://www.linkedin.com/in/christopher-menon/) | CVE-2023-21235 |
| Edward Cunningham of Google | CVE-2023-21278 |
| Hai Zhang of Google | CVE-2023-21270 |
| Ka Lok Wu and Sze Yiu Chau of The Chinese University of Hong Kong | CVE-2023-20965 |
| lovepink | CVE-2023-21276 |
| Matías Hernández of Google. | CVE-2023-21277 |
| Sergey Toshin (@bagipro) from Oversecured Inc. (https://oversecured.com/) (https://blog.oversecured.com/Discovering-vendor-specific-vulnerabilities-in-Android/) | CVE-2023-21292 |
| Shreya Singh of Google | CVE-2023-21275 |
| WeiMin Cheng@Qi-AnXin Tiangong Lab | CVE-2023-21269 |
| Will Deacon of Google | CVE-2023-21264 |
| Wu Chen(陈武) of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. | CVE-2023-21282 |
| XiLong Zhang(@Resery4) of Xiaomi security technology group | CVE-2023-20780 |
| Xuan Xing (Android Security Assurance Red Team) | CVE-2023-21273 |
| Yifei Zhang of Google | CVE-2023-21232 |
| Yu-Cheng Lin (林禹成) (@AndroBugs) | CVE-2023-21230, CVE-2023-21231, CVE-2023-21234, CVE-2023-21281 |
| Zinuo Han (https://twitter.com/ele7enxxh) of OPPO Amber Security Lab | CVE-2023-21627 |
| Zinuo Han (https://twitter.com/ele7enxxh) of OPPO Amber Security Lab | CVE-2023-21271, CVE-2023-21274 |
| Zinuo Han(https://twitter.com/ele7enxxh) of OPPO Amber Security Lab | CVE-2023-21647, CVE-2023-21649, CVE-2023-21650, CVE-2023-28555 |
| 开元米粉实力代购 | CVE-2023-21280 |
July
| Researchers | CVEs |
|---|---|
| Akshay Saini | CVE-2023-21262 |
| Alena Skliarova | CVE-2023-21240, CVE-2023-21243 |
| Alexander Yukhanov of Google and Aman Pandey of bugsmirror | CVE-2023-21249 |
| Bedran Karakoc | CVE-2023-21631 |
| Bo Zhang (张波) of Bytedance Wuheng Lab | CVE-2023-20918 |
| Bob Zamani of Google | CVE-2023-20942 |
| Christopher Menon | CVE-2023-21235 |
| Evan Severson of Google | CVE-2023-21254 |
| Guangshuai Xia | CVE-2023-21624 |
| heidada | CVE-2023-24851 |
| Jon Rhodes | CVE-2023-21257 |
| Leon Scroggins of Google | CVE-2023-2136 |
| Sergei Volokitin | CVE-2023-20754 |
| Sithi | CVE-2023-21087 |
| Stefan Toman of Google | CVE-2023-21245 |
| Xianfeng Lu(卢先锋) and Lei Ai(艾磊) of OPPO Amber Security Lab | CVE-2023-21641 |
| XiLong Zhang (张熙隆) of Xiaomi security technology group | CVE-2023-20755 |
| Yu-Cheng Lin (林禹成) (@AndroBugs) | CVE-2023-21230, CVE-2023-21231, CVE-2023-21234 |
| Zinuo Han (ele7enxxh) | CVE-2023-21638 |
| Zinuo Han(https://twitter.com/ele7enxxh) of OPPO Amber Security Lab | CVE-2023-21241, CVE-2023-35694 |
| Zinuo Han(weibo.com/ele7enxxh) of OPPO Amber Security Lab | CVE-2023-21639, CVE-2023-21640 |
June
| Researchers | CVEs |
|---|---|
| Adrian Roos of Google | CVE-2023-21177 |
| Alena Skliarova | CVE-2023-21143 |
| Alpha Lab | CVE-2023-21236 |
| Aman Pandey of bugsmirror | CVE-2023-21185, CVE-2023-21192 |
| Andrey Artemiev of Google | CVE-2023-21146, CVE-2023-21147 |
| Bedran Karakoc | CVE-2022-39901 |
| Benedict Wong of Google | CVE-2023-21184 |
| Binarly efiXplorer Team | CVE-2022-40516, CVE-2022-40517, CVE-2022-40520 |
| CheolJun Park @ KAIST Syssec | CVE-2022-40536 |
| CheolJun Park @ SysSec Lab, KAIST | CVE-2022-40521 |
| Conghui Wang (conghuiwang) | CVE-2023-21656, CVE-2023-21669 |
| Dileep Peethani of Google | CVE-2023-21201 |
| Edward Cunningham of Google | CVE-2023-21183 |
| Eric Biggers of Google | CVE-2023-21178 |
| Gengjia Chen ( @chengjia4574 ) from IceSword Lab | CVE-2022-33303, CVE-2022-48438 |
| Hai Shalom of Google | CVE-2023-21027, CVE-2023-21179 |
| Hao Ke (柯昊) of Google Android Malware Research | CVE-2023-21121 |
| Isaac Tackett | CVE-2023-21187 |
| Jann Horn of Google Project Zero | CVE-2023-21670 |
| Joel Voss of Google | CVE-2023-21222 |
| Julia Reynolds of Google | CVE-2023-21191 |
| Keith Mok of Google | CVE-2023-21115 |
| Kevin Sentosa of Google | CVE-2023-21219, CVE-2023-21220 |
| Kyle Cai of Google | CVE-2023-21189 |
| Lei Ai(艾磊) and Xianfeng Lu(卢先锋) of OPPO Amber Security Lab | CVE-2023-20973, CVE-2023-20977, CVE-2023-20980, CVE-2023-20982, CVE-2023-20986, CVE-2023-20990, CVE-2023-20992, CVE-2023-21196, CVE-2023-21200, CVE-2023-21202 |
| Lewei Qu(曲乐炜) | CVE-2022-48390, CVE-2022-48391, CVE-2022-48392 |
| Li Li of Google | CVE-2023-21237 |
| Mitch Phillips using GWP-ASan | CVE-2023-21152 |
| Mohammed Anwarullah of Google | CVE-2023-21031, CVE-2023-21188 |
| Pavan Chavali of Google | CVE-2023-21128, CVE-2023-21225 |
| Peter Park (peterpark) | CVE-2022-33264 |
| Pratheesh P Narayanan | CVE-2023-21144 |
| QQQ and Huinian Yang (@vmth6) of OPPO Amber Security Lab | CVE-2023-21151 |
| Ray Essick of Google | CVE-2023-21127 |
| Rui Li and Wenrui Diao, Shandong University | CVE-2023-20971 |
| Sithi | CVE-2023-21105 |
| stardesty of HSSL | CVE-2023-21108 |
| videosdebarraquito | CVE-2023-21095 |
| Wu Chen(陈武) of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. | CVE-2023-21130, CVE-2023-21194 |
| Xianfeng Lu (卢先锋) and Lei Ai (艾磊) of OPPO Amber Security Lab | CVE-2023-20972, CVE-2023-20974, CVE-2023-20981, CVE-2023-20983, CVE-2023-20987, CVE-2023-20988, CVE-2023-20989, CVE-2023-20991, CVE-2023-21174, CVE-2023-21181, CVE-2023-21197, CVE-2023-21199 |
| Xingyu Jin of Google | CVE-2021-0701, CVE-2021-0945 |
| Yu-Cheng Lin (林禹成) (@AndroBugs) | CVE-2023-21122, CVE-2023-21123, CVE-2023-21141, CVE-2023-21142, CVE-2023-21149, CVE-2023-21172, CVE-2023-21173, CVE-2023-21175 |
| Zinuo Han (https://twitter.com/ele7enxxh) of OPPO Amber Security Lab | CVE-2023-20968, CVE-2023-20979, CVE-2023-20984, CVE-2023-20985, CVE-2023-21120, CVE-2023-21148, CVE-2023-21150, CVE-2023-21153, CVE-2023-21154, CVE-2023-21155, CVE-2023-21156, CVE-2023-21157, CVE-2023-21158, CVE-2023-21159, CVE-2023-21160, CVE-2023-21161, CVE-2023-21169, CVE-2023-21170, CVE-2023-21182, CVE-2023-21195, CVE-2023-21198, CVE-2023-21203, CVE-2023-21204, CVE-2023-21205, CVE-2023-21206, CVE-2023-21207, CVE-2023-21208, CVE-2023-21209, CVE-2023-21210, CVE-2023-21211, CVE-2023-21212, CVE-2023-21213, CVE-2023-21214 |
| Zinuo Han(weibo.com/ele7enxxh) of OPPO Amber Security Lab | CVE-2022-33224, CVE-2022-33226, CVE-2022-33227, CVE-2022-33230, CVE-2022-33240, CVE-2022-33263, CVE-2023-21101 |
| 开元米粉实力代购 | CVE-2023-21126, CVE-2023-21131, CVE-2023-21138, CVE-2023-21139 |
May
| Researchers | CVEs |
|---|---|
| Ahmed Ezzat (BitTheByte) | CVE-2022-20338 |
| Ard Biesheuvel of Google | CVE-2023-21102 |
| Bernardo Rufino | CVE-2022-20444 |
| bugreporterca@gmail.com | CVE-2022-46396 |
| Dimitrios Valsamarasof Microsoft | CVE-2021-39617 |
| Gengjia Chen ( @chengjia4574 ) from IceSword Lab | CVE-2022-47469, CVE-2022-47470, CVE-2022-47486, CVE-2022-47488 |
| Jann Horn of Google Project Zero | CVE-2023-21665, CVE-2023-21666 |
| Jun Cen (nuaacenjun@126.com) | CVE-2022-33281 |
| Lewei Qu(曲乐炜) | CVE-2022-47487 |
| Michał Bednarski (michalbednarski) | CVE-2023-21104 |
| Mugdha Lakhani of Google | CVE-2023-21117 |
| Ryan Hall and Nik Tsytsarkin from Meta's Red Team X | CVE-2023-20694, CVE-2023-20695, CVE-2023-20696 |
| Ryan Johnson and Mohamed Elsabagh of Quokka | CVE-2023-20726 |
| Sithi | CVE-2023-20930, CVE-2023-21103, CVE-2023-21107, CVE-2023-21111 |
| Xingyu Jin of Google | CVE-2021-0877 |
| Zinuo Han(https://twitter.com/ele7enxxh) of OPPO Amber Security Lab | CVE-2023-21112 |
| Zinuo Han(weibo.com/ele7enxxh) of OPPO Amber Security Lab | CVE-2023-26085 |
April
| Researchers | CVEs |
|---|---|
| Aman Pandey of bugsmirror | CVE-2023-21083 |
| Chavi Weingarten of Google | CVE-2023-21094 |
| Lewei Qu(曲乐炜) | CVE-2022-47335, CVE-2022-47336, CVE-2022-47337, CVE-2022-47338 |
| Lucian of OPPO Amber Security Lab | CVE-2023-20655 |
| Michał Bednarski (michalbednarski) | CVE-2023-21092, CVE-2023-21098 |
| Mitch Phillips using GWP-ASan | CVE-2023-21096 |
| Sergei Volokitin | CVE-2022-32599 |
| Shikha Panwar of Google | CVE-2023-21084 |
| Sithi | CVE-2023-21082, CVE-2023-21087, CVE-2023-21091 |
| Szymon Heidrich | CVE-2023-20941 |
| Wu Chen of OPPO Amber Security Lab | CVE-2022-40503 |
| Xianfeng Lu(卢先锋) and Yu Qin(秦彧) of OPPO Amber Security Lab | CVE-2022-20463 |
| Xingyu Jin of Google | CVE-2021-0872, CVE-2021-0873, CVE-2021-0874, CVE-2021-0875, CVE-2021-0876, CVE-2021-0878, CVE-2021-0879, CVE-2021-0880, CVE-2021-0881, CVE-2021-0882, CVE-2021-0883, CVE-2021-0884, CVE-2021-0885 |
| Yu Qin(秦彧) and Xianfeng Lu(卢先锋) of OPPO Amber Security Lab | CVE-2022-20471 |
| Zhongquan Li @ ADLab of VenusTech | CVE-2023-20652, CVE-2023-20653, CVE-2023-20654 |
| Zinuo Han (https://twitter.com/ele7enxxh) of OPPO Amber Security Lab | CVE-2023-20935, CVE-2023-20967, CVE-2023-21080, CVE-2023-21085 |
| Zinuo Han(weibo.com/ele7enxxh) of OPPO Amber Security Lab | CVE-2022-33301 |
March
| Researchers | CVEs |
|---|---|
| Abhisek R, OWASP SASTRA University lead [https://twitter.com/abh1sek_r],[https://www.linkedin.com/in/abhisek-r] | CVE-2023-21035 |
| Aman Pandey of bugsmirror | CVE-2023-21029 |
| Amit Nama from Android Real Time Stability Insights (RTSI) | CVE-2023-21000 |
| Andrey Artemiev of Google | CVE-2023-21042, CVE-2023-21043 |
| Authors: Boyuan Yang, Ruirong Chen, Kai Huang, Jun Yang, Wei Gao Affiliation: Department of Electrical and Computer Engineering, University of Pittsburgh | CVE-2022-22075 |
| Binarly efiXplorer Team | CVE-2022-40516, CVE-2022-40517, CVE-2022-40518, CVE-2022-40519, CVE-2022-40520 |
| David Guzak | CVE-2023-20995 |
| Dimitrios Valsamarasof Microsoft | CVE-2023-20906 |
| Domien Schepers | CVE-2023-21061 |
| Dominik Röttsches of Google | CVE-2023-20958 |
| Edward Cunningham of Google | CVE-2023-20917 |
| Elena Petrova of Google | CVE-2023-20954 |
| Frederick Mayle of Google | CVE-2023-21030 |
| gzobqq@gmail.com | CVE-2023-21065 |
| Hao Zhou, Xiapu Luo from the Hong Kong Polytechnique University, Haoyu Wang from the Huazhong University of Science and Technology, Haipeng Cai from the Washington State University, and Yajin Zhou from the Zhejiang University | CVE-2023-21017 |
| hhjack (hhj4ck) | CVE-2022-33260 |
| Hongli Han(@hexb1n) and Guang Gong(@oldfresher) of 360 Alpha Lab | CVE-2023-21020 |
| Isaac Manjarres of Google | CVE-2023-21045, CVE-2023-21051 |
| Jeong Wook Oh of Google | CVE-2022-42528 |
| Jérémy BRETON of @thalium_team | CVE-2023-20947 |
| Keiichi Watanabe of Google | CVE-2022-4452 |
| Le Wu (吴乐) of Baidu Security | CVE-2023-20623 |
| Le Wu(吴乐) of Baidu Security | CVE-2022-25712 |
| Lee George Thomas of Google | CVE-2023-21048 |
| Lewei Qu(曲乐炜) | CVE-2022-47460, CVE-2022-47461, CVE-2022-47462 |
| lovepink | CVE-2023-21056, CVE-2023-21069, CVE-2023-21070, CVE-2023-21071, CVE-2023-21072, CVE-2023-21073, CVE-2023-21077, CVE-2023-21078, CVE-2023-21079 |
| Michał Bednarski (michalbednarski) | CVE-2023-20964 |
| Mohammed Anwarullah of Google | CVE-2023-21018, CVE-2023-21022 |
| Nan Wu of Google | CVE-2023-20960 |
| Peter Park (peterpark) | CVE-2022-25694, CVE-2022-25705, CVE-2022-25709, CVE-2022-33213 |
| Prabir Pradhan of Google | CVE-2023-21026 |
| Sergey Toshin (@bagipro) of Oversecured Inc. | CVE-2023-20963, CVE-2023-21024 |
| SHIHAB P M | CVE-2023-20926, CVE-2023-20953 |
| Shufan Yang(杨书范) of Baidu AIoT Security Team | CVE-2023-21055 |
| Simon Aarons | CVE-2023-21036 |
| Wu Chen(陈武) of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. | CVE-2023-20951 |
| Xianfeng Lu(卢先锋) and Lei Ai(艾磊) of OPPO Amber Security Lab | CVE-2023-20987 |
| Xianfeng Lu(卢先锋) and Yu Qin(秦彧) of OPPO Amber Security Lab | CVE-2023-21034 |
| Xie Yifei | CVE-2022-47459 |
| Yifei Xie | CVE-2022-33245 |
| Yu-Cheng Lin (林禹成) (@AndroBugs) | CVE-2023-20929 |
| Zinuo Han(https://twitter.com/ele7enxxh) of OPPO Amber Security Lab | CVE-2022-20542, CVE-2022-40537, CVE-2022-42500, CVE-2023-20931, CVE-2023-20936, CVE-2023-20956, CVE-2023-20969, CVE-2023-20970, CVE-2023-20994, CVE-2023-21006, CVE-2023-21007, CVE-2023-21008, CVE-2023-21009, CVE-2023-21010, CVE-2023-21011, CVE-2023-21012, CVE-2023-21013, CVE-2023-21014, CVE-2023-21039, CVE-2023-21040, CVE-2023-21044, CVE-2023-21046, CVE-2023-21047, CVE-2023-21049, CVE-2023-21050, CVE-2023-21052, CVE-2023-21062, CVE-2023-21063, CVE-2023-21064, CVE-2023-21075, CVE-2023-21076 |
February
| Researchers | CVEs |
|---|---|
| Dmitry Myachin | CVE-2022-20551 |
| Gengjia Chen ( @chengjia4574 ) from IceSword Lab | CVE-2022-47331 |
| Hongguang Chen and Devin Moore of Google | CVE-2023-20940 |
| Isaac Manjarres of Google | CVE-2023-20949 |
| Jann Horn of Google Project Zero | CVE-2023-20937 |
| Le Wu of Baidu Security | CVE-2022-33225 |
| Lewei Qu(曲乐炜) | CVE-2022-47339 |
| Mayank Garg of Google | CVE-2023-20927 |
| Michał Bednarski (michalbednarski) | CVE-2023-20944 |
| Mohammed Anwarullah of Google | CVE-2023-20939 |
| Pengfei Ding (丁鹏飞) | CVE-2022-25711 |
| Peter Park | CVE-2022-33233 |
| Peter Park (peterpark) | CVE-2022-33248 |
| Sergej Salnikov of Google | CVE-2023-20934 |
| Shufan Yang(杨书范) of Baidu AIoT Security Team | CVE-2023-20602 |
| Sithi | CVE-2023-20932 |
| Xianfeng Lu(卢先锋) and Lei Ai(艾磊) of OPPO Amber Security Lab | CVE-2022-20481 |
| Zi Fan Tan of Google | CVE-2023-20938 |
| Zinuo Han (https://twitter.com/ele7enxxh) of OPPO Amber Security Lab | CVE-2023-20945, CVE-2023-20948 |
January
| Researchers | CVEs |
|---|---|
| Gengjia Chen ( @chengjia4574 ) from IceSword Lab | CVE-2022-22079, CVE-2022-44425, CVE-2022-44426 |
| Jann Horn of Google Project Zero | CVE-2023-20928 |
| Karan Lalwani | CVE-2023-20921 |
| Le Wu of Baidu Security | CVE-2022-25722 |
| Lewei Qu(曲乐炜) | CVE-2022-44434, CVE-2022-44435, CVE-2022-44436, CVE-2022-44437, CVE-2022-44438 |
| Michał Bednarski (michalbednarski) | CVE-2023-20904 |
| Mitch Phillips using HWASan | CVE-2023-20920 |
| Mohammed Anwarullah of Google | CVE-2023-20925 |
| Muhammad Hasan Khan of Google | CVE-2023-20919 |
| nicolas (nicolas1993) | CVE-2022-25715, CVE-2022-25717, CVE-2022-25721 |
| Sithi | CVE-2022-20494, CVE-2023-20912, CVE-2023-20913, CVE-2023-20915 |
| wrlu | CVE-2023-20923 |
| Xianfeng Lu(卢先锋) and Lei Ai(艾磊) of OPPO Amber Security Lab | CVE-2023-20905 |
| Xie Yifei | CVE-2022-44427, CVE-2022-44428, CVE-2022-44429, CVE-2022-44430, CVE-2022-44431, CVE-2022-44432 |
| Xingyu Jin of Google | CVE-2022-20235 |
| Yu-Cheng Lin (林禹成) (@AndroBugs) | CVE-2022-20213, CVE-2022-20214, CVE-2022-20215, CVE-2022-20458 |
| Zhongquan Li @ ADLab of VenusTech | CVE-2022-32637 |
| Zinuo Han(https://twitter.com/ele7enxxh) of OPPO Amber Security Lab | CVE-2022-20461, CVE-2022-32635, CVE-2022-33255 |
Additional Contributions
We would also like to acknowledge the contributions of the following individuals to Android security:
- Yu-Cheng Lin (林禹成) (@AndroBugs)
2022
Note: Starting in 2018 and continuing in 2022, the security acknowledgements are listed by month. In prior years, acknowledgements were listed together.
December
| Researchers | CVEs |
|---|---|
| Aman Pandey of bugsmirror | CVE-2022-20510, CVE-2022-20511, CVE-2022-20525, CVE-2022-20535, CVE-2022-20538 |
| Andrey Artemiev of Google | CVE-2022-20581, CVE-2022-20600 |
| Ben | CVE-2022-20543 |
| Bo Zhang (张波) of Bytedance Wuheng Lab | CVE-2021-39795 |
| David McGregor, UL | CVE-2022-20199 |
| Edward Cunningham of Google | CVE-2022-20475, CVE-2022-20512 |
| Florian Mayer of Google | CVE-2022-20523 |
| Gengjia Chen ( @chengjia4574 ) from IceSword Lab | CVE-2022-39106, CVE-2022-39129, CVE-2022-39130, CVE-2022-39131, CVE-2022-39132, CVE-2022-39133, CVE-2022-39134, CVE-2022-42755, CVE-2022-42756, CVE-2022-42770, CVE-2022-42771, CVE-2022-42772 |
| Hongli Han(@hexb1n) and Guang Gong(@oldfresher) of 360 Alpha Lab | CVE-2022-20514, CVE-2022-20540 |
| Jeong Wook Oh of Google | CVE-2022-20582, CVE-2022-20583, CVE-2022-20584, CVE-2022-20585, CVE-2022-20586, CVE-2022-20587, CVE-2022-20588, CVE-2022-20589, CVE-2022-20590, CVE-2022-20591, CVE-2022-20592, CVE-2022-20597, CVE-2022-20598, CVE-2022-20599, CVE-2022-42531, CVE-2022-42532, CVE-2022-42534 |
| Keith Mok of Google | CVE-2022-20483 |
| Kevin Kou of Google | CVE-2022-20477 |
| Lewei Qu(曲乐炜) of Baidu AIoT Security Team | CVE-2022-42754 |
| Lucian of OPPO Amber Security Lab | CVE-2022-20559 |
| Manjeet Rulhania of Google | CVE-2022-20495 |
| Matheus Eduardo Garbelini | CVE-2021-30348 |
| Michał Bednarski (michalbednarski) | CVE-2022-20474 |
| Mike McTernan of Google | CVE-2022-42543 |
| Mitch Phillips using HWASan | CVE-2022-20561 |
| Mohammed Anwarullah of Google | CVE-2022-20548 |
| Peter Park (peterpark) | CVE-2022-25682, CVE-2022-25695 |
| Phil Burk of Google | CVE-2022-20562 |
| Pratheesh P Narayanan | CVE-2022-20124 |
| RA Position at CactiLab (https://cactilab.github.io/) of University at Buffalo | CVE-2022-20520 |
| Robert Tseng | CVE-2022-20544 |
| Seonung Jang(@IFdLRx4At1WFm74) of STEALIEN | CVE-2022-25677 |
| Sergei Volokitin | CVE-2022-32594, CVE-2022-32596, CVE-2022-32597, CVE-2022-32598 |
| SHIHAB P M | CVE-2022-20611 |
| Sithi | CVE-2022-20501 |
| stardesty of HSSL | CVE-2022-20411, CVE-2022-20469 |
| Steve Thomas (@Sc00bzT) | CVE-2022-20497 |
| su4do4 | CVE-2022-20568 |
| Syed Rafiul Hussain, Abdullah Al Ishtiaq, Penn State; Imtiaz Karim, Elisa Bertino, Purdue; Omar Chowdhury, University of Iowa | CVE-2022-25685 |
| System and Software Security Lab in Fudan University | CVE-2021-0934 |
| Timur Mikhaylin | CVE-2022-20529 |
| Tomasz Kuchta | CVE-2022-20569 |
| William Escande of Google | CVE-2022-20547 |
| Xin Zhao of Google | CVE-2022-20574, CVE-2022-20575 |
| Xingyu Jin of Google | CVE-2021-39660 |
| Xuan Xing (Android Security Assurance Red Team) | CVE-2020-0465, CVE-2022-42529, CVE-2022-42530 |
| Yu-Cheng Lin (林禹成) (@AndroBugs) | CVE-2022-20504, CVE-2022-20536, CVE-2022-20558 |
| Zinuo Han(https://twitter.com/ele7enxxh) of OPPO Amber Security Lab | CVE-2022-20468, CVE-2022-20509, CVE-2022-20513, CVE-2022-20516, CVE-2022-20521, CVE-2022-20526, CVE-2022-20527, CVE-2022-20539, CVE-2022-20541, CVE-2022-20546, CVE-2022-20549, CVE-2022-20552, CVE-2022-20557, CVE-2022-20576, CVE-2022-20577, CVE-2022-20578, CVE-2022-20579, CVE-2022-20593, CVE-2022-20594, CVE-2022-20595, CVE-2022-20596, CVE-2022-42501, CVE-2022-42502, CVE-2022-42503, CVE-2022-42504, CVE-2022-42505, CVE-2022-42506, CVE-2022-42507, CVE-2022-42508, CVE-2022-42509, CVE-2022-42510, CVE-2022-42511, CVE-2022-42512, CVE-2022-42513, CVE-2022-42514, CVE-2022-42515, CVE-2022-42516, CVE-2022-42517, CVE-2022-42518, CVE-2022-42519, CVE-2022-42520, CVE-2022-42521, CVE-2022-42522, CVE-2022-42523, CVE-2022-42525, CVE-2022-42526, CVE-2022-42542 |
November
| Researchers | CVEs |
|---|---|
| Ahaan Ugale of Google | CVE-2022-20446 |
| Aman Pandey of bugsmirror | CVE-2022-20451 |
| Arash Tohidi (h4ul4) | CVE-2021-35132 |
| Edward Cunningham of Google | CVE-2022-20441 |
| Gengjia Chen ( @chengjia4574 ) from IceSword Lab | CVE-2022-2984, CVE-2022-38672, CVE-2022-38673, CVE-2022-38676, CVE-2022-38690, CVE-2022-39105 |
| gzobqq@gmail.com | CVE-2022-20427, CVE-2022-20428, CVE-2022-20454, CVE-2022-20459, CVE-2022-20460 |
| Hai Zhang of Google | CVE-2022-20450 |
| Karol Wrótniak - Droids On Roids | CVE-2022-20448 |
| Le Wu of Baidu Security | CVE-2022-25676, CVE-2022-25743 |
| Lewei Qu(曲乐炜) of Baidu AIoT Security Team | CVE-2022-2985, CVE-2022-38669, CVE-2022-38670 |
| Michał Bednarski (michalbednarski) | CVE-2022-20452 |
| Sylvester Yao (姚圣禹, blog.ysy950803.top) | CVE-2022-20414 |
| Xingyu Jin | CVE-2021-1050 |
| Xingyu Jin of Google | CVE-2021-39661 |
| Zhicheng Zeng (曾志成) of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. | CVE-2022-25679, CVE-2022-32601 |
| Zhongquan Li @ ADLab of VenusTech | CVE-2022-32602 |
| Zinuo Han(https://twitter.com/ele7enxxh) of OPPO Amber Security Lab | CVE-2022-20445, CVE-2022-20447, CVE-2022-20462, CVE-2022-2209, CVE-2022-42533 |
October
| Researchers | CVEs |
|---|---|
| Amit Nama from Android Real Time Stability Insights (RTSI) | CVE-2022-20397 |
| anonymous | CVE-2021-39758 |
| C_C | CVE-2022-20351 |
| chen gengjia | CVE-2022-33217 |
| Edward Cunningham of Google | CVE-2022-20394 |
| Gengjia Chen ( @chengjia4574 ) from IceSword Lab | CVE-2022-22078 |
| gzobqq@gmail.com | CVE-2022-20421 |
| Hao Ke (柯昊) of Google Android Malware Research | CVE-2022-20415 |
| Hongli Han (@hexb1n) and Mingjian Zhou (周明建) (@Mingjian_Zhou) ofC0RE Team | CVE-2021-39624 |
| Jiabin Huang of Google | CVE-2022-20413, CVE-2022-20464 |
| Jianliang Wu of PurSec Lab at Purdue University | CVE-2021-39673 |
| Kevin Deus of Google | CVE-2022-20416 |
| Le Wu of Baidu Security | CVE-2022-25662, CVE-2022-25687 |
| Lewei Qu(曲乐炜) of Baidu AIoT Security Team | CVE-2022-20430, CVE-2022-20431, CVE-2022-20432, CVE-2022-20433, CVE-2022-20434, CVE-2022-20435, CVE-2022-20436, CVE-2022-20437, CVE-2022-20438, CVE-2022-20439, CVE-2022-20440 |
| lovepink | CVE-2022-33214 |
| Man Yue Mo of GitHub Security Lab | CVE-2022-25664 |
| Martijn Bogaard (Riscure) | CVE-2022-20231, CVE-2022-20364 |
| Michał Bednarski (michalbednarski) | CVE-2022-20419 |
| OPTiM Corporation | CVE-2022-20420 |
| Pengfei Ding(丁鹏飞) | CVE-2022-25660, CVE-2022-25661, CVE-2022-25665 |
| QQQ and Huinian Yang (@vmth6) of OPPO Amber Security Lab | CVE-2022-20422 |
| Seonung Jang(@IFdLRx4At1WFm74) of STEALIEN | CVE-2022-25666 |
| Xingyu Jin of Google | CVE-2021-0696, CVE-2021-0699, CVE-2021-0951 |
| Yong Liu, Xiaodong Wang, Jun Yao and Guang Gong of 360 Vulnerability Research Institute | CVE-2022-1786 |
| Yu-Cheng Lin (林禹成) (@AndroBugs) | CVE-2022-20429 |
| Zhenpeng Lin (@Markek_) | CVE-2022-20409 |
| Zhicheng Zeng (曾志成) of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. | CVE-2022-26471, CVE-2022-26472 |
| Zinuo Han(weibo.com/ele7enxxh) of OPPO Amber Security Lab | CVE-2022-20410, CVE-2022-20417, CVE-2022-20418 |
September
| Researchers | CVEs |
|---|---|
| Karthik Nair (realkarthiknair) | CVE-2022-20317 |
| Abhinav Saxena (xandfury@gmail.com) & AppCensus Inc. (https://appcensus.io) | CVE-2022-20339, CVE-2022-20399 |
| Ahmed Ezzat (BitTheByte) | CVE-2022-20338 |
| Aman Pandey of bugsmirror | CVE-2021-0734, CVE-2021-0975, CVE-2022-20242, CVE-2022-20245, CVE-2022-20252, CVE-2022-20262, CVE-2022-20263, CVE-2022-20266, CVE-2022-20267, CVE-2022-20270, CVE-2022-20275, CVE-2022-20276, CVE-2022-20277, CVE-2022-20279, CVE-2022-20284, CVE-2022-20285, CVE-2022-20287, CVE-2022-20288, CVE-2022-20289, CVE-2022-20290, CVE-2022-20291, CVE-2022-20293, CVE-2022-20294, CVE-2022-20295, CVE-2022-20296, CVE-2022-20298, CVE-2022-20299, CVE-2022-20300, CVE-2022-20301, CVE-2022-20303, CVE-2022-20304, CVE-2022-20305, CVE-2022-20307, CVE-2022-20309, CVE-2022-20310, CVE-2022-20311, CVE-2022-20315, CVE-2022-20316, CVE-2022-20318, CVE-2022-20320, CVE-2022-20322, CVE-2022-20323, CVE-2022-20324, CVE-2022-20326, CVE-2022-20328, CVE-2022-20332, CVE-2022-20336, CVE-2022-20341 |
| Andr. Ess | CVE-2022-20335 |
| Boze Zekan and Scott Cosentino of BlackBerry Product Security Incident Response Team (https://www.blackberry.com/us/en/services/blackberry-product-security-incident-response) | CVE-2022-20280 |
| C_C | CVE-2022-20246, CVE-2022-20250, CVE-2022-20286, CVE-2022-20395 |
| Chaoyuan Peng (@ret2happy) | CVE-2022-20333 |
| Chucheng Ye, Binhu Yang, Hongzhi Ding of OPPO and En He of OPPO ZIWU Security Lab | CVE-2022-20197 |
| derrek | CVE-2022-22094 |
| Edward Cunningham of Google | CVE-2020-0500 |
| Elijah Bowman of Accenture | CVE-2022-20302 |
| Elijah Bowman of Accenture | CVE-2022-20297 |
| En He of OPPO ZIWU Security Lab | CVE-2022-20281, CVE-2022-20282 |
| Gengjia Chen ( @chengjia4574 ) from IceSword Lab | CVE-2022-20385 |
| Grace Cheng of Google | CVE-2022-20261 |
| Hai Zhang of Google | CVE-2022-20218 |
| Han Yan(闫晗), Lewei Qu(曲乐炜), Dongxiang Ke(柯懂湘) of Baidu AIoT Security Team | CVE-2022-26447 |
| Ivan Lozano of Google | CVE-2022-20258 |
| Le Wu of Baidu Security | CVE-2022-25653, CVE-2022-25654, CVE-2022-25686, CVE-2022-25688 |
| Lei Ai(艾磊) and Xianfeng Lu(卢先锋) of OPPO Amber Security Lab | CVE-2022-20253, CVE-2022-20308, CVE-2022-25706 |
| Lewei Qu(曲乐炜) of Baidu AIoT Security Team | CVE-2022-20386, CVE-2022-20387, CVE-2022-20388, CVE-2022-20389, CVE-2022-20390, CVE-2022-20391 |
| lovepink | CVE-2022-25696 |
| Lucian and Sheep of OPPO Amber Security Lab | CVE-2022-20249, CVE-2022-20251, CVE-2022-20255 |
| Lucian of OPPO Amber Security Lab | CVE-2022-20259, CVE-2022-20398 |
| Mitch Phillips using HWASan | CVE-2022-20256 |
| Nguyễn Hoàng Thạch (d4rkn3ss) of STAR Labs | CVE-2022-20244 |
| PengfeiDing | CVE-2022-22092, CVE-2022-22093 |
| Pratheesh P Narayanan | CVE-2022-20265 |
| Raphael Farias (https://www.linkedin.com/in/raphaelfariascarneiro/) from the Unversity of Pernambuco | CVE-2022-20292 |
| Rayhan Akhter from Android Real Time Stability Insights (RTSI) | CVE-2022-20325 |
| Ricky Wai of Google | CVE-2022-20241 |
| Robert Tseng | CVE-2022-20248, CVE-2022-20260 |
| Rui Li and Wenrui Diao, Shandong University | CVE-2022-20392 |
| Seonung Jang(@IFdLRx4At1WFm74) of STEALIEN | CVE-2022-22095 |
| Syed Rafiul Hussain, Abdullah Al Ishtiaq, Penn State; Imtiaz Karim, Elisa Bertino, Purdue; Omar Chowdhury, University of Iowa | CVE-2022-22091 |
| Valerio Brussani (@val_brux) working at NoZero (nozero.io) | CVE-2022-20340 |
| Vladislav Butorov | CVE-2022-20243 |
| Xianfeng Lu(卢先锋) and Lei Ai(艾磊) of OPPO Amber Security Lab | CVE-2022-20257, CVE-2022-25704 |
| Xingyu Jin of Google | CVE-2021-0697, CVE-2021-0871, CVE-2021-0942, CVE-2021-0943 |
| Yansong Li | CVE-2022-20334 |
| Yu-Cheng Lin (林禹成) (@AndroBugs) | CVE-2021-0518, CVE-2022-20268, CVE-2022-20271, CVE-2022-20272, CVE-2022-20274, CVE-2022-20278, CVE-2022-20312, CVE-2022-20314, CVE-2022-20327, CVE-2022-20329, CVE-2022-20331 |
| Zinuo Han(weibo.com/ele7enxxh) of OPPO Amber Security Lab | CVE-2022-20247, CVE-2022-20273, CVE-2022-20283, CVE-2022-20362, CVE-2022-20393 |
August
| Researchers | CVEs |
|---|---|
| Abhinav Saxena (xandfury@gmail.com) & AppCensus Inc. (https://appcensus.io) | CVE-2022-20339 |
| Ahmed Ezzat (BitTheByte) | CVE-2022-20338 |
| Aman Pandey of bugsmirror | CVE-2022-20352, CVE-2021-0734, CVE-2021-0975, CVE-2022-20242, CVE-2022-20245, CVE-2022-20252, CVE-2022-20262, CVE-2022-20263, CVE-2022-20266, CVE-2022-20267, CVE-2022-20270, CVE-2022-20275, CVE-2022-20276, CVE-2022-20277, CVE-2022-20279, CVE-2022-20284, CVE-2022-20285, CVE-2022-20287, CVE-2022-20288, CVE-2022-20289, CVE-2022-20290, CVE-2022-20291, CVE-2022-20293, CVE-2022-20294, CVE-2022-20295, CVE-2022-20296, CVE-2022-20298, CVE-2022-20299, CVE-2022-20300, CVE-2022-20301, CVE-2022-20303, CVE-2022-20304, CVE-2022-20305, CVE-2022-20307, CVE-2022-20309, CVE-2022-20310, CVE-2022-20311, CVE-2022-20315, CVE-2022-20316, CVE-2022-20318, CVE-2022-20320, CVE-2022-20322, CVE-2022-20323, CVE-2022-20324, CVE-2022-20326, CVE-2022-20328, CVE-2022-20332, CVE-2022-20336, CVE-2022-20341 |
| Amit Nama from Android Real Time Stability Insights (RTSI) | CVE-2022-20383 |
| Andr. Ess | CVE-2022-20335 |
| Android Security Assurance Red Team | CVE-2022-20384, CVE-2022-20402, CVE-2022-20404, CVE-2022-20405, CVE-2022-20407, CVE-2022-20408 |
| au4to4 | CVE-2022-20368 |
| Austin Emmitt ofNowSecure(@alkalinesec) | CVE-2022-20355 |
| Bodong Zhao of NISL Lab, Tsinghua University | CVE-2022-20373 |
| Boze Zekan and Scott Cosentino of BlackBerry Product Security Incident Response Team (https://www.blackberry.com/us/en/services/blackberry-product-security-incident-response) | CVE-2022-20280 |
| C_C | CVE-2022-20246, CVE-2022-20250, CVE-2022-20286 |
| Chaoyuan Peng (@ret2happy) | CVE-2022-20333 |
| Daniele Antonioli (EURECOM), Nils Ole Tippenhauer (CISPA), Kasper Rasmussen (University of Oxford), Mathias Payer (EPFL). | CVE-2022-20361 |
| Edward Cunningham of Google | CVE-2021-39696, CVE-2022-20358 |
| Elijah Bowman of Accenture | CVE-2022-20302 |
| En He of OPPO ZIWU Security Lab | CVE-2022-20281, CVE-2022-20282 |
| Gengjia Chen ( @chengjia4574 ) from IceSword Lab | CVE-2022-20239 |
| Grace Cheng of Google | CVE-2022-20261 |
| Hongli Han(@hexb1n) and Guang Gong(@oldfresher) of 360 Alpha Lab | CVE-2022-20344 |
| Ivan Lozano of Google | CVE-2022-20258 |
| Karthik Nair (realkarthiknair) | CVE-2022-20317 |
| Kieron Quinn (https://kieronquinn.co.uk/) | CVE-2022-20356 |
| Le Wu (吴乐) of Baidu Security | CVE-2022-20082, CVE-2022-22059, CVE-2022-25668 |
| Lei Ai(艾磊) and Xianfeng Lu(卢先锋) of OPPO Amber Security Lab | CVE-2022-20253, CVE-2022-20308,CVE-2022-20345 |
| lovepink | CVE-2022-20180, CVE-2022-20357, CVE-2022-20366, CVE-2022-20367, CVE-2022-20379 |
| Lucian and Sheep of OPPO Amber Security Lab | CVE-2022-20249, CVE-2022-20251, CVE-2022-20255 |
| Lucian of OPPO Amber Security Lab | CVE-2022-20259 |
| Marco Nelissen of Google | CVE-2022-20376 |
| Mitch Phillips using HWASan | CVE-2022-20256 |
| Nathan Harold of Google | CVE-2022-20354 |
| Nguyễn Hoàng Thạch (d4rkn3ss) of STAR Labs | CVE-2022-20244 |
| Peter Park (peterpark) | CVE-2021-30259 |
| Pratheesh P Narayanan | CVE-2022-20265 |
| Raphael Farias (https://www.linkedin.com/in/raphaelfariascarneiro/) from the Unversity of Pernambuco | CVE-2022-20292 |
| Rayhan Akhter from Android Real Time Stability Insights (RTSI) | CVE-2022-20325, CVE-2022-20381 |
| Ricky Wai of Google | CVE-2022-20241 |
| Robert Tseng | CVE-2022-20248, CVE-2022-20260, CVE-2022-20348, CVE-2022-20349 |
| Elijah Bowman of Accenture | CVE-2022-20297 |
| Starry, QQQ, CenJ of OPPO Amber Security Lab | CVE-2022-20369 |
| Tomasz Kuchta | CVE-2022-20365 |
| Tri Vo of Google | CVE-2022-20377 |
| Valerio Brussani (@val_brux) working at NoZero (nozero.io) | CVE-2022-20340 |
| Vladislav Butorov | CVE-2022-20243 |
| Xianfeng Lu(卢先锋) and Lei Ai(艾磊) of OPPO Amber Security Lab | CVE-2022-20257 |
| Xingyu Jin | CVE-2021-0698, CVE-2021-0887, CVE-2021-0891, CVE-2021-0946, CVE-2021-0947 |
| Yansong Li | CVE-2022-20334 |
| Yu-Cheng Lin (林禹成) (@AndroBugs) | CVE-2022-20350, CVE-2021-0518, CVE-2022-20268, CVE-2022-20271, CVE-2022-20272, CVE-2022-20274, CVE-2022-20278, CVE-2022-20312, CVE-2022-20314, CVE-2022-20327, CVE-2022-20329, CVE-2022-20331 |
| Zi Fan Tan of Google | CVE-2022-20371 |
| Zinuo Han(weibo.com/ele7enxxh) of OPPO Amber Security Lab | CVE-2022-20247, CVE-2022-20273, CVE-2022-20283, CVE-2022-20346 |
July
| Researchers | CVEs |
|---|---|
| Aman Pandey of bugsmirror | CVE-2022-20225 |
| Daniel Komaromy (@kutyacica) of Taszk Security Labs | CVE-2022-21744 |
| Gengjia Chen (@chengjia4574) from IceSword Lab | CVE-2022-20238 |
| Eric Biggers of Google | CVE-2022-20219 |
| Han Yan(闫晗), Lewei Qu(曲乐炜), Dongxiang Ke(柯懂湘) of Baidu AIoT Security Team | CVE-2022-21767, CVE-2022-21768 |
| Jun Yao (@_2freeman) and Guang Gong (@oldfresher) of 360 Alpha Lab | CVE-2021-35133 |
| Le Wu of Baidu Security | CVE-2022-25657, CVE-2022-25658, CVE-2022-25659 |
| Lewei Qu(曲乐炜) and Dongxiang Ke(柯懂湘) of Baidu AIoT Security Team | CVE-2022-20216 |
| Lewei Qu(曲乐炜) of Baidu AIoT Security Team | CVE-2022-20217 |
| Lucian of OPPO Amber Security Lab | CVE-2022-21763, CVE-2022-21764 |
| Rob Carr of Google | CVE-2022-20226 |
| Szymon Heidrich | CVE-2022-20227 |
| Tianyi Hu (胡天易) of Bytedance Wuheng Lab | CVE-2022-20223 |
| Yu-Cheng Lin (林禹成) (@AndroBugs) | CVE-2022-20212, CVE-2022-20234 |
| Zinuo Han(weibo.com/ele7enxxh) of OPPO Amber Security Lab | CVE-2022-20221, CVE-2022-20222, CVE-2022-20224, CVE-2022-20229 |
June
| Researchers | CVEs |
|---|---|
| 360 Alpha Lab | CVE-2021-35120 |
| Aman Pandey of bugsmirror | CVE-2021-0983, CVE-2022-20126, CVE-2022-20133, CVE-2022-20206 |
| Android Security Assurance Red Team | CVE-2022-20149, CVE-2022-20164, CVE-2022-20167, CVE-2022-20170, CVE-2022-20171, CVE-2022-20179 |
| Android Security Assurance RedTeam of Google | CVE-2022-20132 |
| Bodong Zhao of NISL Lab, Tsinghua University | CVE-2022-20155, CVE-2022-20183, CVE-2022-20185 |
| Chong Wang (王冲) (weibo.com/csddl) from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd. and Pengfei Ding (丁鹏飞) of Huawei | CVE-2020-27068 |
| Chucheng Ye, Binhu Yang, Hongzhi Ding of OPPO and En He of OPPO ZIWU Security Lab | CVE-2022-20197 |
| Damiano Melotti and Maxime Rossi Bellom of Quarkslab | CVE-2022-20233 |
| Domen Puncer Kugler, Samsung Electronics, SRUK | CVE-2022-20166 |
| Fabien Lheureux of Google | CVE-2022-20152, CVE-2022-20174 |
| flawedworld and CreepNT | CVE-2021-39653 |
| Gengjia Chen ( @chengjia4574 ) from IceSword Lab | CVE-2021-35119 |
| Gopal Krishna Shukla, Qualcomm India | CVE-2021-39806 |
| Gulshan Singh of Google | CVE-2022-20176 |
| Hao Zhou, Xiapu Luo from the Hong Kong Polytechnique University, Haoyu Wang from the Huazhong University of Science and Technology, Haipeng Cai from the Washington State University, and Yajin Zhou from the Zhejiang University | CVE-2022-20200 |
| Heimdallr of Cyber Security of Zhejiang ZEEKR Intelligent Technology | CVE-2022-25375 |
| Hongli Han (@hexb1n) and Mingjian Zhou (周明建) (@Mingjian_Zhou) of C0RE Team | CVE-2021-39624, CVE-2022-20141 |
| ISMAEL AMZDAK | CVE-2022-20125 |
| Joshua Nearchos (LinkedIn) | CVE-2022-20006 |
| Jun Yao (@_2freeman) and Guang Gong (@oldfresher) of 360 Alpha Lab | CVE-2021-35121 |
| Keith Mok of Google | CVE-2022-20148 |
| Kevin Yang of Google | CVE-2022-20182 |
| Le Wu of Baidu Security | CVE-2022-22082, CVE-2022-22083, CVE-2022-22084, CVE-2022-22085, CVE-2022-22086, CVE-2022-22087 |
| lovepink | CVE-2022-20156 |
| Lucian of OPPO Amber Security Lab | CVE-2022-20137 |
| Man Yue Mo of GitHub Security Lab | CVE-2022-20186 |
| Matthew Daley | CVE-2021-39691 |
| Nate Myren of Google | CVE-2022-20193 |
| Pengfei Ding(丁鹏飞) | CVE-2021-35118 |
| Qidan He (@flanker_hqd) | CVE-2022-20146, CVE-2022-20172 |
| Rob Carr of Google | CVE-2022-20192 |
| Sergey Toshin (@bagipro) of Oversecured Inc. | CVE-2022-20135, CVE-2022-20142 |
| smakk | CVE-2022-20210 |
| su4do4 | CVE-2022-20153 |
| Sze Yiu Chau, Hugo Hue, and Ka Lok Wu of The Chinese University of Hong Kong (CUHK) | CVE-2022-20145 |
| TerrorBlade of OPPO Amber Security Lab | CVE-2022-20139 |
| Tianyi Hu (胡天易) of Bytedance Wuheng Lab | CVE-2022-20205 |
| Yifei Xie | CVE-2022-21745 |
| Yu-Cheng Lin (林禹成) (@AndroBugs) | CVE-2022-20138, CVE-2022-20194, CVE-2022-20204, CVE-2022-20207 |
| Zinuo Han(weibo.com/ele7enxxh) of OPPO Amber Security Lab | CVE-2022-20123, CVE-2022-20127, CVE-2022-20131, CVE-2022-20140, CVE-2022-20147, CVE-2022-20198, CVE-2022-20201 |
May
| Researchers | CVEs |
|---|---|
| Aman Pandey of bugsmirror | CVE-2022-20004, CVE-2022-20114 |
| Android Security Assurance RedTeam | CVE-2022-20120 |
| Art (github) | CVE-2022-20011 |
| Ben Turley | CVE-2022-20113 |
| Christian Loehle, Hyperstone GmbH cloehle@hyperstone.com | CVE-2022-20008 |
| Edward Cunningham of Google | CVE-2022-20005 |
| Gengjia Chen (@chengjia4574) | CVE-2021-35092 |
| Gengjia Chen ( @chengjia4574 ) from IceSword Lab | CVE-2021-35084, CVE-2021-35085 |
| Gregory Montoir and Gary Arakaki of Google | CVE-2021-39700 |
| hsia.angsh | CVE-2022-20115 |
| Kevin Deus of Google | CVE-2022-20010 |
| Le Wu (吴乐) of Baidu Security | CVE-2022-20109, CVE-2022-20110 |
| Le Wu (吴乐) of Baidu Security | CVE-2022-20118 |
| lovepink | CVE-2022-20119 |
| Man Yue Mo of GitHub Security Lab | CVE-2022-22057, CVE-2022-22068 |
| Max Kellermann of IONOS SE | CVE-2022-0847 |
| Michał Bednarski (michalbednarski) | CVE-2022-20116 |
| Peter Park (peterpark) | CVE-2021-35072, CVE-2022-22072 |
| Sithi | CVE-2021-39670 |
| Szymon Heidrich | CVE-2022-20009 |
| TerrorBlade of OPPO Amber Security Lab | CVE-2022-20121 |
| Xianbo Wang (@sanebow) of MobiTec, The Chinese University of Hong Kong | CVE-2022-20007 |
| Xianfeng Lu(卢先锋) and Lei Ai(艾磊) of OPPO Amber Security Lab | CVE-2022-20112 |
| Yu-Cheng Lin (林禹成) (@AndroBugs) | CVE-2021-39738 |
April
| Researchers | CVEs |
|---|---|
| Syed Rafiul Hussain, Abdullah Al Ishtiaq, Penn State; Imtiaz Karim, Elisa Bertino, Purdue; Omar Chowdhury, University of Iowa | CVE-2021-30344 |
| Aman Pandey of bugsmirror | CVE-2021-39808 |
| Andrea Arcangeli of Red Hat and Peter Collingbourne of Google | CVE-2021-39802 |
| Dawuge of Pangu Team | CVE-2021-39804 |
| Eloi Sanfelix of Blue Frost Security | CVE-2021-35112 |
| Gengjia Chen ( @chengjia4574 ) from IceSword Lab | CVE-2021-35071, CVE-2021-35081 |
| Hao Zhou, Xiapu Luo from the Hong Kong Polytechnique University, Haoyu Wang from the Huazhong University of Science and Technology, and Yajin Zhou from the Zhejiang University | CVE-2021-39796 |
| Yu-Cheng Lin (林禹成) (@AndroBugs) and hluwa | CVE-2021-39794 |
| John Tsai of Google | CVE-2021-39812 |
| Le Wu of Baidu Security | CVE-2021-35100 |
| Le Wu(吴乐) of Baidu Security | CVE-2021-39800, CVE-2021-39801 |
| Lei Ai(艾磊) and Xianfeng Lu(卢先锋) of OPPO Amber Security Lab | CVE-2021-39805, CVE-2021-39807 |
| lovepink | CVE-2021-39798 |
| Makoto Onuki of Google | CVE-2021-0694 |
| Michał Bednarski (michalbednarski) | CVE-2021-39797, CVE-2021-39799 |
| Pierre-Yves Marche from Orange Security team | CVE-2022-20081 |
| Zinuo Han(weibo.com/ele7enxxh) of Alibaba Cloud Security Team | CVE-2021-39809 |
March
| Researchers | CVEs |
|---|---|
| 7h0r | CVE-2021-39709 |
| Aman Pandey of bugsmirror | CVE-2021-39701, CVE-2021-39704 |
| Android Security Assurance RedTeam of Google | CVE-2021-39726 |
| Bo Zhang (张波) and Tianyi Hu (胡天易) of Bytedance Wuheng Lab | CVE-2021-39707 |
| Bo Zhang (张波) of Bytedance Wuheng Lab | CVE-2021-39697 |
| Bodong Zhao from Tsinghua University | CVE-2021-39717 |
| Elijah Bowman of Accenture | CVE-2021-39703 |
| Eugene Rodionov of Google | CVE-2021-39792 |
| Fabien Lheureux | CVE-2021-39729 |
| Gengjia Chen ( @chengjia4574 ) | CVE-2021-35088 |
| Gengjia Chen ( @chengjia4574 ) of IceSword Lab | CVE-2021-35103, CVE-2021-35106, CVE-2021-35117 |
| gzobqq@gmail.com | CVE-2021-39698 |
| Hang Zhang,Zhiyun Qian from UC Riverside | CVE-2021-30299 |
| Hao Zhou, Xiapu Luo from the Hong Kong Polytechnique University, Haoyu Wang from the Beijing University of Posts and Telecommunications, and Yajin Zhou from the Zhejiang University | CVE-2021-39692, CVE-2021-39702 |
| Huinian Yang (@vmth6) of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. | CVE-2022-20047, CVE-2022-20048 |
| Jann Horn of Google Project Zero | CVE-2021-39686 |
| Jiakai Zhang of Google | CVE-2021-39689 |
| Jun Yao (姚俊) (@freeman) and Guang Gong (@oldfresher) of Alpha Lab, Qihoo 360 Technology Co. Ltd. | CVE-2021-39725, CVE-2021-39735 |
| Le Wu(吴乐) of Baidu Security | CVE-2021-39714 |
| Lucian and Sheep of OPPO Amber Security Lab | CVE-2021-39706 |
| Man Yue Mo of GitHub Security Lab | CVE-2021-35105 |
| Matt Oh of Google | CVE-2021-39727 |
| Max Spector of spector.tech, Kenneth Kang of Google, Huizi Yang of Google, Dmitry Vyukov of Google | CVE-2021-39711, CVE-2021-39721 |
| Mitch Phillips using HWASan | CVE-2021-39722 |
| Peter Park (peterpark) | CVE-2021-30331, CVE-2021-30333 |
| Qidan He (@flanker_hqd) | CVE-2021-39734 |
| Rui Li and Wenrui Diao, Shandong University | CVE-2021-39695 |
| Sam Schumacher of Google | CVE-2021-39710 |
| SHIHAB P M | CVE-2021-0957 |
| Sithi | CVE-2021-39690 |
| Soonil Nagarkar of Google | CVE-2021-39693 |
| Szymon Heidrich | CVE-2021-39685 |
| Vahan Aslanyan | CVE-2021-39694 |
| Will Coster of Google | CVE-2021-39718, CVE-2021-39731 |
| Xiling Gong of Google | CVE-2021-39737 |
| Xuan Xing of Google | CVE-2021-39720, CVE-2021-39723 |
| Zinuo Han(weibo.com/ele7enxxh) of Alibaba Cloud Security Team | CVE-2021-39708 |
February
| Researchers | CVEs |
|---|---|
| Alexander Yukhanov of Google | CVE-2021-39777 |
| Aman Pandey of bugsmirror | CVE-2021-39743, CVE-2021-39744, CVE-2021-39745, CVE-2021-39747, CVE-2021-39751, CVE-2021-39754, CVE-2021-39755, CVE-2021-39756, CVE-2021-39760, CVE-2021-39761, CVE-2021-39766, CVE-2021-39769, CVE-2021-39770, CVE-2021-39773, CVE-2021-39778, CVE-2021-39779, CVE-2021-39781, CVE-2021-39782, CVE-2021-39788, CVE-2021-39791 |
| Amit Nama | CVE-2021-39786 |
| Corbin Souffrant with Leviathan Security Group | CVE-2021-39741 |
| h0rd7 | CVE-2021-39764 |
| Hao Ke (柯昊) of Google Android Malware Research | CVE-2021-1000, CVE-2021-1033 |
| Hao Zhou, Xiapu Luo from the Hong Kong Polytechnique University, Haoyu Wang from the Beijing University of Posts and Telecommunications, and Yajin Zhou from the Zhejiang University | CVE-2021-39789 |
| Jann Horn of Google Project Zero | CVE-2021-39767, CVE-2022-20002 |
| Lucian and Sheep of OPPO Amber Security Lab | CVE-2022-42544, CVE-2021-39780 |
| Lucian of OPPO Amber Security Lab | CVE-2021-39750, CVE-2021-39752, CVE-2021-39753 |
| Michał Bednarski (michalbednarski) | CVE-2021-39749 |
| Rayhan Akhter | CVE-2021-39776 |
| Sergey Toshin (@bagipro) of Oversecured Inc. | CVE-2021-25393 |
| Tianyi Hu (胡天易) of Bytedance Wuheng Lab | CVE-2021-39763 |
| Xianfeng Lu(卢先锋) and Lei Ai(艾磊) of OPPO Amber Security Lab | CVE-2021-39772 |
| Xianfeng Lu(卢先锋) and Yu Qin(秦彧) of OPPO Amber Security Lab | CVE-2021-39768 |
| Yu-Cheng Lin (林禹成) (@AndroBugs) | CVE-2021-39739, CVE-2021-39775, CVE-2021-39784 |
| Zinuo Han(weibo.com/ele7enxxh) of Alibaba Cloud Security Team | CVE-2021-39774 |
February
| Researchers | CVEs |
|---|---|
| Lewei Qu(曲乐炜) and Dongxiang Ke(柯懂湘) of Baidu AIoT Security Team | CVE-2021-39635 |
| Aman Pandey of bugsmirror | CVE-2021-0524 |
| Amit Nama of Google using Realtime Stability Insights (RTSI) | CVE-2021-39687 |
| Bodong Zhao of NISL Lab, Tsinghua University | CVE-2021-30324, CVE-2021-30325 |
| Dongxiang Ke(柯懂湘) and Lewei Qu(曲乐炜) and Han Yan(闫晗) of Baidu AIoT Security Team | CVE-2022-20025, CVE-2022-20026, CVE-2022-20027, CVE-2022-20028 |
| Dzmitry Lukyanenka | CVE-2021-39663 |
| Gengjia Chen ( @chengjia4574 ) from IceSword Lab | CVE-2021-35069 |
| Hongli Han(@hexb1n) and Guang Gong(@oldfresher) of Vulnerability Research Institute | CVE-2021-39666 |
| Jooyung Han of Google | CVE-2021-39671 |
| Kris Alder of Google | CVE-2020-13112, CVE-2020-13113 |
| Lewei Qu(曲乐炜) and Dongxiang Ke(柯懂湘) of Baidu AIoT Security Team | CVE-2021-39616, CVE-2021-39658 |
| Max Spector of spector.tech, Kenneth Kang of Google, Huizi Yang of Google, Dmitry Vyukov of Google | CVE-2021-39688 |
| Nguyễn Hoàng Thạch (d4rkn3ss) of STAR Labs | CVE-2021-39674 |
| Nolen Johnson, Hardware Security Consultant, DirectDefense | CVE-2021-39672 |
| Peter Park (peterpark) | CVE-2021-30317, CVE-2021-30322, CVE-2021-30323 |
| Pustam Raut (पुस्तम राउत) from Sarlahi & IISc/RIT/NMC | CVE-2021-39631 |
| Ryan Johnson and Mohamed Elsabagh of Kryptowire | CVE-2021-0706 |
| Seonung Jang (@IFdLRx4At1WFm74) of STEALIEN | CVE-2021-35077 |
| Tianyi Hu (胡天易) of Bytedance Wuheng Lab | CVE-2021-39669 |
| Zinuo Han(weibo.com/ele7enxxh) of Alibaba Cloud Security Team | CVE-2021-39665, CVE-2021-39676 |
January
| Researchers | CVEs |
|---|---|
| Aman Pandey of bugsmirror | CVE-2021-0643 |
| Amit Nama of Google using Realtime Stability Insights (RTSI) | CVE-2021-39620, CVE-2021-39679 |
| Atharav R. Hedage and Om Suryakant Koli | CVE-2021-39628 |
| Dongsong Yu | CVE-2021-30319 |
| Dzmitry Lukyanenka | CVE-2021-0846 |
| Eugene Rodionov of Google | CVE-2021-39684 |
| h0rd7 | CVE-2021-39625 |
| Huinian Yang (@vmth6) and Qingyu Li (QQQ) of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. | CVE-2021-39623 |
| Jann Horn of Google Project Zero | CVE-2021-0959 |
| Kyungtae Kim | CVE-2021-30313 |
| Lewei Qu(曲乐炜) and Dongxiang Ke(柯懂湘) of Baidu AIoT Security Team | CVE-2021-1049 |
| Max Spector of spector.tech, Kenneth Kang of Google, Huizi Yang of Google, Dmitry Vyukov of Google | CVE-2021-39682 |
| Peter Park (peterpark) | CVE-2021-30308, CVE-2021-30311 |
| Sam Schumacher of Google | CVE-2021-39632, CVE-2021-39678 |
| Syed Rafiul Hussain, Pennsylvania State University; Imtiaz Karim, Purdue University; Abdullah Al Ishtiaq, Pennsylvania State University; Omar Chowdhury, The University of Iowa; Elisa Bertino, Purdue University | CVE-2021-40148 |
| Tianyi Hu (胡天易) of Bytedance Wuheng Lab | CVE-2021-1035 |
| Vikram Singh | CVE-2021-39622 |
| Yu-Cheng Lin (林禹成) (@AndroBugs) | CVE-2021-1036, CVE-2021-1037, CVE-2021-39626 |
| 吴宪林(Xianlin Wu) from OPPO Amber Security Lab and 卢昌鑫(Changxin Lu) from Tencent Keen Security Lab | CVE-2021-30314 |
Additional contributions
We would also like to acknowledge the contributions of the following individuals to Android security:
- Tianyi Hu (胡天易) (oscarhuthu@gmail.com)
2021
Android 12 security notes
| Researchers | CVEs |
|---|---|
| 7h0r | CVE-2021-0789 |
| Aman Pandey of bugsmirror | CVE-2021-0711, CVE-2021-0712, CVE-2021-0715, CVE-2021-0717, CVE-2021-0718, CVE-2021-0721, CVE-2021-0724, CVE-2021-0725, CVE-2021-0726, CVE-2021-0728, CVE-2021-0729, CVE-2021-0731, CVE-2021-0732, CVE-2021-0733, CVE-2021-0736, CVE-2021-0737, CVE-2021-0738, CVE-2021-0742, CVE-2021-0746, CVE-2021-0747, CVE-2021-0751, CVE-2021-0752, CVE-2021-0754, CVE-2021-0755, CVE-2021-0756, CVE-2021-0757, CVE-2021-0760, CVE-2021-0761, CVE-2021-0763, CVE-2021-0764, CVE-2021-0765, CVE-2021-0768, CVE-2021-0770, CVE-2021-0771, CVE-2021-0772, CVE-2021-0780, CVE-2021-0781, CVE-2021-0783, CVE-2021-0784, CVE-2021-0792, CVE-2021-0800, CVE-2021-0801, CVE-2021-0803, CVE-2021-0806, CVE-2021-0807, CVE-2021-0812, CVE-2021-0823, CVE-2021-0827, CVE-2021-0831, CVE-2021-0832, CVE-2021-0834, CVE-2021-0851, CVE-2021-0866, CVE-2022-20211 |
| Andrew Scull of Google | CVE-2021-0720 |
| Android Security Red Team | CVE-2021-0817, CVE-2021-0819 |
| Chaoyuan Peng (@ret2happy) | CVE-2021-0791, CVE-2021-0795, CVE-2021-0796, CVE-2021-0797, CVE-2021-0798, CVE-2021-0804, CVE-2021-0808, CVE-2021-0809, CVE-2021-0810, CVE-2021-0811, CVE-2021-0886 |
| Cheonho Park of Google | CVE-2021-0727 |
| Chong Wang (王冲) | CVE-2021-0818 |
| Cusas of L.O. Team | CVE-2021-0822, CVE-2021-0824 |
| David Zeuthen of Google | CVE-2021-0890 |
| Dmitri Plotnikov of Google | CVE-2021-0719 |
| Dmitry Valter | CVE-2021-0858 |
| Dongwon Kang of Google | CVE-2021-0857 |
| Edward Cunningham of Google | CVE-2021-0853 |
| excalibursec59@gmail.com of topsec(蒋钟庆) | CVE-2021-0847 |
| Gengjia Chen ( @chengjia4574 ) of IceSword Lab, Qihoo 360 Technology Co. Ltd. | CVE-2021-0844 |
| Gerald Palfinger, A-SIT Secure Information Technology Center Austria / Institute for Applied Information Processing and Communications (IAIK), Graz University of Technology | CVE-2021-0845 |
| Hao Ke (柯昊) of Google Android Malware Research | CVE-2021-0709, CVE-2021-0710, CVE-2021-0723, CVE-2021-0762, CVE-2021-0868 |
| hard_______ | CVE-2021-0785, CVE-2021-0828, CVE-2021-0837 |
| Hongli Han (@hexb1n) and Guang Gong (@oldfresher) of 360 Alpha Lab working with 360 BugCloud | CVE-2021-0767, CVE-2021-0855 |
| Hongli Han (@hexb1n) and Mingjian Zhou (周明建) (@Mingjian_Zhou) of C0RE Team | CVE-2021-0865 |
| HuiSu Jeon of Financial Security Institute | CVE-2021-0826 |
| Jayant Chowdhary of Google | CVE-2021-0774 |
| Joao Lucas Melo Brasio from Elytron Security | CVE-2019-9428 |
| JulIen Thomas (@Julien_Thomas) | CVE-2021-0856 |
| Kirill Romanovskiy, cyril@yandex-team.ru/romanovskiy.k@gmail.com | CVE-2021-0862 |
| Lauren Winston of Google | CVE-2021-0722 |
| Lucian of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd | CVE-2021-0867 |
| Luowen Qian of Boston University (https://cs-people.bu.edu/luowenq/) | CVE-2021-0980 |
| Marcin Mikosik | CVE-2021-0863 |
| Matthew Daley | CVE-2021-0949 |
| Michael Ensing of Leviathan Security | CVE-2021-0838, CVE-2021-0840, CVE-2021-0841 |
| Michael Groover of Google | CVE-2021-0716 |
| Michał Bednarski (michalbednarski) | CVE-2021-0748, CVE-2021-0749, CVE-2021-0750 |
| Mitch Phillips using GWP-ASan | CVE-2021-0850 |
| Nate(Qiang) Jiang of Google | CVE-2021-0753 |
| Ned Williamson of Google Project Zero | CVE-2021-0802 |
| Nguyễn Hoàng Thạch (d4rkn3ss) of STAR Labs | CVE-2021-0950 |
| Nikita Kurtin | CVE-2021-0864 |
| Niky1235 (@jiych_guru) | CVE-2020-0127 |
| Ricky Wai of Google | CVE-2021-0849 |
| Sam Schumacher of Google using HWASan | CVE-2021-0766 |
| Sergey Toshin (@bagipro) of Oversecured Inc. | CVE-2021-0788 |
| The Magnificent Steven Moreland of Google | CVE-2021-0775, CVE-2021-0852, CVE-2021-0861 |
| Winson Chiu of Google | CVE-2021-0440 |
| Wyatt Riley of Google | CVE-2021-0743 |
| Xianfeng Lu(卢先锋) of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. | CVE-2021-0842 |
| Yu-Cheng Lin (林禹成) (@AndroBugs) | CVE-2021-0778, CVE-2021-0782, CVE-2021-0786, CVE-2021-0790, CVE-2021-0825 |
| Zeeshan Shaikh (@bugzzzhunter) from NotSoSecure | CVE-2021-0843 |
| Zinuo Han (weibo.com/ele7enxxh) of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. | CVE-2021-0713, CVE-2021-0714 |
| Zongheng Wang and Jack He of Google | CVE-2021-0816 |
| Łukasz Siewierski of Google | CVE-2021-0860 |
December
| Researchers | CVEs |
|---|---|
| 360 Alpha Lab | CVE-2021-30335, CVE-2021-30337 |
| Aman Pandey of bugsmirror | CVE-2021-0978, CVE-2021-0979, CVE-2021-0982, CVE-2021-0984, CVE-2021-0986, CVE-2021-0987, CVE-2021-0989, CVE-2021-0990, CVE-2021-0994, CVE-2021-0995, CVE-2021-1003, CVE-2021-1004, CVE-2021-1005, CVE-2021-1009, CVE-2021-1010, CVE-2021-1011, CVE-2021-1012, CVE-2021-1013, CVE-2021-1014, CVE-2021-1015, CVE-2021-1017, CVE-2021-1018, CVE-2021-1019, CVE-2021-1020, CVE-2021-1021, CVE-2021-1023, CVE-2021-1025, CVE-2021-1026, CVE-2021-1030, CVE-2021-1031, CVE-2021-1032, CVE-2021-1034 |
| Bodong Zhao from Tsinghua University | CVE-2021-30298 |
| Chaoyuan Peng (@ret2happy) | CVE-2021-0996, CVE-2021-1016, CVE-2021-1022 |
| Chris Fries of Google | CVE-2021-39639 |
| d414d4 (d414d4@gmail.com) | CVE-2021-39649, CVE-2021-39656, CVE-2021-39657 |
| Edward Cunningham of Google | CVE-2021-0704, CVE-2021-0988 |
| Eugene Rodionov of Google | CVE-2021-39643, CVE-2021-39647, CVE-2021-39648 |
| flawedworld and CreepNT | CVE-2021-39653 |
| Ian Thompson of Green Hills Software | CVE-2021-0904 |
| Jann Horn of Google Project Zero | CVE-2021-0966 |
| Jay Lv (@evilpan) of AntGroup TianQiong Security Lab | CVE-2021-1007 |
| Keuntae Shin | CVE-2021-1008 |
| Marcin Glinski | CVE-2021-39652 |
| Max Spector of Google | CVE-2021-1046, CVE-2021-39638, CVE-2021-39642, CVE-2021-39655 |
| Mitch Phillips using GWP-ASan | CVE-2021-0955 |
| MyTyrannosaurusBuddy | CVE-2021-0970 |
| Netanel Ben Simon and Slava Makkaveev of Check Point Software Technologies Ltd. | CVE-2021-0675, CVE-2021-30351 |
| Nguyễn Hoàng Thạch (d4rkn3ss) of STAR Labs | CVE-2021-0956, CVE-2021-0977 |
| Peter Park (peterpark) | CVE-2021-30267, CVE-2021-30268, CVE-2021-30289 |
| QQQ of OPPO Amber Security Lab | CVE-2021-39650 |
| Sithi | CVE-2021-0952 |
| Sulthan Alaudeen (@parallel_beings) | CVE-2021-39640, CVE-2021-39651 |
| The UK's National Cyber Security Centre (NCSC) | CVE-2021-0961 |
| Tianyi Hu (胡天易) of Bytedance Wuheng Lab | CVE-2021-0963 |
| Tri Vo of Google | CVE-2021-39637 |
| Vijay Prakash and Ruian Duan, Palo Alto Networks Inc | CVE-2021-0968 |
| Xianfeng Lu (卢先锋) and Lei Ai (艾磊) of OPPO Amber Security Lab | CVE-2021-0999 |
| Xuan Xing of Google | CVE-2021-39641, CVE-2021-39644, CVE-2021-39645, CVE-2021-39646 |
| Yong Wang (王勇) (@ThomasKing2014) of Alibaba Security | CVE-2021-39636 |
| Yu-Cheng Lin (林禹成) (@AndroBugs) | CVE-2021-0965, CVE-2021-0991, CVE-2021-1006, CVE-2021-1038, CVE-2021-1039, CVE-2021-1040 |
| Zinuo Han(weibo.com/ele7enxxh) of Alibaba Cloud Security Team | CVE-2021-1027, CVE-2021-1028, CVE-2021-1029 |
November
| Researchers | CVEs |
|---|---|
| Aman Pandey of bugsmirror | CVE-2021-0649 |
| Android Security Red Team | CVE-2021-0925 |
| Bodong Zhao from Tsinghua University | CVE-2021-30265 |
| Chaoyuan Peng (@ret2happy) | CVE-2021-0930 |
| Christophe Devine, ANSSI | CVE-2021-0434 |
| Clément Lecigne and Christian Resell from Google's Threat Analysis Group | CVE-2021-1048 |
| d414d4 (d414d4@gmail.com) | CVE-2021-1042 |
| Eugene Rodionov of Google | CVE-2021-1044 |
| Hongjian Cao of Ant Security Frontage Lab | CVE-2021-1903 |
| Khouloud Mansouri of Google | CVE-2021-0922 |
| Le Wu(吴乐) of Baidu Security | CVE-2021-0929 |
| Makoto Onuki of Google | CVE-2021-0799 |
| Matt Oh of Google | CVE-2021-1045 |
| Maxime Rossi Bellom, Philippe Teuwen, and Damiano Melotti of Quarkslab | CVE-2021-1043 |
| Michał Bednarski (michalbednarski) | CVE-2021-0928 |
| Peter Park (peterpark) | CVE-2021-1973, CVE-2021-1979, CVE-2021-30254, CVE-2021-30255 |
| Xianfeng Lu(卢先锋) and Lei Ai(艾磊) of OPPO Amber Security Lab | CVE-2021-0918 |
| Xianlin Wu(吴宪林) of OPPO Amber Security Lab | CVE-2021-0923 |
| Yu-Cheng Lin (林禹成) (@AndroBugs) | CVE-2021-0926, CVE-2021-0932 |
| Yu-Cheng Lin (林禹成) (@AndroBugs) | CVE-2021-0653 |
| Zinuo Han(weibo.com/ele7enxxh) of Alibaba Cloud Security Team | CVE-2021-0921 |
October
| Researchers | CVEs |
|---|---|
| Andy Nguyen of Google | CVE-2021-22555 |
| anupritaisno1 | CVE-2021-0703 |
| Arvind Sankar | CVE-2021-0938 |
| Chong Wang (王冲) (csddl147@gmail.com) | CVE-2021-1966 |
| d414d4@gmail.com | CVE-2021-0935 |
| Edward Cunningham of Google | CVE-2021-0708 |
| Efthimios Alepis and Constantinos Patsakis, Department of Informatics, University of Piraeus, Greece | CVE-2021-0651 |
| Gengjia Chen ( @chengjia4574 ) from IceSword Lab | CVE-2021-1977 |
| Hao Chen (@flankersky) and Guang Gong (@oldfresher) of 360 Alpha Lab | CVE-2021-1980 |
| Hongjian Cao of ANT Security Frontage Lab | CVE-2021-30310 |
| Hongli Han (@hexb1n) and Guang Gong (@oldfresher) of 360 Alpha Lab working with 360 BugCloud | CVE-2021-0483 |
| Kyungtae Kim | CVE-2021-0936 |
| Man Yue Mo of GitHub Security Lab | CVE-2021-1968, CVE-2021-1969 |
| Mathy Vanhoef | CVE-2020-11264, CVE-2020-11301, CVE-2020-24587, CVE-2020-24588, CVE-2020-26139, CVE-2020-26140, CVE-2020-26141, CVE-2020-26145, CVE-2020-26146, CVE-2020-26147, CVE-2021-30302, CVE-2021-30312 |
| Max Spector, Dmitry Vyukov | CVE-2021-0941 |
| Maxime Rossi Bellom of Quarkslab | CVE-2021-0939 |
| Ned Williamson of Google Project Zero | CVE-2021-0870 |
| Peter Park (peterpark) | CVE-2021-1959, CVE-2021-30288 |
| QQQ of OPPO Amber Security Lab | CVE-2021-0940 |
| Rayhan Akhter of Google using Realtime Stability Insights (RTSI) | CVE-2021-0652 |
| Thomas Sutter (Me7e0r) | CVE-2021-0705 |
| Tim Treese of Google | CVE-2021-0702 |
| Yu-Cheng Lin (林禹成) (@AndroBugs) | CVE-2021-0583 |
| Zhenxiong Wu of OPPO ZIWU Cyber Security Lab | CVE-2021-1967 |
September
| Researchers | CVEs |
|---|---|
| 360 Alpha Lab | CVE-2021-1963 |
| Aman Pandey of bugsmirror | CVE-2021-0686 |
| Bernardo Rufino of Google | CVE-2021-0693 |
| Bogdan | CVE-2021-0682 |
| Dawn Security Lab, JD.com | CVE-2021-0691 |
| Fei Zhang, Tan Liu, and Qiyuan Tong of ZTE Cybersecurity Lab | CVE-2021-1971, CVE-2021-1974 |
| Gengjia Chen ( @chengjia4574 ) from IceSword Lab | CVE-2021-1941, CVE-2021-1948 |
| Hao Ke (柯昊) of Google Android Malware Research | CVE-2021-0683 |
| Harsh Tyagi | CVE-2021-0595 |
| Le Wu (吴乐) of Baidu Security | CVE-2021-0635, CVE-2021-0636 |
| Leon Scroggins III of Google | CVE-2021-0689 |
| Michał Bednarski (michalbednarski) | CVE-2021-0685 |
| Mitch Phillips using HWASan | CVE-2021-0869 |
| Nathan Harold of Google | CVE-2021-0644 |
| Pratheesh P Narayanan | CVE-2021-0687 |
| Ragini Angarkar (ragini.angarkar@gmail.com) | CVE-2021-0688 |
| Siarhei Vishniakou of Google | CVE-2021-0684 |
| Tamir Zahavi-Brunner | CVE-2021-1961 |
| WuHeng Lab of Bytedance | CVE-2021-0428 |
| Xianlin Wu(吴宪林) of OPPO Amber Security Lab | CVE-2021-0681 |
| Xingyu Jin of Google | CVE-2021-30295, CVE-2021-0695 |
| Yanfeng Wang (bigwyfone@gmail.com) of 360 Alpha Lab. | CVE-2021-1962 |
| Yu-Cheng Lin (林禹成) (@AndroBugs) | CVE-2021-0598, CVE-2021-0692 |
August
| Researchers | CVEs |
|---|---|
| Aman Pandey of bugsmirror | CVE-2021-0641 |
| Ben Hawkes and Jann Horn of Google Project Zero | CVE-2021-1904 |
| Yu-Cheng Lin (林禹成) (@AndroBugs) and En He of OPPO ZIWU Security Lab | CVE-2021-0591, CVE-2021-0593 |
| Google OSS-Fuzz | CVE-2021-1972 |
| gzobqq@gmail.com | CVE-2021-3347 |
| Haikuo Xie of Singular Security Lab | CVE-2021-0578, CVE-2021-0579, CVE-2021-0580, CVE-2021-0581, CVE-2021-0582 |
| Jann Horn from Google Project Zero | CVE-2021-1947 |
| KryptoWire | CVE-2021-1929 |
| Le Wu (吴乐) of Baidu Security | CVE-2021-0573, CVE-2021-0574, CVE-2021-0576 |
| Matthew Daley | CVE-2021-0645 |
| Mohamed Sabt of the University of Rennes, CNRS, IRISA and Gwendal Patat | CVE-2021-0639 |
| Nan Wang (@eternalsakura13) and Guang Gong of Alpha Lab, Qihoo 360 | CVE-2021-0646 |
| Neo Ma of Trend Micro Mobile security research working with Trend Micro Zero Day Initiative | CVE-2021-0640 |
| Peter Park (peterpark) | CVE-2021-30260 |
| tomz.ppmm@gmail.com | CVE-2021-0584 |
| xbq | CVE-2021-30261 |
July
| Researchers | CVEs |
|---|---|
| Calum Hutton (Perspective Risk) | CVE-2020-0368 |
| Chaoyuan Peng | CVE-2021-0589, CVE-2021-0596 |
| Dawn Security Lab, JD.com | CVE-2021-0515 |
| Dennis Kugelmann | CVE-2021-0654 |
| Devin Moore of Google | CVE-2021-0585 |
| Gengjia Chen ( @chengjia4574 ) from IceSword Lab | CVE-2021-1897, CVE-2021-1899, CVE-2021-1901, CVE-2021-1943, CVE-2021-1945, CVE-2021-1954, CVE-2021-1964 |
| Guang Gong (@oldfresher) of Alpha Team, Qihoo 360 Technology Co. Ltd. | CVE-2021-0514 |
| Güliz Seray Tuncay of Google | CVE-2021-0486 |
| Haikuo Xie of Singular Security Lab | CVE-2021-1938, CVE-2021-1953, CVE-2021-1955 |
| Hao Chen (@flankersky) and Guang Gong (@oldfresher) of 360 Alpha Lab | CVE-2021-1965, CVE-2021-1970 |
| hard_______ | CVE-2020-0417 |
| Le Wu (吴乐) of Baidu Security | CVE-2021-0577 |
| Man Yue Mo <mmo@semmle.com> | CVE-2021-1940 |
| Sergey Toshin (@bagipro) of Oversecured Inc. | CVE-2021-0600 |
| Steven Moreland of Google | CVE-2021-0587 |
| Yu-Cheng Lin (林禹成) (@AndroBugs) | CVE-2021-0586, CVE-2021-0588, CVE-2021-0590, CVE-2021-0597, CVE-2021-0599, CVE-2021-0603 |
| Zeeshan Shaikh (@bugzzzhunter) from NotSoSecure | CVE-2021-0602 |
June
| Researchers | CVEs |
|---|---|
| Aman Pandey of bugsmirror | CVE-2021-0478, CVE-2021-0513 |
| Android Security Red Team | CVE-2021-0512 |
| Anonymous | CVE-2021-0554 |
| Calin Juravle of Google | CVE-2021-0511 |
| Chaoyuan Peng | CVE-2021-0507, CVE-2021-0555, CVE-2021-0557 |
| Chong Wang (王冲) | CVE-2021-0508, CVE-2021-0509, CVE-2021-0510, CVE-2021-0520, CVE-2021-0564 |
| Dzmitry Lukyanenka | CVE-2021-0608 |
| En He of OPPO ZIWU Security Lab | CVE-2021-0536 |
| Gengjia Chen ( @chengjia4574 ) of IceSword Lab, Qihoo 360 Technology Co. Ltd. | CVE-2021-0540, CVE-2021-0541, CVE-2021-0543, CVE-2021-0544, CVE-2021-0545, CVE-2021-0546 |
| Gengjia Chen ( @chengjia4574 ) of IceSword Lab, Qihoo 360 Technology Co. Ltd. and Chaoyuan Peng | CVE-2021-0504 |
| GWP-ASan | CVE-2021-0522, CVE-2021-0565 |
| Hai Zhang of Google | CVE-2021-0571 |
| Haikuo Xie of Singular Security Lab | CVE-2021-1925, CVE-2021-1937 |
| Hang Zhang & Zhiyun Qian (UC Riverside) | CVE-2021-0607 |
| Hao Chen and Guang Gong of Alpha Team, Qihoo 360 Technology Co. Ltd. | CVE-2021-0605 |
| hard_______ | CVE-2021-0542, CVE-2021-0569 |
| Hongli Han (@hexb1n) and Guang Gong (@oldfresher) of 360 Alpha Lab working with 360 BugCloud | CVE-2021-0566 |
| Le Wu (吴乐) of Baidu Security | CVE-2021-0525, CVE-2021-0526, CVE-2021-0527, CVE-2021-0528, CVE-2021-0529, CVE-2021-0530, CVE-2021-0531, CVE-2021-0532, CVE-2021-0533 |
| Matt Domenici of Google | CVE-2021-0517 |
| Neo Ma and Jesse Chang of Trend Micro working with Trend Micro’s Zero Day Initiative | CVE-2021-0535 |
| Pratheesh P. Narayanan | CVE-2021-0551 |
| Qi Zhao (@JHyrathon) and Guang Gong (@oldfresher) of Alpha Team, Qihoo 360 Technology Co. Ltd. | CVE-2020-11304 |
| Seigo Nonaka of Google | CVE-2021-0567 |
| Sergey Toshin (@bagipro) of Oversecured Inc. | CVE-2021-0550 |
| Slava Makkaveev Of Checkpoint | CVE-2020-11292 |
| Tao Sauvage of IOActive | CVE-2021-0548 |
| Will Coster of Google | CVE-2020-1971 |
| Xia Guangshuai & Zhang Qing of ByteDance, Bai Guangdong of The University of Queensland / 字节跳动的夏光帅和张清,昆士兰大学的白光冬 | CVE-2021-0521 |
| Yanfeng Wang of 360 Alpha Lab working with 360 BugCloud | CVE-2021-0606 |
| Yu-Cheng Lin (林禹成) (@AndroBugs) | CVE-2021-0506, CVE-2021-0534, CVE-2021-0547, CVE-2021-0549, CVE-2021-0568 |
May
| Researchers | CVEs |
|---|---|
| 360 Alpha Lab | CVE-2021-1927 |
| Andrey Tsaplin of Resonance Software | CVE-2019-2219 |
| Bram Bonné of Google | CVE-2021-0466 |
| Dimitrios Valsamaras (Linkedin) of Cognizant | CVE-2021-0485 |
| Edward Cunningham of Google | CVE-2021-0472 |
| Evgenii Stepanov of Google | CVE-2020-11295, CVE-2020-11295 |
| Frédéric Basse | CVE-2021-0467 |
| GWP-ASan | CVE-2021-0476 |
| Güliz Seray Tuncay of Google | CVE-2021-0486 |
| hard_______ | CVE-2021-0487 |
| Hongli Han (@hexb1n) and Guang Gong (@oldfresher) of 360 Alpha Lab working with 360 BugCloud | CVE-2021-0482 |
| Le Wu (吴乐) of Baidu Security | CVE-2021-0489, CVE-2021-0490, CVE-2021-0491, CVE-2021-0492, CVE-2021-0493, CVE-2021-0494, CVE-2021-0495, CVE-2021-0496, CVE-2021-0497, CVE-2021-0498 |
| Łukasz Siewierski of Google | CVE-2021-0324 |
| Ned Williamson of Google Project Zero | CVE-2021-0473 |
| Peter Park (peterpark) | CVE-2021-1915 |
| Qi Zhao (@JHyrathon) and Guang Gong (@oldfresher) of Alpha Team, Qihoo 360 Technology Co. Ltd. | CVE-2020-11293, CVE-2020-11293 |
| Song Hu (胡松), Jiawei Qin (秦佳伟) of System Security Center of the State Key Laboratory of Network and Switching Technology, Beijing University of Posts and Telecommunications(北京邮电大学网络与交换技术国家重点实验室) and Tengfei Tu(涂腾飞) of Zhongshi Ruian Beijing Network Technology Co., Ltd (中时瑞安(北京)网络科技有限责任公司) | CVE-2021-0484 |
| Wenwen Wang and Fei of L.O. Team | CVE-2021-0475 |
| Yu-Cheng Lin (林禹成) (@AndroBugs) | CVE-2021-0480 |
April
| Researchers | CVEs |
|---|---|
| Chong Wang (王冲) | CVE-2021-0436, CVE-2021-0437, CVE-2021-0471 |
| Cusas of L.O. Team | CVE-2021-0431, CVE-2021-0435 |
| Elliott Brooks | CVE-2021-0443 |
| GWP-ASan | CVE-2021-0429, CVE-2021-0432 |
| Ned Williamson of Google Project Zero | CVE-2021-0430 |
| Rob Carr of Google | CVE-2021-0438 |
| Sergey Toshin (@bagipro) of Oversecured Inc. | CVE-2021-0444 |
| Soonil Nagarkar of Google | CVE-2021-0400 |
| Weiteng Chen (wchen130@ucr.edu) | CVE-2020-11231 |
| Xiaobo Xiang; Guang Gong of Alpha Lab, Qihoo 360 Technology Co. Ltd | CVE-2021-0426, CVE-2021-0427 |
| Mingming Wang (汪明明) | CVE-2021-0442 |
March
| Researchers | CVEs |
|---|---|
| 18be2a6c | CVE-2021-0449, CVE-2021-0450, CVE-2021-0451, CVE-2021-0452, CVE-2021-0453, CVE-2021-0454, CVE-2021-0455, CVE-2021-0456 |
| 360 Alpha Lab | CVE-2020-11290 |
| 7h0r | CVE-2021-0391 |
| Alvin Abdagic of Google | CVE-2021-0369 |
| Aman Pandey of bugsmirror | CVE-2021-0389 |
| Andr. Ess | CVE-2020-0025 |
| Android Security Red Team | CVE-2021-0371 |
| Arash Tohidi (h4ul4) | CVE-2020-11194, CVE-2020-11195 |
| Ben Hutchings of Codethink Ltd | CVE-2020-11230 |
| Bodong Zhao from Tsinghua University | CVE-2021-0461 |
| Dharmeshkumar Mokani of Google | CVE-2021-0375 |
| Fei, Wenwen Wang, and Cusas of L.O.Team | CVE-2021-0397 |
| Gengjia Chen ( @chengjia4574 ) of IceSword Lab, Qihoo 360 Technology Co. Ltd. | CVE-2021-0370, CVE-2020-11308 |
| GWP-ASan | CVE-2021-0464 |
| hhjack (hhj4ck) | CVE-2020-11199 |
| Hongli Han (@hexb1n) and Guang Gong (@oldfresher) of 360 Alpha Lab working with 360 BugCloud | CVE-2021-0387, CVE-2021-0392, CVE-2021-0395 |
| Jeff Sharkey of Google | CVE-2021-0376 |
| Jesse Chang and Jack Tang of Trend Micro working with Trend Micro's Zero Day Initiative | CVE-2021-0457, CVE-2021-0458, CVE-2021-0459, CVE-2021-0460 |
| Jun Yao (姚俊) (@_2freeman) and Guang Gong (@oldfresher) of 360 Alpha Lab working with 360 BugCloud | CVE-2020-11309 |
| Miao Hu and Yufei Liu of KeenLab (@keen_lab), Tencent | CVE-2021-0383, CVE-2021-0388 |
| Michał Bednarski (michalbednarski) | CVE-2021-0382, CVE-2021-0398 |
| Mitch Phillips using HWASan/GWP-ASan | CVE-2021-0465, CVE-2021-0463 |
| Qidan He (@flanker_hqd" | CVE-2021-0393 |
| Roshan Pius of Google | CVE-2021-0390 |
| Steven Moreland of Google | CVE-2021-0394 |
| Wen Guanxing from Pangu LAB | CVE-2020-3664 |
| Will Coster of Google | CVE-2021-0377 |
| Xianfeng Lu (卢先锋) and Wu Chen (陈武) of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. | CVE-2021-0374 |
| Xianfeng Lu (卢先锋) of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. | CVE-2021-0385 |
| Yu-Cheng Lin (林禹成) (@AndroBugs) | CVE-2021-0380 |
February
| Researchers | CVEs |
|---|---|
| 7h0r | CVE-2021-0333 |
| Bernardo Rufino of Google | CVE-2021-0302, CVE-2021-0305 |
| Chong Zhang of Android Media Team | CVE-2021-0340 |
| Domien Schepers | CVE-2020-11270, CVE-2020-11280, CVE-2020-11281, CVE-2020-11287 |
| Edward Cunningham of Google | CVE-2021-0339 |
| Hongli Han (@hexb1n) and Guang Gong (@oldfresher) of 360 Alpha Lab working with 360 BugCloud | CVE-2021-0329, CVE-2021-0330, CVE-2021-0332 |
| Jeyasri. A (LinkedIn, @Jeyasri001, @jeyasri__001) and mr.karthikeyan (LinkedIn) | CVE-2021-0334 |
| Man Yue Mo of GitHub Security Lab | CVE-2020-11282 |
| Manthi Le of Infosys at Google | CVE-2021-0335 |
| Matthew Daley | CVE-2021-0337 |
| Michał Bednarski (michalbednarski) | CVE-2021-0327 |
| OSS-Fuzz and Jouni Malinen, Qualcomm | CVE-2021-0326 |
| Raymond Wang | CVE-2021-0338 |
| Sulthan Alaudeen (@parallel_beings) | CVE-2020-11286 |
| Vincent Toubiana | CVE-2021-0328 |
| Will Coster of Google | CVE-2020-11203 |
| Yuri Schimke of Google | CVE-2021-0341 |
January
| Researchers | CVEs |
|---|---|
| 7h0r | CVE-2021-0315 |
| Aman Pandey of bugsmirror | CVE-2021-0319 |
| Anthony Steinhauser of Google | CVE-2020-10767 |
| excalibursec59@gmail.com of topsec (蒋钟庆) | CVE-2016-6328 |
| Gengjia Chen (@chengjia4574) of IceSword Lab, Qihoo 360 Technology Co. Ltd. | CVE-2021-0316 |
| Gerald Palfinger, A-SIT Secure Information Technology Center Austria / Institute for Applied Information Processing and Communications (IAIK), Graz University of Technology | CVE-2021-0321 |
| Hasini Gunasinghe of Google | CVE-2021-0320 |
| Hongli Han (@hexb1n) and Guang Gong (@oldfresher) of 360 Alpha Lab working with 360 BugCloud | CVE-2020-11161, CVE-2021-0310, CVE-2021-0318 |
| Jazzy (@ret2jazzy) of Google | CVE-2021-0308 |
| Jun Yao (姚俊) (@_2freeman) and Guang Gong (@oldfresher) of 360 Alpha Lab working with 360 BugCloud | CVE-2020-11160 |
| Konstantin Milev | CVE-2021-0313 |
| Le Wu (吴乐) of Baidu Security | CVE-2021-0301 |
| Man Yue Mo of GitHub Security Lab | CVE-2020-11239, CVE-2020-11261 |
| Marco Nelissen of Google | CVE-2021-0311 |
| Matthew Daley | CVE-2021-0309 |
| Nathaniel Theis of IOActive security consultant | CVE-2020-0471 |
| Rui Li and Wenrui Diao, Shandong University | CVE-2021-0307, CVE-2021-0317 |
| Sergei Glazunov of Google Project Zero | CVE-2020-15999 |
| syzkaller, kernel fuzzer | CVE-2021-0342 |
| Wenrui Diao & Rui Li, Shandong University | CVE-2021-0306 |
| Xianbo Wang (@sanebow) of MobiTec, The Chinese University of Hong Kong | CVE-2020-27059 |
| Xiaodong Wang | CVE-2020-11250 |
| Zhaoming Yin of Google | CVE-2021-0303 |
2020
Android 11 security notes
| Researchers | CVEs |
|---|---|
| A.V. Flox and Yonatan Zunger | CVE-2020-0286 |
| Alexandru Bogdan Geana | CVE-2020-0369 |
| Andrea Possemato of IDEMIA | CVE-2020-0317, CVE-2020-0327, CVE-2020-0343, CVE-2020-0372 |
| Android Security Red Team | CVE-2020-0281, CVE-2020-0300, CVE-2020-0319, CVE-2020-0325, CVE-2020-0326, CVE-2020-0334, CVE-2020-0350 |
| Bruce Chen of Google | CVE-2020-0365 |
| Calum Hutton (Perspective Risk) | CVE-2020-0352 |
| Gengjia Chen (@chengjia4574) of IceSword Lab, Qihoo 360 Technology Co. Ltd. | CVE-2020-0335, CVE-2020-0348, CVE-2020-0349 |
| Chi Zhang and Guang Gong (@oldfresher) of 360 Alpha Lab working with 360 BugCloud (https://bugcloud.360.cn/) | CVE-2020-0341, CVE-2020-0354 |
| Chong Wang (王冲) (weibo.com/csddl) from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd. | CVE-2020-0264, CVE-2020-0322, CVE-2020-0323 |
| Cusas @ L.O. Team | CVE-2020-0266, CVE-2020-0301, CVE-2020-0320, CVE-2020-0332, CVE-2020-0351, CVE-2020-0353 CVE-2020-0362 |
| Cyrille Chatras of Orange Labs | CVE-2020-0130 |
| Dai of L.O. Team | CVE-2020-0287 |
| Daoyuan Wu of The Chinese University of Hong Kong | CVE-2020-0308, CVE-2020-0374 |
| Edward Cunningham of Google | CVE-2020-0263, CVE-2020-0275, CVE-2020-0313, CVE-2020-0426 |
| En He of OPPO ZIWU Cyber Security Lab | CVE-2020-0331, CVE-2020-0405 |
| Gerald Palfinger, A-SIT Secure Information Technology Center Austria / Institute for Applied Information Processing and Communications (IAIK), Graz University of Technology | CVE-2021-0846 |
| Evgenii Stepanov of Google | CVE-2020-0268, CVE-2020-0330 |
| Hamzeh Zawawy of Google | CVE-2020-0291 |
| Hao Liu and Jianqiang Zhao of IceSword Lab, Qihoo 360 | CVE-2020-0282 |
| Hongli Han (@hexb1n) and Guang Gong (@oldfresher) of 360 Alpha Lab working with 360 BugCloud (https://bugcloud.360.cn/) | CVE-2020-0273, CVE-2020-0357, CVE-2020-0358 |
| Ilja van Sprundel of IOActive | CVE-2020-0328 |
| Jeff Vander Stoep of Google | CVE-2020-0293 |
| Joshua Steiner | CVE-2020-0366 |
| Kostya Serebryany of Google using libFuzzer and AddressSanitizer | CVE-2020-0279 |
| Lorne Laliberte (mailto:lorne.laliberte@gmail.com, @creativekind) | CVE-2020-0333 |
| Matthew Daley | CVE-2020-0265, CVE-2020-0277, CVE-2020-0288, CVE-2020-0289, CVE-2020-0290, CVE-2020-0298, CVE-2020-0299, CVE-2020-0360 |
| Miao Hu and Yufei Liu of KeenLab (@keen_lab), Tencent | CVE-2020-0276, CVE-2020-0284, CVE-2020-0285, CVE-2020-0314, CVE-2020-0316, CVE-2020-0375 |
| Michal Bednarski (https://github.com/michalbednarski) | CVE-2020-0344, CVE-2020-0345, CVE-2020-27097, CVE-2020-27098 |
| Mingjian Zhou (周明建) (@Mingjian_Zhou) of C0RE Team | CVE-2020-0329 |
| Niky(kittymore83@gmail.com) of China Mobile | CVE-2019-8842 |
| Pedro Umbelino, Security Researcher at Checkmarx | CVE-2020-0089 |
| Qi Zhao (@JHyrathon) and Guang Gong (@oldfresher) of Alpha Lab, Qihoo 360 Technology Co. Ltd. | CVE-2020-0272 |
| Qilin Wang(王麒麟),Jiawei Qin(秦佳伟) of Gtensor Team, Cyber Security Center, State Key Laboratory of Network and Switching Technology, Beijing University of Posts and Telecommunications(北京邮电大学网络与交换技术国家重点实验室) and Tengfei Tu(涂腾飞) of Zhongshi Ruian Beijing Network Technology Co., Ltd (中时瑞安(北京)网络科技有限责任公司) | CVE-2020-0363 |
| Stephan Zeisberg of Security Research Labs | CVE-2020-3898 |
| tomz | CVE-2020-0271 |
| V.E.O. (@VYSEa) (一〇) of Ant Financial | CVE-2020-0292 |
| Will Coster of Google | CVE-2020-0356 |
| Xiaobo Xiang and Guang Gong of Alpha Lab, Qihoo 360 Technology Co. Ltd | CVE-2020-0309, CVE-2020-0347, CVE-2020-0359 |
| Yong Wang (王勇) (@ThomasKing2014) of Alibaba Security | CVE-2020-0274 |
| Yury Shabalin (@Mr_R1p), Evgeniy Blashko (@jd7drw) of Stingray LLC (https://stingray-mobile.ru/) | CVE-2020-0267 |
| Zinuo Han (weibo.com/ele7enxxh) of Alibaba Cloud Security Team | CVE-2020-0125, CVE-2020-0303, CVE-2020-0324, CVE-2020-0336, CVE-2020-0346, CVE-2020-0364, CVE-2020-0370, CVE-2020-0373 |
December
| Researchers | CVEs |
|---|---|
| Abhay Kailasia, student of Lakshmi Narain College of Technology, Bhopal, MP, INDIA | CVE-2020-0473,CVE-2020-0485 |
| Alan Stokes of Google | CVE-2020-27056 |
| Aman Pandey | CVE-2020-27054 |
| Andr. Ess | CVE-2020-0202 |
| Andrii Kulian of Google | CVE-2020-0440 |
| Android Security Red Team | CVE-2020-0465, CVE-2020-27031, CVE-2020-27033, CVE-2020-27043 |
| Ben Hawkes | CVE-2020-11179 |
| Chong Wang (王冲) (weibo.com/csddl) of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. | CVE-2020-11183, CVE-2020-27036, CVE-2020-27037, CVE-2020-27040 |
| d414d4 | CVE-2020-27066, CVE-2020-27067 |
| Daniel Jarai of Bartec Pixavi | CVE-2020-27052 |
| David Su of Google | CVE-2020-0459, CVE-2020-27053 |
| Edward Cunningham of Google | CVE-2020-0294,CVE-2020-0464, CVE-2020-0500, CVE-2020-27041 |
| excalibursec59@gmail.com of topsec (蒋钟庆) | CVE-2020-0470, CVE-2020-0478 |
| Gengjia Chen (@chengjia4574) of IceSword Lab, Qihoo 360 Technology Co. Ltd. | CVE-2020-27021,CVE-2020-27027, CVE-2020-27028 |
| gzobqq@gmail.com | CVE-2020-0466 |
| Haikuo Xie of Huawei Security and Ying Wang of Baidu Security Lab | CVE-2020-11225 |
| Hamzeh Zawawy of Google | CVE-2020-0244 |
| Hao Liu and Jianqiang Zhao of IceSword Lab, Qihoo 360 | CVE-2020-0482,CVE-2020-0493, CVE-2020-0495, CVE-2020-0496, CVE-2020-11152 |
| Hao Zhou, Xiapu Luo from the Hong Kong Polytechnique University, Haoyu Wang, Xiaoting Wang from the Beijing University of Posts and Telecommunications, Yajin Zhou from the Zhejiang University, and Yutian Tang from the Shanghai Tech University | CVE-2020-27057 |
| Hongli Han (@hexb1n) and Guang Gong (@oldfresher) of 360 Alpha Lab working with 360 BugCloud | CVE-2020-0483, CVE-2020-0484, CVE-2020-11148, CVE-2020-27035 |
| Hugo M. H. Hue of the Chinese University of Hong Kong (CUHK) | CVE-2020-27055 |
| Jun Yao (姚俊) (@_2freeman) and Guang Gong (@oldfresher) of 360 Alpha Lab working with 360 BugCloud | CVE-2020-11146, CVE-2020-11149, CVE-2020-11150, CVE-2020-11151 |
| Le Wu (吴乐) of Baidu Security | CVE-2020-0455, CVE-2020-0456, CVE-2020-0457 |
| Linus Tufvesson of Google | CVE-2020-0475 |
| Matthew Daley | CVE-2020-0479, CVE-2020-0480, CVE-2020-0481, CVE-2020-0486, CVE-2020-0497, CVE-2020-27032 |
| Maxim Pestryakov | CVE-2020-0099 |
| Michael Farrell of Google | CVE-2020-27026 |
| Nathan Harold of Google | CVE-2020-0460, CVE-2020-0468 |
| Paul Ngo | CVE-2020-0467 |
| Pengfei Ding (丁鹏飞) of Huawei and Chong Wang (王冲) (weibo.com/csddl) from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd. | CVE-2020-27068 |
| Phil Burk of Google | CVE-2020-0458 |
| Pierre-Hugues Husson | CVE-2020-0016, CVE-2020-0019 |
| Pratheesh P. Narayanan | CVE-2020-27029 |
| Rubin Xu of Google | CVE-2020-0469 |
| Stephen Crane of Immunant | CVE-2020-27044 |
| syzkaller, kernel fuzzer | CVE-2020-0444 |
| Tao Sauvage of IOActive | CVE-2020-27045, CVE-2020-27046, CVE-2020-27047, CVE-2020-27048, CVE-2020-27049, CVE-2020-27050, CVE-2020-27051 |
| Titan of MS509Team | CVE-2020-27034, CVE-2020-27039 |
| Wenwen Wang and Fei of L.O. Team | CVE-2020-0463 |
| Will Coster of Google | CVE-2020-27023, CVE-2020-27025 |
| Xianfeng Lu (卢先锋) and Wu Chen (陈武) of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. | CVE-2020-27024 |
| Xiaobo Xiang and Guang Gong of Alpha Lab, Qihoo 360 Technology Co. Ltd | CVE-2020-0489 |
| Xuan Xing of Google | CVE-2020-0280 |
| Yu-Cheng Lin (林禹成) (@AndroBugs) | CVE-2020-0477, CVE-2020-27030 |
| Zhaoming Yin of Google | CVE-2020-0474 |
November
| Researchers | CVEs |
|---|---|
| Alwen Tiu of The Australian National University and Jim Mussared of George Robotics | CVE-2020-12856 |
| Aman Pandey | CVE-2020-0448 |
| Anonymous | CVE-2020-0437, CVE-2020-11123 |
| Dylan Katz of Leviathan Security | CVE-2020-0409 |
| Joel Reardon, University of Calgary and AppCensus, Inc. | CVE-2020-0454 |
| Ned Williamson and Hua Sun of Google | CVE-2020-0424 |
| Pratheesh P. Narayanan | CVE-2020-0441, CVE-2020-0442 |
| Qi Zhao and Guang Gong 360 Alpha Lab working with 360 BugCloud | CVE-2020-11132 |
| Sithi | CVE-2020-0443 |
| Stephen Crane | CVE-2020-0438 |
| Tao Sauvage of IOActive | CVE-2020-0450 |
| Wei Liu (刘炜) of Tencent Security Xuanwu Lab (腾讯安全玄武实验室) | CVE-2020-0452 |
| Wenke Dou and Guang Gong (@oldfresher) of Alpha Lab, Qihoo 360 Technology Co. Ltd. | CVE-2020-11121, CVE-2020-11130 |
| Wenrui Diao and Rui Li of Shandong University | CVE-2020-0418 |
| Winson Chiu of Google | CVE-2020-0439 |
| XUEN LI (@lxe524) and Le Wu (吴乐) of Baidu Security | CVE-2020-0445, CVE-2020-0446 |
| Yang Xiao (@VARAS_IIE) | CVE-2020-11131 |
October
| Researchers | CVEs |
|---|---|
| Bernardo Rufino of Google | CVE-2020-0416 |
| Chong Wang (王冲) (csddl147@gmail.com) | CVE-2020-0377, CVE-2020-0413 |
| Dai of L.O. Team | CVE-2020-0411 |
| Dylan Katz of Leviathan Security | CVE-2020-0408, CVE-2020-0421 |
| Edward Cunningham of Google | CVE-2020-0412, CVE-2020-0419 |
| Francesco Durighetto of Bandyer | CVE-2020-0414 |
| Hao Liu and Jianqiang Zhao of IceSword Lab, Qihoo 360 | CVE-2020-0213 |
| hard_______ | CVE-2020-0422 |
| Hongli Han (@hexb1n) and Mingjian Zhou (周明建) (@Mingjian_Zhou) of C0RE Team | CVE-2019-2194 |
| Jun Yao (姚俊) (@_2freeman) and Guang Gong (@oldfresher) of 360 Alpha Lab working with 360 BugCloud | CVE-2020-11173, CVE-2020-11174 |
| Matheus E. Garbelini, Sudipta Chattopadhyay, and Chundong Wang of Singapore University Technology and Design | CVE-2020-3703, CVE-2020-3704 |
| Matthew Daley | CVE-2020-0246, CVE-2020-0378 |
| Sergei Volokitin of Riscure | CVE-2020-0283, CVE-2020-0339, CVE-2020-0367, CVE-2020-0371, CVE-2020-0376 |
| Will Coster of Google | CVE-2020-0410, CVE-2020-0415 |
| Xiaodong Wang, Hongli Han, Peng Zhou and Guang Gong of 360 Alpha Lab working with 360 BugCloud | CVE-2020-0423 |
| Yiwei Zhang of Google | CVE-2020-0420 |
| Yu-Cheng Lin (林禹成) (@AndroBugs) | CVE-2020-0215 |
September
| Researchers | CVEs |
|---|---|
| derrek | CVE-2019-10498 |
| Abhijeet Kaur of Google | CVE-2020-0382 |
| Alain Iamburg of IO Active | CVE-2020-0432 |
| Anonymous | CVE-2020-0393 |
| Arash Tohidi (h4ul4) | CVE-2019-14074 |
| d414d4 (d414d4@gmail.com) | CVE-2020-0430, CVE-2020-0433 |
| Edward Cunningham of Google | CVE-2020-0074, CVE-2020-0387 |
| Elena Petrova of Google | CVE-2020-0427 |
| Eric Biggers of Google | CVE-2020-0407 |
| Evgenii Stepanov of Google | CVE-2019-10518 |
| Hamzeh Zawawy of Google | CVE-2020-0380 |
| Hao Liu and Jianqiang Zhao of IceSword Lab, Qihoo 360 | CVE-2020-0435 |
| hard_______ | CVE-2020-0388 |
| Hayawardh Vijayakumar (vijayakuma@samsung.com) and Lee Harrison (lee.harrison@samsung.com) | CVE-2020-3679 |
| Hongli Han (@hexb1n) and Guang Gong (@oldfresher) of 360 Alpha Lab working with 360 BugCloud | CVE-2020-0392 |
| Ian Thompson of Green Hills Software | CVE-2020-0278 |
| @ickyphuz | CVE-2019-2290 |
| Jann Horn of Google Project Zero | CVE-2020-0390 |
| Manish Patel of Green Hills Software | CVE-2020-0342 |
| Matthew Daley | CVE-2020-0401 |
| Max Spector, Hamzeh Zawawy, Kris Alder, Christopher Cole, Jessica Lin, Dmitry Vyukov, Michael Specter, and Abhishek Arya of Google | CVE-2020-0429 |
| Mitch Phillips of Google | CVE-2020-0434, CVE-2020-3671 |
| Pengfei Ding (丁鹏飞) of Huawei Mobile Security Lab | CVE-2019-2284, CVE-2019-10564 |
| RA Position at Cactilab (https://cactilab.github.io/) of University at Buffalo | CVE-2020-0394 |
| Ryan Johnson and Mohamed Elsabagh of Kryptowire | CVE-2020-0391 |
| Shuo Qian of Google | CVE-2020-0396 |
| Sourcell Xu of HatLab, DBAPP Security(安恒信息 海特实验室 的 徐井源) | CVE-2020-0379 |
| Tancy at Cactilab (https://cactilab.github.io/) of University at Buffalo | CVE-2020-0386 |
| @TimGMichaud of Leviathan Security Group | CVE-2019-10521 |
| Trend Micro | CVE-2019-10519 |
| Xiaobo Xiang; Guang Gong of Alpha Lab, Qihoo 360 Technology Co. Ltd | CVE-2020-0381, CVE-2020-0383, CVE-2020-0384, CVE-2020-0385 |
| Yanfeng Wang of C0RE Team, Qihoo 360 Technology Co. Ltd. | CVE-2020-3674 |
August
| Researchers | CVEs |
|---|---|
| aedla | CVE-2020-11115, CVE-2020-11116, CVE-2020-11118 |
| Dmitry Vyukov of Google | CVE-2020-0255 |
| Dor Avraham from Nexar | CVE-2020-0108 |
| Dzmitry Lukyanenka (https://www.linkedin.com/in/dzima) | CVE-2020-0238 |
| Hongli Han (@hexb1n) and Guang Gong (@oldfresher) of 360 Alpha Lab working with 360 BugCloud | CVE-2020-0241, CVE-2020-0242, CVE-2020-0243 |
| Jann Horn of Google Project Zero | CVE-2020-0257, CVE-2020-0258 |
| Jianqiang Zhao (@jianqiangzhao) and pjf (weibo.com/jfpan) of IceSword Lab, Qihoo 360 | CVE-2020-3646, CVE-2020-3647 |
| Matthew Daley | CVE-2020-0239 |
| Max Thomas | CVE-2020-11128 |
| Maxim Pestryakov | CVE-2020-0099 |
| Miao Hu and Yufei Liu of KeenLab (@keen_lab), Tencent (腾讯安全科恩实验室 的胡淼和刘宇飞) | CVE-2020-0250 |
| Pierre-Hugues Husson (@phhusson) of Softathome | CVE-2020-0259 |
| Ray Sukhoi | CVE-2020-0240 |
| Steven Moreland of Google | CVE-2020-0261 |
| Vasily Vasiliev | CVE-2020-0256 |
| Wu Le (吴乐) of Baidu Security | CVE-2020-0251, CVE-2020-0252, CVE-2020-0253, CVE-2020-0254, CVE-2020-0260 |
July
| Researchers | CVEs |
|---|---|
| aedla | CVE-2020-3698 |
| Alan Stokes of Google | CVE-2020-0122 |
| Arash Tohidi (@h4ul4) | CVE-2019-14101 |
| chengjia4574@gmail.com | CVE-2020-0225 |
| Chi Zhang and Mingjian Zhou (周明建) (@Mingjian_Zhou) of C0RE Team | CVE-2019-14037 |
| Chong Wang (王冲) (weibo.com/csddl) from Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. | CVE-2019-14093 |
| Hongli Han (@hexb1n) and Guang Gong (@oldfresher) of 360 Alpha Lab working with 360 BugCloud | CVE-2020-0226 |
| Ian Thompson of Green Hills Software | CVE-2020-0231 |
| Jianqiang Zhao (@jianqiangzhao) and pjf (weibo.com/jfpan) of IceSword Lab, Qihoo 360 Technology Co. Ltd. | CVE-2019-14100 |
| Matthew Daley | CVE-2020-0107 |
| Ray Sukhoi | CVE-2020-0224 |
| Ricky Wai of Google | CVE-2020-0227 |
June
| Researchers | CVEs |
|---|---|
| Andr. Ess | CVE-2020-0133 |
| Andrea Possemato (@_pox_) of IDEMIA | CVE-2020-0124, CVE-2020-0132, CVE-2020-0153, CVE-2020-0156, CVE-2020-0164, CVE-2020-0165, CVE-2020-0180, CVE-2020-0182, CVE-2020-0200, CVE-2020-0205, CVE-2020-0211, |
| Chi Zhang (email) and Mingjian Zhou (周明建) (@Mingjian_Zhou) of C0RE Team | CVE-2020-0129 |
| Chong Wang (王冲) (weibo.com/csddl) and Zhe jin (金哲) from cdsrc of Qihoo 360 Technology Co. Ltd. | CVE-2020-0176, CVE-2020-0185 |
| Cusas of L.O. Team | CVE-2020-0088, CVE-2020-0128, CVE-2020-0131, CVE-2020-0160, CVE-2020-0161, CVE-2020-0162, CVE-2020-0163, CVE-2020-0170, CVE-2020-0171, CVE-2020-0172, CVE-2020-0173, CVE-2020-0174, CVE-2020-0175, CVE-2020-0177, CVE-2020-0219 |
| Cyrille Chatras of Orange Labs | CVE-2020-0199 |
| Dacheng Shao (email) and Mingjian Zhou (周明建) (@Mingjian_Zhou) of C0RE Team | CVE-2019-10501 |
| Daulet Zhanguzin of Google | CVE-2020-0187 |
| Dave Burke of Google | CVE-2020-0203 |
| Emilian Peev of Google | CVE-2020-0120 |
| En He (何恩) (@heeeeen4x) of OPPO ZIWU Cyber Security Lab | CVE-2020-0114 |
| En He (@heeeeen4x) and Wenbo Chen of OPPO ZIWU Cyber Security Lab | CVE-2020-0188 |
| Evgenii Stepanov and Nick Desaulniers of Google | CVE-2020-0141 |
| Gaokun Li (李高坤) (koozxcv) of Vulpecker Team, Qihoo 360 Technology Co. Ltd. | CVE-2020-0155 |
| Gengjia Chen (@chengjia4574) of IceSword Lab, Qihoo 360 Technology Co. Ltd. | CVE-2020-0144, CVE-2020-0145, CVE-2020-0146, CVE-2020-0147, CVE-2020-0148, CVE-2020-0149, CVE-2020-0157, CVE-2020-0214, CVE-2020-0223, CVE-2020-0235 |
| Hanxiang Wen (email) and Mingjian Zhou (周明建) (@Mingjian_Zhou) of C0RE Team | CVE-2019-9460 |
| Hao Liu and Jianqiang Zhao of IceSword Lab, Qihoo 360 Technology Co. Ltd. | CVE-2020-0138, CVE-2020-0213 |
| Hongli Han (@hexb1n) and Guang Gong (@oldfresher) of 360 Alpha Lab working with 360 BugCloud | CVE-2020-0233 |
| Jianqiang Zhao(@jianqiangzhao) and pjf (weibo.com/jfpan) of IceSword Lab, Qihoo 360 Technology Co. Ltd. | CVE-2017-9704 |
| Jun Yao (姚俊) (@_2freeman) and Guang Gong (@oldfresher) of 360 Alpha Lab working with 360 BugCloud | CVE-2020-0232 |
| Kris Alder of Google | CVE-2020-0181, CVE-2020-0198 |
| Li Changjun (李长军) and Shen Ying(沈颖) from Huawei | CVE-2020-0206 |
| Man Yue Mo of GitHub Security Lab | CVE-2020-0139, CVE-2020-0140, CVE-2020-0142, CVE-2020-0143 |
| Matt Pape of Google | CVE-2020-0178 |
| Matthew Daley | CVE-2020-0135 |
| Mike dDavis | CVE-2020-0204 |
| Min Jang (@skensita) | CVE-2020-0117, CVE-2020-0137 |
| Mitch Phillips of Google | CVE-2020-0191, CVE-2020-0196 |
| Mitch Phillips using GWP-ASan | CVE-2020-0113 |
| Nate Jiang of Google | CVE-2020-0119 |
| Niky1235 (@jiych_guru) | CVE-2020-0127, CVE-2020-0169 |
| Qi Zhao (@JHyrathon) and Guang Gong (@oldfresher) of Alpha Lab, Qihoo 360 Technology Co. Ltd. | CVE-2020-0216 |
| Shuzhen Wang of Google | CVE-2020-0095 |
| Sigmund Albert Gorski III and William Enck of North Carolina State University, and Haining Chen of Google | CVE-2020-0208, CVE-2020-0209, CVE-2020-0210 |
| Steven Moreland of Google | CVE-2020-0118 |
| Tim Pisaki of Google | CVE-2020-0115 |
| V.E.O (@VYSEa) (一〇) of Ant Financial | CVE-2020-0184 |
| Wei Wang of Google | CVE-2020-0121 |
| Wenke Dou (email) and Guang Gong (@oldfresher) of Alpha Lab, Qihoo 360 Technology Co. Ltd. | CVE-2020-0186 |
| Xuan Xing of Google | CVE-2020-0150, CVE-2020-0154, CVE-2020-0158, CVE-2020-0159, CVE-2020-0217 |
| Yu Shan of Google | CVE-2020-0151 |
| Yu-Cheng Lin (林禹成) (@AndroBugs) | CVE-2020-0215 |
| Yuwei Zheng (郑玉伟) (@YuweiZheng101) of Bytedance Security Center | CVE-2020-0201 |
| Zinuo Han of Alibaba Cloud Security Team | CVE-2020-0126, CVE-2020-0134, CVE-2020-0152, CVE-2020-0167, CVE-2020-0197, CVE-2020-0218 |
May
| Researchers | CVEs |
|---|---|
| Andr. Ess | CVE-2020-0024 |
| Arash Tohidi of Solita | CVE-2019-14042, CVE-2019-14043 |
| Chong Wang (王冲) (weibo.com/csddl) from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd. | CVE-2020-0101 |
| Eugenia Lemberg of Google | CVE-2020-0103 |
| Gengjia Chen ( @chengjia4574 ) of IceSword Lab, Qihoo 360 Technology Co. Ltd. | CVE-2019-14038, CVE-2019-14039, CVE-2020-0220 |
| Ilja van Sprundel of IOActive | CVE-2020-0100 |
| John Høegh-Omdal of Promon (https://promon.co) | CVE-2020-0096 |
| Jun Yao (姚俊) (@freeman) and Guang Gong (@oldfresher] of Alpha Lab, Qihoo 360 Technology Co. Ltd. | CVE-2020-3680 |
| Kris Alder of Google | CVE-2020-0093 |
| Matthew Daley | CVE-2020-0105, CVE-2020-0109 |
| Michal Bednarski | CVE-2020-0098 |
| Monk Avel | CVE-2020-3610 |
| Svetoslav Ganov of Google | CVE-2020-0097 |
| Thierry Boulord | CVE-2020-0092 |
| Xiaobo Xiang; Guang Gong of Alpha Lab, Qihoo 360 Technology Co. Ltd | CVE-2020-0094 |
| Yu-Cheng Lin (林禹成) (@AndroBugs) | CVE-2020-0110 |
April
| Researchers | CVEs |
|---|---|
| aedla | CVE-2019-14131 |
| Arash Tohidi | CVE-2019-14009, CVE-2020-0075, CVE-2020-0076, CVE-2020-0077 |
| Bernardo Rufino and Edward Cunningham of Google | CVE-2020-0080 |
| Chong Wang (王冲) (weibo.com/csddl) from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd. | CVE-2019-10625, CVE-2020-0078, CVE-2020-0079 |
| D.2.Y.P (d2yp_) | CVE-2019-10624 |
| Dacheng Shao (email) and Mingjian Zhou (周明建) (@Mingjian_Zhou) of C0RE Team | CVE-2020-0067 |
| Eric Biggers and Paul Crowley of Google | CVE-2019-2056 |
| Gengjia Chen (@chengjia4574) of IceSword Lab, Qihoo 360 Technology Co. Ltd. | CVE-2020-0068 |
| Jianqiang Zhao (jianqiangzhao) | CVE-2019-10620 |
| Jianqiang Zhao (@jianqiangzhao) and pjf (weibo.com/jfpan) of IceSword Lab, Qihoo 360 Technology Co. Ltd. | CVE-2019-10556 |
| Man Yue Mo of GitHub Security Lab | CVE-2020-0070, CVE-2020-0071, CVE-2020-0072, CVE-2020-0073 |
| Michal Bednarski | CVE-2020-0082 |
| Peter Park (peterpark) | CVE-2019-14021, CVE-2019-14018 |
| Slava Makkaveev (email) | CVE-2019-10574 |
| Tamir Zahavi-Brunner (@tamir_zb) of Zimperium zLabs Team | CVE-2019-14040, CVE-2019-14041 |
| Zhihao Yao, Seyed Mohammadjavad Seyed Talebi, and Ardalan Amiri Sani of University of California, Irvine | CVE-2019-10547 |
| Zili Liang of Alibaba UC Team | CVE-2020-0081 |
March
| Researchers | CVEs |
|---|---|
| (avel) | CVE-2019-14072 |
| Min Jang (@skensita) | CVE-2020-0047 |
| Andrea Possemato (@_pox_) of IDEMIA / EURECOM and Yanick Fratantonio (@reyammer) of EURECOM | CVE-2020-0087 |
| Arash Tohidi | CVE-2020-0010, CVE-2020-0011, CVE-2020-0012, CVE-2020-0042, CVE-2020-0043, CVE-2020-0044 |
| Baozeng Ding (@sploving1) | CVE-2020-0066 |
| Calum Hutton (Perspective Risk) | CVE-2020-0060 |
| Carlo Di Dato of Advantio Ltd. | CVE-2020-0035 |
| Chad Brubaker of Android Platform Security | CVE-2020-0052 |
| Chong Wang (王冲) (weibo.com/csddl) of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. | CVE-2020-0033, CVE-2020-0048, CVE-2019-10544, CVE-2019-10623 |
| dex (Marcel Busch) of FAU Security Team, FAU Erlangen-Nuremberg | CVE-2019-10561 |
| Edward Cunningham of Google | CVE-2020-0054, CVE-2020-0061 |
| Eloi Sanfelix and Jordan Gruskovnjak of Blue Frost Security | CVE-2020-0041 |
| Etienne Helluy of Lafont Universit´e de Lille | CVE-2019-14095 |
| Feng Cao of Google | CVE-2020-0031 |
| Gengjia Chen (@chengjia4574) of IceSword Lab, Qihoo 360 Technology Co. Ltd. | CVE-2019-10584, CVE-2020-0055, CVE-2020-0056, CVE-2020-0057, CVE-2020-0058, CVE-2020-0059 |
| Hao Liu and Jianqiang Zhao of IceSword Lab, Qihoo 360 Technology Co. Ltd. | CVE-2020-0045 |
| Jann Horn of Google Project Zero | CVE-2019-13272 |
| Joshua Steiner | CVE-2020-0051 |
| Justin Gerhardt | CVE-2020-0062 |
| Michael Specter | CVE-2019-2264 |
| Niky1235 (@jiych_guru) | CVE-2020-0049 |
| Oscar Shu of Google | CVE-2020-0029 |
| Paul Hu of Google | CVE-2020-0036 |
| Peter Park (peterpark) | CVE-2019-14026, CVE-2019-14027, CVE-2019-14028 |
| Qi Zhao (@JHyrathon) and Guang Gong (@oldfresher) of Alpha Lab, Qihoo 360 Technology Co. Ltd. | CVE-2020-0050 |
| Raul Siles, DinoSec | CVE-2020-0083 |
| Richard Neal of Google | CVE-2020-0069 |
| Ricky Wai of Google | CVE-2020-0084 |
| Sulthan Alaudeen (@parallel_beings) | CVE-2019-14079 |
| Tommy Chiu of Google | CVE-2020-0063 |
| Will Coster of Google | CVE-2020-0053 |
| Xuan Xing of Google | CVE-2020-0037, CVE-2020-0038, CVE-2020-0039 |
| Zinuo Han(weibo.com/ele7enxxh) of Alibaba Cloud Security Team | CVE-2019-10592, CVE-2020-0046 |
February
| Researchers | CVEs |
|---|---|
| Alex Epifano (email) | CVE-2020-0018 |
| Colin Cross of Google | CVE-2020-0027 |
| Gengjia Chen (@chengjia4574) of IceSword Lab, Qihoo 360 Technology Co. Ltd. | CVE-2020-0005 |
| Gopi Palaniappan of Google | CVE-2020-0021 |
| Guang Gong (@oldfresher) of Alpha Lab, Qihoo 360 Technology Co. Ltd. | CVE-2019-10567 |
| Güliz Seray Tuncay of Google, from the University of Illinois at Urbana-Champaign, (http://tuncay2.web.engr.illinois.edu) (Güliz Tuncay) (email) | CVE-2019-2200 |
| Jan Ruge of Secure Mobile Networking Lab | CVE-2020-0022 |
| Lance Jiang and Moony Li of TrendMicro Mobile Security Research Team working with Trend Micro´s Zero Day Initiative | CVE-2019-14088 |
| Maddie Stone of Google Project Zero | CVE-2020-0030 |
| Matthew Daley | CVE-2020-0023 |
| Ricky Wai of Google | CVE-2020-0014 |
| Yohei Yukawa of Google | CVE-2020-0017 |
January
| Researchers | CVEs |
|---|---|
| Evgenii Stepanov of Google | CVE-2019-10582, CVE-2019-10583, CVE-2020-0008 |
| Jann Horn of Google Project Zero | CVE-2019-17666, CVE-2020-0009 |
| Michal Bednarski | CVE-2020-0001 |
| Mitch Phillips of Google | CVE-2020-0002 |
| Pengfei Ding (丁鹏飞) of Huawei Mobile Security Lab | CVE-2019-10486, CVE-2019-10494, CVE-2019-10503 |
| Rong Fan (@fanrong1992) and Simon Huang (@HuangShaomang) of IceSword Lab, Qihoo 360 Technology Co. Ltd. | CVE-2020-0004 |
| Steven Moreland of Google | CVE-2020-0007 |
| Xuan Xing of Google | CVE-2020-0006 |
2019
Android 10 security notes
| Researchers | CVEs |
|---|---|
| Aditya Narkar, Joydeep Mitra, and Venkatesh-Prasad Ranganath as part of Ghera project at Kansas State University, USA | CVE-2019-9463 |
| Adrian Roos of Google | CVE-2019-9280 |
| Aman Pandey, Student of Maulana Azad National Institute of Technology Bhopal, M.P, India | CVE-2019-9407 |
| Andrea Possemato (@_pox_) of IDEMIA / EURECOM and Yanick Fratantonio ( @reyammer) of EURECOM | CVE-2019-9292 |
| Andrei Popescu of Google | CVE-2019-9475 |
| Baozeng Ding (@sploving) | CVE-2019-10528 |
| Baozheng Liu (@iromise) of Tsinghua University, research intern at Alpha Lab and Guang Gong (@oldfresher) of Alpha Lab, Qihoo 360 Technology Co. Ltd. | CVE-2019-2088 |
| Chi Zhang and Mingjian Zhou (周明建) (@Mingjian_Zhou) of C0RE Team | CVE-2019-9237, CVE-2019-9241, CVE-2019-9363 |
| Chirayu Desai of The Calyx Institute | CVE-2019-9436 |
| Chong Wang (王冲) (weibo.com/csddl) from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd. | CVE-2019-2060, CVE-2019-2146, CVE-2019-2156, CVE-2019-2162, CVE-2019-9234, CVE-2019-9243, CVE-2019-9249, CVE-2019-9250, CVE-2019-9289, CVE-2019-9312, CVE-2019-9329, CVE-2019-9409 |
| Chong Wang (王冲) (weibo.com/csddl) and Zhe Jin (金哲) from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd. | CVE-2019-2140, CVE-2019-2141, CVE-2019-2147, CVE-2019-2159, CVE-2019-2163, CVE-2019-2166, CVE-2019-9251, CVE-2019-9287, CVE-2019-9293, CVE-2019-9318, CVE-2019-9332, CVE-2019-9334, CVE-2019-9355, CVE-2019-9356, CVE-2019-9359, CVE-2019-9366, CVE-2019-9368, CVE-2019-9462, CVE-2019-9383, CVE-2019-9406, CVE-2019-9415, CVE-2019-9416, CVE-2019-9427, CVE-2019-9432, CVE-2019-9434, CVE-2020-0236 |
| Christopher Dombroski of Deja vu Security | CVE-2019-9268 |
| Christopher Tate of Google | CVE-2019-9373 |
| C0RE Team | CVE-2018-11893, CVE-2019-2341 |
| crixer | CVE-2019-9444 |
| Cusas @ L.O. Team | CVE-2019-9346, CVE-2019-9348, CVE-2019-9349, CVE-2019-9352, CVE-2019-9379, CVE-2020-0088 |
| D2.Y.P | CVE-2019-2061, CVE-2019-2080, CVE-2019-2087, CVE-2019-2138, CVE-2019-2144, CVE-2019-2145, CVE-2019-2153, CVE-2019-2154, CVE-2019-2155, CVE-2019-2157, CVE-2019-2160, CVE-2019-2161, CVE-2019-2165, CVE-2019-2171, CVE-2019-2172, CVE-2019-9233, CVE-2019-9314, CVE-2019-9335, CVE-2019-9403, CVE-2019-9408 |
| Dacheng Shao and Mingjian Zhou (周明建) (@Mingjian_Zhou) of C0RE Team | CVE-2018-11929, CVE-2019-9445 |
| Daxing Guo of Tencent Security Xuanwu Lab | CVE-2019-10497 |
| derrek (@derrekr6) | CVE-2018-3573, CVE-2018-5861, CVE-2018-11985 |
| Di Shen (@returnsme) of KeenLab (@keen_lab), Tencent | CVE-2019-2298 |
| Dokyung Song, Dipanjan Das, and Felicitas Hetzelt | CVE-2018-11947 |
| Dzmitry Lukyanenka | CVE-2019-9440 |
| Efthimios Alepis and Constantinos Patsakis, Department of Informatics, University of Piraeus, Greece | CVE-2019-9323 |
| Elphet and Guang Gong of Alpha Team, Qihoo 360 Technology Co. Ltd. | CVE-2019-2063, CVE-2019-2064, CVE-2019-2065, CVE-2019-2066, CVE-2019-2067, CVE-2019-2068, CVE-2019-2069, CVE-2019-2070, CVE-2019-2071, CVE-2019-2072, CVE-2019-2073, CVE-2019-2074, CVE-2019-2075, CVE-2019-2076, CVE-2019-2077, CVE-2019-2078, CVE-2019-2079, CVE-2019-2086, CVE-2019-9288 |
| En He (@heeeeen4x) of OPPO ZIWU Cyber Security Lab | CVE-2019-9311 |
| Evgenii Stepanov of Google | CVE-2019-9350 |
| Felix Kirchengast and Raphael Spreitzer of Graz University of Technology | CVE-2019-9277 |
| Gengjia Chen (@chengjia4574) of IceSword Lab, Qihoo 360 Technology Co. Ltd. | CVE-2018-11825, CVE-2018-13890, CVE-2019-2299, CVE-2019-2302, CVE-2019-2312, CVE-2019-2314, CVE-2019-2314, CVE-2019-9248, CVE-2019-9386, CVE-2019-9448, CVE-2019-9449, CVE-2019-9450, CVE-2019-9451, CVE-2019-9452, CVE-2019-10506 |
| Gengjia Chen (@chengjia4574), pjf (weibo.com/jfpan) of IceSword Lab, Qihoo 360 Technology Co. Ltd. | CVE-2017-14888, CVE-2018-11302, CVE-2019-10542 |
| Greg Hartman of Google | CVE-2019-9429 |
| Gulshan Singh | CVE-2019-2281 |
| Hamzeh Zawawy of Google | CVE-2019-9454 |
| Hanxiang Wen and Mingjian Zhou (周明建) (@Mingjian_Zhou) of C0RE Team | CVE-2019-9245 |
| Hao Chen (@flankersky) and Guang Gong (@oldfresher) of Alpha Team, Qihoo 360 Technology Co. Ltd. | CVE-2018-3574, CVE-2018-11939, CVE-2019-2263, CVE-2019-2277, CVE-2019-2345 |
| Hao Liu and Jianqiang Zhao of IceSword Lab, Qihoo 360 | CVE-2019-9375 |
| heidada | CVE-2019-2248 |
| Hongli Han (@hexb1n) and Mingjian Zhou (周明建) (@Mingjian_Zhou) of C0RE Team | CVE-2019-9347 |
| Huinian Yang (杨卉年) (@vmth6) and Chong Wang (王冲) (weibo.com/csddl) of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. | CVE-2019-2058 |
| Ivan Lozano of Google | CVE-2019-9420 |
| Janis Danisevskis of Google | CVE-2019-9253 |
| Jeff Davidson of Google | CVE-2019-9263, CVE-2018-9425 |
| Jianjun Dai (@jioun_dai) and Guang Gong (@oldfresher) of 360 Alpha Team | CVE-2019-9402, CVE-2019-9401, CVE-2019-9398, CVE-2019-9396, CVE-2019-9397, CVE-2019-9473 |
| Jianqiang Zhao (@jianqiangzhao) and pjf (weibo.com/jfpan) of IceSword Lab, Qihoo 360 | CVE-2018-11823, CVE-2018-11832, CVE-2018-11987, CVE-2018-11988, CVE-2019-2333, CVE-2019-9271, CVE-2019-9443, CVE-2019-9446, CVE-2019-9447, CVE-2019-9456, CVE-2019-10507 |
| Julien Thomas (@Julien_Thomas) | CVE-2019-9269 |
| Kah Hin Lai of University of Minnesota | CVE-2019-9380 |
| kimyok of Tongdun Technology | CVE-2019-9281 |
| Kostya Serebryany of Google, using libFuzzer+AddressSanitizer | CVE-2019-2108 |
| Martijn Bogaard | CVE-2019-2343 |
| Martin Brabham of Google | CVE-2019-9265 |
| Masashi Honma, Hiroyuki Harada (@pirosap), and Hideaki Goto | CVE-2019-9279 |
| Mike Davis | CVE-2019-9270 |
| Mingjian Zhou (周明建) (@Mingjian_Zhou) of C0RE Team | CVE-2019-2306 |
| Mitch Phillips of Google | CVE-2019-9370 |
| Moony Li and Todd Han of TrendMicro Research working with Trend Micro´s Zero Day Initiative | CVE-2019-9353 |
| Nightwatch Cybersecurity Research | CVE-2018-9489, CVE-2019-9581 |
| Niky1235 (@jiych_guru) | CVE-2019-9290, CVE-2019-9294, CVE-2019-9459 |
| Paul Bandha | CVE-2019-9453 |
| Pedro Umbelino, Security Researcher at Checkmarx | CVE-2019-9295 |
| Pengfei Ding (丁鹏飞) of Huawei | CVE-2019-2284, CVE-2019-9327, CVE-2019-9328, CVE-2019-9331, CVE-2019-9343, CVE-2019-9367, CVE-2019-9442, CVE-2019-9455, CVE-2019-9458, CVE-2019-10502 |
| Pengfei Ding (丁鹏飞), Chenfu Bao (包沉浮), and Lenx Wei (韦韬) of Baidu X-Lab (百度安全实验室) | CVE-2018-11818 |
| Peter Pi of Tencent Blade Team | CVE-2018-12006, CVE-2018-12011, CVE-2019-9275 |
| Qi Zhao (@JHyrathon) and Guang Gong (@oldfresher) of Alpha Team, Qihoo 360 Technology Co. Ltd. | CVE-2019-9358 |
| Ray Essick of Google | CVE-2019-9385 |
| Raymond Wang | CVE-2019-9381 |
| Roman Kümmel aka .cCuMiNn. (www.soom.cz) | CVE-2019-2089 |
| Rong Fan (fanrong1992) and Simon Huang (@HuangShaomang) of IceSword Lab, Qihoo 360 | CVE-2019-2139 |
| Ryan Haining of Google | CVE-2019-9266 |
| Scott Bauer | CVE-2019-9296 |
| Sigmund Albert Gorski III, Benjamin Andow, and William Enck of North Carolina State University; Sunil Manandhar and Adwait Nadkarni of William & Mary | CVE-2019-9351, CVE-2019-9377, CVE-2019-9438 |
| Stephan Zeisberg of Security Research Labs | CVE-2019-9418 |
| Steven Moreland of Google | CVE-2020-0086 |
| William J. Tolley and Jedidiah R. Crandall, Breakpointing Bad | CVE-2019-9461 |
| Xiangyu Fan of Huawei Terminal Security Test Team | CVE-2019-9426 |
| Xuan Xing of Google | CVE-2017-15844, CVE-2018-11943, CVE-2019-9238, CVE-2019-9239, CVE-2019-9240, CVE-2019-9244 |
| Yang Dai | CVE-2019-9273, CVE-2018-13912 |
| Yang Dai and Xiao Huang | CVE-2019-9276 |
| YanFeng Wang and Mingjian Zhou (周明建) (@Mingjian_Zhou) of C0RE Team | CVE-2019-2182 |
| Yonggang Guo (@guoygang) of IceSword Lab, Qihoo 360 Technology Co. Ltd. | CVE-2019-9441 |
| Yongke Wang (王永科) (@Rudykewang) and Xiangqian Zhang (张向前) (@h3rb0x) of Tencent Security Xuanwu Lab | CVE-2019-9284, CVE-2019-9285, CVE-2019-9286, CVE-2019-9291, CVE-2019-9309, CVE-2019-9326, CVE-2019-9330, CVE-2019-9341, CVE-2019-9342, CVE-2019-9354, CVE-2019-9413, CVE-2019-9417, CVE-2019-9419, CVE-2019-9422 |
| Yue Zhang and Qinglin Liu | CVE-2019-9274 |
| Zhixin Li of NSFocus | CVE-2019-2158 |
| Zhou Lingling of Xuebao Team, Tencent Mobile Security Lab | CVE-2018-11919, CVE-2018-11983, CVE-2018-11984, CVE-2018-13893 |
| Zinuo Han (weibo.com/ele7enxxh) | CVE-2018-11899, CVE-2019-2055, CVE-2019-2059, CVE-2019-2062, CVE-2019-2081, CVE-2019-2082, CVE-2019-2083, CVE-2019-2084, CVE-2019-2085, CVE-2019-2142, CVE-2019-2143, CVE-2019-2148, CVE-2019-2149, CVE-2019-2150, CVE-2019-2151, CVE-2019-2152, CVE-2019-2164, CVE-2019-2167, CVE-2019-2168, CVE-2019-2169, CVE-2019-2170, CVE-2019-9242, CVE-2019-9246, CVE-2019-9247, CVE-2019-9313, CVE-2019-9315, CVE-2019-9316, CVE-2019-9317, CVE-2019-9319, CVE-2019-9320, CVE-2019-9321, CVE-2019-9322, CVE-2019-9333, CVE-2019-9336, CVE-2019-9337, CVE-2019-9338, CVE-2019-9344, CVE-2019-9361, CVE-2019-9362, CVE-2019-9365, CVE-2019-9369, CVE-2019-9400, CVE-2019-9404, CVE-2019-9410, CVE-2019-9411, CVE-2019-9412, CVE-2019-9421, CVE-2019-9430, CVE-2019-9431, CVE-2019-9435, CVE-2019-9474 |
December
| Researchers | CVEs |
|---|---|
| Alexander Bakker | CVE-2019-9465 |
| Ashley Yeh of Google | CVE-2019-2220 |
| Evgenii Stepanov of Google | CVE-2019-2226, CVE-2019-2227, CVE-2019-9468 |
| Fenghao Xu and Kehuan Zhang of The Chinese University of Hong Kong | CVE-2019-2225 |
| Güliz Seray Tuncay from University of Illinois at Urbana-Champaign and Google | CVE-2019-2221 |
| Hao Liu and Jianqiang Zhao of IceSword Lab, Qihoo 360 | CVE-2019-2217 |
| Jianqiang Zhao (@jianqiangzhao) and pjf (weibo.com/jfpan) of IceSword Lab, Qihoo 360 | CVE-2019-2304, CVE-2019-9470, CVE-2019-9471 |
| Pratheesh P Narayanan (@Pratheesh_PPN) | CVE-2019-2232 |
| Lee Harrison and Hayawardh Vijayakumar, Samsung Knox Security | CVE-2019-10513 |
| Pengfei Ding (丁鹏飞) of Huawei | CVE-2019-10557 |
| Ricky Wai of Google | CVE-2019-2218 |
| Rubin Xu and Janis Danisevskis of Google | CVE-2019-2231 |
| Stephan Zeisberg of Security Research Labs | CVE-2019-2228 |
| Wei Wang of Google | CVE-2019-9464 |
| Peter Park (peterpark) | CVE-2019-10536, CVE-2019-10537 |
| Yu-Cheng Lin (林禹成) (@AndroBugs) | CVE-2019-2229 |
November
| Researchers | CVEs |
|---|---|
| Austin Emmitt of NowSecure | CVE-2019-2205 |
| Bo Zhang of Tencent Blade Team | CVE-2018-11266 |
| Brandon Weeks of Google | CVE-2019-2199 |
| Chong Wang (王冲)(weibo.com/csddl) of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. | CVE-2019-2209 |
| Daniel Kachakil of IOActive | CVE-2019-2196, CVE-2019-2198, CVE-2019-2211 |
| derrek | CVE-2019-2321 |
| Gengjia Chen (@chengjia4574) of IceSword Lab, Qihoo 360 Technology Co. Ltd. | CVE-2019-2206 |
| gzobqq@gmail.com | CVE-2019-2213, CVE-2019-2214 |
| Michal Bednarski | CVE-2019-2192, CVE-2019-2195 |
| Seyed Mohammadjavad Seyed Talebi (mjavad) | CVE-2019-10520 |
| Nagarjuna Kristam of Nvidia | CVE-2019-2036 |
| Nick Finco of Google | CVE-2019-2210 |
| Pengfei Ding (丁鹏飞) of Huawei | CVE-2019-2310 |
| Qi Zhao (赵奇) (@JHyrathon) and Guang Gong (@oldfresher) of Alpha Team, Qihoo 360 Technology Co. Ltd. | CVE-2019-2207 |
| Rong Fan (@fanrong1992) and Simon Huang (@HuangShaomang) of IceSword Lab, Qihoo 360 Technology Co. Ltd. | CVE-2019-2201 |
| Royce D. Williams (@TychoTithonus) | CVE-2019-2233 |
| Tom Craig of Loon | CVE-2019-2197 |
| Wei Liu (刘炜) and Yongke Wang (王永科) (@Rudykewang) of Tencent Security Xuanwu Lab (腾讯安全玄武实验室) | CVE-2019-2204, CVE-2019-2208 |
| Xuan Xing of Google | CVE-2019-9467 |
| Zinuo Han of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. | CVE-2019-2202, CVE-2019-2203 |
October
| Researchers | CVEs |
|---|---|
| Dokyung Song (dokyungs@uci.edu) | CVE-2018-11902 |
| Gengjia Chen (@chengjia4574) of IceSword Lab, Qihoo 360 Technology Co. Ltd. | CVE-2019-2297, CVE-2019-10563, CVE-2019-10566 |
| Hao Chen and Guang Gong of Alpha Team, Qihoo 360 Technology Co. Ltd | CVE-2018-11934 |
| Hui Peng (benquike@gmail.com) and Mathias Payer (mathias.payer@nebelwelt.net) | CVE-2018-19824 |
| Huinian Yang (杨卉年) (@vmth6) and Chong Wang (王冲) (weibo.com/csddl) of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. | CVE-2019-2184 |
| Joe0x20 (digforfree) | CVE-2019-2247 |
| Nightwatch Cybersecurity Research | CVE-2019-2114 |
| Maddie Stone of Google Project Zero | CVE-2019-2215 |
| Qi Zhao (@JHyrathon) and Guang Gong (@oldfresher) of Alpha Team, Qihoo 360 Technology Co. Ltd. | CVE-2019-2187 |
| Satheesh Dabbiru, Om Krishna(omkrishna10@gmail.com), Tito Rodi, Shane Oatman, Krishna Eedula, Dome Pongmongkol, and Brian Melton-Grace of Microsoft Corp. | CVE-2019-2183 |
| Sekshavali Dudekula of Google | CVE-2019-2110 |
| syssec@kaist | CVE-2019-2289 |
| Wen Guanxing of Pangu LAB | CVE-2019-2318 |
| Zinuo Han (weibo.com/ele7enxxh) of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. | CVE-2019-2185, CVE-2019-2186 |
September
| Researchers | CVEs |
|---|---|
| Chi Fung Wong (@warenix) | CVE-2019-2103 |
| Chong Wang (王冲) (weibo.com/csddl) of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. | CVE-2019-10505 |
| Cyrille Chatras of Orange Labs | CVE-2019-2174 |
| derrek (@derrekr6) | CVE-2018-6240 |
| Dzmitry Lukyanenka | CVE-2019-2124 |
| gzobqq@gmail.com | CVE-2019-2181 |
| heidada | CVE-2019-2258 |
| Janis Danisevskis of Google | CVE-2019-2115 |
| Jann Horn of Google Project Zero | CVE-2019-2177, CVE-2019-10529 |
| Kostya Serebryany of Google, using libFuzzer+AddressSanitizer | CVE-2019-2108 |
| Lee Campbell of Google | CVE-2019-2175 |
| Mathieu Cunche, Célestin Matte, and Mathy Vanhoef | CVE-2019-10504 |
| Michał Bednarski (michalbednarski) | CVE-2019-2123, CVE-2019-9254 |
| Mitch Phillips of Google | CVE-2019-2176 |
| Niky1235 (@jiych_guru) | CVE-2019-2179 |
| Peter Pi of Tencent | CVE-2019-2324, CVE-2019-2325 |
| Qi Zhao (@JHyrathon) and Guang Gong (@oldfresher) of Alpha Team, Qihoo 360 Technology Co. Ltd. | CVE-2019-2178 |
| Stephan Zeisberg (stze) of Security Research Labs | CVE-2019-2180 |
| Xuan Xing of Google | CVE-2017-17768 |
August
| Researchers | CVEs |
|---|---|
| Chao Dai and Cusas of L.O. Team | CVE-2019-2129 |
| Cláudio André (@clviper) | CVE-2019-2120 |
| Cusas of L.O. Team | CVE-2019-2126 |
| Evgenii Stepanov of Google | CVE-2019-2128 |
| Fernando Miguel | CVE-2019-2122 |
| Joshua Steiner | CVE-2019-2125, CVE-2019-2137 |
| Kah Hin Lai, Danyang Wang, Sheng Xun Ong, and Hao Lee Yu of University of Minnesota | CVE-2019-2131 |
| Michal Bednarski (michalbednarski) | CVE-2019-2121 |
| Mitch Phillips of Google | CVE-2019-2127 |
| Qi Zhao (@JHyrathon) and Guang Gong (@oldfresher) of Alpha Team, Qihoo 360 Technology Co. Ltd. | CVE-2019-2135 |
| Steven Moreland of Google | CVE-2019-2136 |
| Wei Liu (刘炜), Yongke Wang (王永科) (@Rudykewang) of Tencent Security Xuanwu Lab (腾讯安全玄武实验室) | CVE-2019-2130 |
| Xiling Gong of Tencent Blade Team | CVE-2019-2252, CVE-2019-2279,CVE-2019-10538, CVE-2019-10539, CVE-2019-10540 |
| Xuan Xing of Google | CVE-2019-2133, CVE-2019-2134 |
July
| Researchers | CVEs |
|---|---|
| Alex Abfalter of Google | CVE-2019-2111 |
| Chong Wang (王冲) (weibo.com/csddl) of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. | CVE-2019-2105 |
| Cusas of L.O. Team | CVE-2019-2113 |
| Evgenii Stepanov of Google | CVE-2019-2112 |
| Hao Chen (@flankersky) | CVE-2019-2346 |
| Janis Danisevskis of Google | CVE-2019-2119 |
| Kostya Serebryany of Google, using libFuzzer and AddressSanitizer | CVE-2019-2106, CVE-2019-2107 |
| Pengfei Ding (丁鹏飞) of Huawei | CVE-2019-2305 |
| Peter Pi of Tencent | CVE-2019-2326 |
| Qi Zhao (@JHyrathon) and Guang Gong (@oldfresher) of Alpha Team, Qihoo 360 Technology Co. Ltd. | CVE-2019-2118 |
| Steven Moreland of Google | CVE-2019-2104 |
| Tao Sauvage of IOActive | CVE-2019-2117 |
| Xuan Xing of Google | CVE-2019-2116 |
June
| Researchers | CVEs |
|---|---|
| Andrey Konovalov of Google | CVE-2019-2101 |
| Cusas of L.O. Team | CVE-2019-2094 |
| Dacheng Shao (email) and Mingjian Zhou (周明建) (@Mingjian_Zhou) of C0RE Team | CVE-2019-2096 |
| Matt Beaver and Erik Peterson of Microsoft Corp. | CVE-2019-2102 |
| Qi Zhao (@JHyrathon) and Guang Gong (@oldfresher) of Alpha Team, Qihoo 360 Technology Co. Ltd. | CVE-2019-2099 |
| Wei Liu (刘炜), Yongke Wang (王永科) (@Rudykewang) of Tencent Security Xuanwu Lab (腾讯安全玄武实验室) | CVE-2019-2097 |
| Wyatt Riley of Google | CVE-2018-9526 |
| Xiling Gong of Tencent Blade Team | CVE-2019-2287 |
May
| Researchers | CVEs |
|---|---|
| Chong Wang (weibo.com/csddl) of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. | CVE-2019-2053 |
| Cusas of L.O. Team | CVE-2019-2044 |
| derrek (@derrekr6) | CVE-2018-6243, CVE-2018-13898, CVE-2018-13908 |
| Evgenii Stepanov of Google | CVE-2019-2049 |
| Jann Horn of Google Project Zero | CVE-2019-2054 |
| Ji Zhang (@opc0nt7) and Mingjian Zhou (周明建) (@Mingjian_Zhou) of C0RE Team | CVE-2019-2050 |
| Joshua Steiner | CVE-2019-2043 |
| Pengfei Ding (丁鹏飞) of Huawei | CVE-2018-11955 |
| Wei Liu (刘炜) and Yongke Wang (王永科) (@Rudykewang) of Tencent Security Xuanwu Lab (腾讯安全玄武实验室) | CVE-2019-2045, CVE-2019-2046, CVE-2019-2047, CVE-2019-2051, CVE-2019-2052 |
| Wen Guanxing of Pangu LAB | CVE-2018-13910 |
| Xiling Gong of Tencent Blade Team | CVE-2018-5912, CVE-2019-2256 |
April
| Researchers | CVEs |
|---|---|
| Andreas Burtzlaff | CVE-2019-2037 |
| C0RE Team | CVE-2018-11937 |
| Cody Schuffelen of Google | CVE-2019-2030 |
| Dokyung Song, Dipanjan Das, and Felicitas Hetzelt | CVE-2018-11902 |
| Gengjia Chen ( @chengjia4574) | CVE-2018-5855 |
| Gengjia Chen (@chengjia4574) and pjf (weibo.com/jfpan) of IceSword Lab, Qihoo 360 Technology Co. Ltd. | CVE-2018-11905 |
| Hao Chen ( @flankersky) | CVE-2018-11953 |
| Hao Chen ( @flankersky) and Guang Gong (@oldfresher) of Alpha Team, Qihoo 360 Technology Co. Ltd. | CVE-2018-11904 |
| Hao Liu and Jianqiang Zhao of IceSword Lab, Qihoo 360 | CVE-2019-2032 |
| Mathieu Cunche, Célestin Matte, INSA-Lyon, Inria, and Mathy Vanhoef, imec-DistriNet, KU Leuven | CVE-2018-11291 |
| NCC Group | CVE-2018-11976 |
| Pengfei Ding (丁鹏飞) of Huawei | CVE-2018-11940 |
| Qi Zhao ( @JHyrathon) and Guang Gong (@oldfresher) of Alpha Team, Qihoo 360 Technology Co. Ltd. | CVE-2019-2027, CVE-2019-2034 |
| Roman Mihálik, Bratislava | CVE-2019-2041 |
| Scott Bauer ( email) | CVE-2017-17772 |
| Suresh Sivaraman of Ittiam | CVE-2019-2028 |
| Wenke Dou (email), Chi Zhang (email), and Mingjian Zhou (周明建) (@Mingjian_Zhou) of C0RE Team | CVE-2019-2029, CVE-2019-2033 |
| Xuan Xing of Google | CVE-2019-2031, CVE-2019-2035, CVE-2019-2040 |
| Zinuo Han (weibo.com/ele7enxxh) of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. | CVE-2019-2038, CVE-2019-2039 |
March
| Researchers | CVEs |
|---|---|
| Adrian Tang of Columbia University (CLKSCREW paper) | CVE-2017-8252 |
| Dacheng Shao (email) and Mingjian Zhou (周明建) (@Mingjian_Zhou) of C0RE Team | CVE-2019-2008 |
| Hongli Han (@hexb1n) and Mingjian Zhou (周明建) (@Mingjian_Zhou) of C0RE Team | CVE-2019-2025 |
| Jann Horn of Google Project Zero | CVE-2019-2023 |
| Jianjun Dai ( @jioun_dai) and Guang Gong ( @oldfresher) of 360 Alpha Team | CVE-2019-2009 |
| Mark Brand of Google Project Zero | CVE-2019-2011 |
| Niky1235 ( @jiych_guru) | CVE-2019-2019 |
| Qi Zhao ( @JHyrathon) and Guang Gong ( @oldfresher) of Alpha Team, Qihoo 360 Technology Co. Ltd. | CVE-2019-2017 |
| Wangtao (neobyte) of Alibaba Orion Security Lab | CVE-2019-2004 |
| Xiangqian Zhang ( @h3rb0x), m4bln, and Huiming Liu of Tencent Security Xuanwu Lab | CVE-2019-2003 |
| Xuan Xing of Google | CVE-2018-9563, CVE-2018-9564, CVE-2019-2012, CVE-2019-2013, CVE-2019-2014, CVE-2019-2015, CVE-2019-2022 |
| Yong Wang (王勇) ( @ThomasKing2014) of Alibaba Security | CVE-2019-2016 |
| Yongke Wang (王永科) ( @Rudykewang) and Xiangqian Zhang (张向前) (@h3rb0x) of Tencent Security Xuanwu Lab | CVE-2019-2010 |
| Zach Riggle ( @ebeip90) of the Android Security Team | CVE-2019-2007 |
| Zinuo Han ( weibo.com/ele7enxxh) of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. | CVE-2018-9561, CVE-2019-2020, CVE-2019-2021 |
February
| Researchers | CVEs |
|---|---|
| Andr. Ess | CVE-2019-1994 |
| Chong Wang (weibo.com/csddl) of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. | CVE-2019-1993 |
| derrek (@derrekr6) | CVE-2018-11289, CVE-2018-11820, CVE-2018-11938, CVE-2018-11864 |
| Dzmitry Lukyanenka | CVE-2019-1995 |
| Hongli Han (@hexb1n) and Mingjian Zhou (周明建) (@Mingjian_Zhou) of C0RE Team | CVE-2018-6268, CVE-2018-6271 |
| Jann Horn of Google Project Zero | CVE-2019-1999, CVE-2019-2000 |
| Leon Scroggins of Google | CVE-2019-1986, CVE-2019-1987, CVE-2019-1988 |
| Mingjian Zhou (周明建) (@Mingjian_Zhou) of C0RE Team | CVE-2018-6267 |
| Rich Cannings of Google | CVE-2019-1997 |
| Tencent Blade Team | CVE-2018-5839 |
| Xuan Xing of Google | CVE-2018-11262, CVE-2018-11275 |
| Yongke Wang (王永科) (@Rudykewang) and Xiangqian Zhang (张向前) (@h3rb0x) of Tencent Security Xuanwu Lab | CVE-2019-1996 |
| Zinuo Han (weibo.com/ele7enxxh) of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. | CVE-2019-1991, CVE-2019-1992 |
January
| Researchers | CVEs |
|---|---|
| Chong Wang (weibo.com/csddl) of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. | CVE-2018-9589 |
| D2.Y.P of NON Team | CVE-2018-9594 |
| Dzmitry Lukyanenka | CVE-2018-9587 |
| Hanxiang Wen and Mingjian Zhou (周明建) (@Mingjian_Zhou) of C0RE Team | CVE-2018-6241 |
| Jann Horn of Google Project Zero | CVE-2018-17182, CVE-2018-18281 |
| Maddie Stone of Google | CVE-2018-9586 |
| Niky1235 (@jiych_guru) | CVE-2018-9584 |
| Ricky Wai of Google | CVE-2018-9582 |
| Yongke Wang (王永科) (@Rudykewang) and Xiangqian Zhang (张向前) (@h3rb0x) of Tencent Security Xuanwu Lab | CVE-2018-9585, CVE-2018-9588 |
| Zinuo Han (weibo.com/ele7enxxh) of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. | CVE-2018-9583, CVE-2018-9590, CVE-2018-9591, CVE-2018-9592, CVE-2018-9593 |
2018
In 2018, the security acknowledgements are listed by month. In prior years, acknowledgements were listed together.
December
| Researchers | CVEs |
|---|---|
| Baozeng Ding (@sploving1) | CVE-2017-18320 |
| Daniel Micay (@DanielMicay) | CVE-2018-9567 |
| Hao Chen and Guang Gong of Alpha Team, Qihoo 360 Technology Co. Ltd. | CVE-2018-9557 |
| Joydeep Mitra and Venkatesh-Prasad Ranganath of Ghera project at Kansas State University, USA | CVE-2018-9548 |
| Mingjian Zhou (周明建) ( @Mingjian_Zhou) of C0RE Team | CVE-2018-9547 |
| Newroot (@newroot) | CVE-2018-9560 |
| Scott Bauer (@ScottyBauer1) | CVE-2018-9555, CVE-2018-9558, CVE-2018-9566 |
| Yong Wang (王勇) (@ThomasKing2014) of Alibaba Inc. | CVE-2018-9568 |
| Zinuo Han (weibo.com/ele7enxxh) of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. | CVE-2018-9549, CVE-2018-9552, CVE-2018-9553, CVE-2018-9562 |
November
| Researchers | CVEs |
|---|---|
| Amar Menezes of MWR Labs | CVE-2018-9524 |
| Elphet and Gong Guang of Alpha Team, Qihoo 360 Technology Co. Ltd. | CVE-2018-9569, CVE-2018-9570, CVE-2018-9573, CVE-2018-9576, CVE-2018-9577 |
| En He (@heeeeen4x) and Bo Liu of MS509Team (www.ms509.com) | CVE-2018-9457 |
| Joshua Laney of Deja vu Security | CVE-2018-9542 |
| Michał Bednarski | CVE-2018-9522, CVE-2018-9523 |
| Niky1235 (@jiych_guru) | CVE-2018-9347 |
| Tamir Zahavi-Brunner (@tamir_zb) of Zimperium zLabs Team | CVE-2018-9539 |
| Xiaobo Xiang of IIE; Gong Guang of Alpha Team, Qihoo 360 Technology Co. Ltd. | CVE-2018-9571, CVE-2018-9572, CVE-2018-9574, CVE-2018-9575 |
| Yongke Wang (@Rudykewang) and Xiangqian Zhang (@h3rb0x) of Tencent Security Xuanwu Lab | CVE-2018-9540, CVE-2018-9541 |
| Zinuo Han(weibo.com/ele7enxxh) of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. | CVE-2018-9527, CVE-2018-9544, CVE-2018-9545, CVE-2018-9578 |
October
| Researchers | CVEs |
|---|---|
| Abhishek Sidharthan (Amrita School of Engineering) and Pratheesh P Narayanan (Sree Narayana Gurukulam College of Engineering) | CVE-2018-9452 |
| Chong Wang (weibo.com/csddl) of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. | CVE-2018-9503, CVE-2018-9505 |
| Daniel Kachakil, Senior Security Consultant, IOActive | CVE-2018-9493, CVE-2018-9546 |
| Guang Gong of Alpha Team, Qihoo 360 Technology Co. Ltd. | CVE-2018-9490 |
| Jann Horn of Google Project Zero | CVE-2018-9514, CVE-2018-9515 |
| Jianjun Dai (@Jioun_dai) and Guang Gong (@oldfresher) of Alpha Team, Qihoo 360 Technology Co. Ltd | CVE-2017-13283 |
| Michał Bednarski | CVE-2018-9492 |
| Niky1235 (@jiych_guru) | CVE-2018-9473 |
| Pengfei Ding (丁鹏飞) of Huawei Mobile Security Lab (华为移动安全实验室) | CVE-2018-9506, CVE-2018-9507 |
| Raymond Wang | CVE-2018-9501 |
| Stephan Zeisberg of Security Research Labs | CVE-2018-9497 |
| Tamir Zahavi-Brunner (@tamir_zb) of Zimperium zLabs Team | CVE-2018-9499 |
| Yongke Wang (@Rudykewang) and Xiangqian Zhang (@h3rb0x) of Tencent Security Xuanwu Lab | CVE-2018-9502, CVE-2018-9508, CVE-2018-9509, CVE-2018-9510 |
| Zinuo Han (weibo.com/ele7enxxh) of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. | CVE-2018-9476, CVE-2018-9498, CVE-2018-9504 |
September
| Researchers | CVEs |
|---|---|
| Baozeng Ding (@sploving1), Chengming Yang, and Yang Song of Alibaba Mobile Security Group | CVE-2018-9517 |
| Chong Wang (weibo.com/csddl) of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. | CVE-2018-9480, CVE-2018-9481, CVE-2018-9482, CVE-2018-9485 |
| Cusas of L.O. Team | CVE-2018-9440, CVE-2018-9467 |
| Daniel Kachakil, Senior Security Consultant, IOActive | CVE-2018-9468 |
| En He (@heeeeen4x) and Bo Liu of MS509Team (ms509.com) | CVE-2018-9475 |
| Hector Cuesta Garcia (@HectorCuesta) of Innotec System | CVE-2018-9470 |
| Hongli Han (@hexb1n) and Mingjian Zhou (周明建) (@Mingjian_Zhou) of C0RE Team | CVE-2018-11261 |
| Jann Horn of Google Project Zero | CVE-2018-9488 |
| Jianjun Dai (@jioun_dai) and Guang Gong (@oldfresher) of Alpha Team, Qihoo 360 Technology Co. Ltd. | CVE-2018-9478, CVE-2018-9479 |
| Jianqiang Zhao (@jianqiangzhao) and pjf (weibo.com/jfpan) of IceSword Lab, Qihoo 360 | CVE-2018-9516 |
| M3, Inc. | CVE-2018-9469 |
| Mingjian Zhou (周明建) (@Mingjian_Zhou) of C0RE Team | CVE-2018-11816 |
| Pengfei Ding (丁鹏飞) of Huawei Mobile Security Lab (华为移动安全实验室) | CVE-2018-9519 |
| Tamir Zahavi-Brunner (@tamir_zb) of Zimperium zLabs Team | CVE-2018-9411 |
| Zinuo Han (weibo.com/ele7enxxh) of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. | CVE-2018-9471, CVE-2018-9474, CVE-2018-9483, CVE-2018-9484, CVE-2018-9486 |
August
| Researchers | CVEs |
|---|---|
| Chao Dai @ L.O. Team | CVE-2018-9437 |
| Chong Wang of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. | CVE-2018-9436, CVE-2018-9448, CVE-2018-9454, CVE-2018-9455 |
| Dinesh Venkatesan (@malwareresearch) of Symantec | CVE-2017-13295 |
| Dzmitry Lukyanenka | CVE-2018-9459, CVE-2018-9461 |
| En He (@heeeeen4x) and Bo Liu of MS509Team | CVE-2017-13242, CVE-2018-9457 |
| Francesco Pinci | CVE-2018-9447 |
| Jann Horn of Google Project Zero | CVE-2018-9445 |
| Joshua Steiner of Introne Apps | CVE-2017-13322 |
| Scott Bauer (@ScottyBauer1) | CVE-2018-9441 |
| Tencent Blade Team | CVE-2017-18306, CVE-2017-18307 |
| Tong Lin (segfault5514@gmail.com) and Mingjian Zhou (周明建) (@Mingjian_Zhou) of C0RE Team | CVE-2018-9439 |
| V.E.O (@VYSEa) of Mobile Security Research Team, Trend Micro | CVE-2018-9444 |
| Zinuo Han of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. | CVE-2018-9435, CVE-2018-9446, CVE-2018-9449, CVE-2018-9450, CVE-2018-9451, CVE-2018-9453 |
July
| Researchers | CVEs |
|---|---|
| Baozeng Ding (丁保增) (@sploving) of Pandora Lab, Ali Security | CVE-2018-9422 |
| Billy Lau of Android Security Research | CVE-2018-9416 |
| Cusas of L.O. Team | CVE-2018-9412 |
| En He (@heeeeen4x) and Bo Liu of MS509Team | CVE-2018-9432, CVE-2018-9414 |
| Guang Gong of Alpha Team, Qihoo 360 Technology Co. Ltd. | CVE-2018-9433 |
| Jann Horn of Google Project Zero | CVE-2018-9434 |
| Jianjun Dai (@Jioun_dai) and Guang Gong (@oldfresher) of Alpha Team, Qihoo 360 Technology Co. Ltd. | CVE-2018-9418, CVE-2018-9419, CVE-2018-9413, CVE-2018-9365 |
| Jianqiang Zhao (@jianqiangzhao) and pjf (weibo.com/jfpan) of IceSword Lab, Qihoo 360 | CVE-2018-9417 |
| Nathan Crandall (@natecray) of Tesla's Product Security Team | CVE-2017-0606 |
| niky1235 (jiych.guru@gmail.com, @jiych_guru) | CVE-2018-9423 |
| Pengfei Ding (丁鹏飞), Chenfu Bao (包沉浮), Lenx Wei (韦韬) of Baidu X-Lab (百度安全实验室) | CVE-2017-15851 |
| Scott Bauer (@ScottyBauer1) | CVE-2018-9430 |
| Tamir Zahavi-Brunner (@tamir_zb) of Zimperium zLabs Team | CVE-2018-9411 |
| Tencent Blade Team | CVE-2018-9421, CVE-2018-9420 |
| Yonggang Guo (@guoygang) of IceSword Lab, Qihoo 360 Technology Co. Ltd. | CVE-2018-9415 |
| Zinuo Han (weibo.com/ele7enxxh) of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. | CVE-2018-9410, CVE-2018-9424, CVE-2018-9431 |
June
| Researchers | CVEs |
|---|---|
| Baozeng Ding (丁保增) (@sploving1) of Pandora Lab, Ali Security | CVE-2018-5857, CVE-2018-9389 |
| Daniel Kachakil of IOActive | CVE-2018-9375 |
| derrek (@derrekr6) | CVE-2017-6290, CVE-2017-6292, CVE-2017-6294 |
| Elphet and Gong Guang of Alpha Team, Qihoo 360 Technology Co. Ltd. | CVE-2018-9348 |
| Hao Chen and Guang Gong of Alpha Team, Qihoo 360 Technology Co. Ltd. | CVE-2018-5899 |
| Jianjun Dai (@Jioun_dai) and Guang Gong (@oldfresher) of Alpha Team, Qihoo 360 Technology Co. Ltd | CVE-2018-9381, CVE-2018-9358, CVE-2018-9359, CVE-2018-9360, CVE-2018-9361, CVE-2018-9357, CVE-2018-9356 |
| joe0x20@gmail.com | CVE-2018-5898 |
| Jose Martinez | CVE-2018-5146 |
| Julien Thomas (@Julien_Thomas) of Protektoid.com | CVE-2018-9374 |
| Michał Bednarski | CVE-2018-9339 |
| Mingjian Zhou (周明建) (@Mingjian_Zhou) of C0RE Team | CVE-2018-9344 |
| Niky1235 (@jiych_guru) | CVE-2017-13230, CVE-2018-9347 |
| Pengfei Ding (丁鹏飞), Chenfu Bao (包沉浮), and Lenx Wei (韦韬) of Baidu X-Lab (百度安全实验室) |
CVE-2018-5832, CVE-2018-5896, CVE-2018-5897 |
| Qing Dong of 360 Beaconlab | CVE-2018-9386 |
| Scott Bauer (@ScottyBauer1) | CVE-2018-9388, CVE-2018-9355, CVE-2018-9380 |
| Stephan Zeisberg of Security Research Labs | CVE-2018-9350, CVE-2018-9352, CVE-2018-9353, CVE-2018-9341 |
| Tencent Blade Team | CVE-2018-9345, CVE-2018-9346 |
| Yonggang Guo (@guoygang) of IceSword Lab, Qihoo 360 Technology Co. Ltd. | CVE-2017-0564 |
| Yuan-Tsung Lo of C0RE Team | CVE-2017-13079, CVE-2017-13081 |
| 华为移动安全实验室的钱育波 | CVE-2018-9363 |
| Zinuo Han of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. | CVE-2018-9340, CVE-2018-9338, CVE-2018-9378 |
May
| Researchers | CVEs |
|---|---|
| Corinna Vinschen | CVE-2018-5853 |
| derrek (@derrekr6) | CVE-2017-6293, CVE-2018-6246 |
| Gengjia Chen (@chengjia4574) and pjf of IceSword Lab, Qihoo 360 Technology Co. Ltd. | CVE-2017-18153 |
| Hanxiang Wen and Mingjian Zhou (周明建) (@Mingjian_Zhou) of C0RE Team | CVE-2017-18154 |
| Hongli Han (@HexB1n) and Mingjian Zhou (周明建) (@Mingjian_Zhou) of C0RE Team | CVE-2018-6254 |
| Joshua Steiner of Introne Apps | CVE-2017-13322 |
| Michał Bednarski | CVE-2017-13310, CVE-2017-13311 |
| Pengfei Ding (丁鹏飞), Chenfu Bao (包沉浮), and Lenx Wei (韦韬) of Baidu X-Lab (百度安全实验室) | CVE-2017-15857, CVE-2018-5852 |
| Zinuo Han of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd | CVE-2017-13321, CVE-2017-13318, CVE-2017-13323, CVE-2017-13319, CVE-2017-13317 |
April
| Researchers | CVEs |
|---|---|
| Billy Lau of Google | CVE-2017-13305 |
| Chong Wang of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd | CVE-2017-13287 |
| Chong Wang and Zinuo Han of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd | CVE-2017-13289, CVE-2017-13286 |
| Cusas @ Huawei L.O. Team | CVE-2017-13279 |
| Daxing Guo of Tencent's Xuanwu Lab | CVE-2017-13292, CVE-2017-13303 |
| Dinesh Venkatesan (@malwareresearch) of Symantec | CVE-2017-13295 |
| Elphet and Gong Guang of Alpha Team, Qihoo 360 Technology Co. Ltd | CVE-2017-13276 |
| En He (@heeeeen4x) and Bo Liu of MS509Team | CVE-2017-13294 |
| Eric Leong (@ericwleong) | CVE-2017-13301 |
| Hao Chen and Guang Gong of Alpha Team, Qihoo 360 Technology Co. Ltd. | CVE-2018-3596 |
| Haosheng Wang (@gnehsoah) | CVE-2017-13280 |
| Jean-Baptiste Cayrou (@jbcayrou) | CVE-2017-13284 |
| Jianjun Dai (@Jioun_dai) and Guang Gong of Alpha Team, Qihoo 360 Technology Co. Ltd | CVE-2017-13291, CVE-2017-13283, CVE-2017-13282, CVE-2017-13281, CVE-2017-13267 |
| Patrick Delvenne (@wintzx) of Orange Labs | CVE-2018-3584 |
| Pengfei Ding (丁鹏飞), Chenfu Bao (包沉浮), Lenx Wei (韦韬) of Baidu X-Lab (百度安全实验室) | CVE-2017-13306, CVE-2017-13290, CVE-2017-15837 |
| Tencent Blade Team | CVE-2017-15853 |
| Vasily Vasiliev | CVE-2017-13297 |
| Weichao Sun of Alibaba Inc (@sunblate) | CVE-2017-13277 |
| Yang Dai and Yu Pan of Vulpecker Team, Qihoo 360 Technology Co. Ltd | CVE-2017-13304 |
| Yonggang Guo (@guoygang) of IceSword Lab, Qihoo 360 Technology Co. Ltd | CVE-2017-8269, CVE-2017-13307, CVE-2018-5826 |
| Zhongwen & Chao Dai @ Huawei L.O. Team | CVE-2017-13274 |
| Zinuo Han of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd | CVE-2017-13288, CVE-2017-13298, CVE-2017-13296, CVE-2017-13299, CVE-2017-13275, CVE-2017-13285 |
March
| Researchers | CVEs |
|---|---|
| Billy Lau of Google | CVE-2017-14879 |
| Daniel Micay of Copperhead Security | CVE-2017-13265 |
| Dacheng Shao and Mingjian Zhou (周明建) | CVE-2017-6288 |
| Elphet and Gong Guang of Alpha Team, Qihoo 360 Technology Co. Ltd. | CVE-2017-13254 |
| Jake Corina of Shellphish Grill Team | CVE-2018-3560 |
| Jianjun Dai (@Jioun_dai) and Guang Gong of Alpha Team, Qihoo 360 Technology Co. Ltd. | CVE-2017-13266, CVE-2017-13256, CVE-2017-13255 |
| Julian Rauchberger | CVE-2017-13258 |
| Hongli Han (@hexb1n), Dacheng Shao, and Mingjian Zhou (周明建) (@Mingjian_Zhou) of C0RE Team | CVE-2017-6287 |
| Hongli Han (@HexB1n) and Mingjian Zhou (周明建)(@Mingjian_Zhou) of C0RE Team | CVE-2017-6286, CVE-2017-6285, CVE-2017-6281 |
| Pengfei Ding (丁鹏飞), Chenfu Bao (包沉浮), Lenx Wei (韦韬) of Baidu X-Lab (百度安全实验室) | CVE-2017-13262, CVE-2017-13261, CVE-2017-13260, CVE-2017-11029, CVE-2017-15814 |
| Peter Pi of Tencent Security Platform Department | CVE-2017-13269 |
| Sang Shin Jung of Deja vu Security | CVE-2017-13270 |
| Tamir Zahavi-Brunner (@tamir_zb) of Zimperium zLabs Team | CVE-2017-13253 |
| Vasily Vasiliev | CVE-2017-13249, CVE-2017-13248, CVE-2017-13264 |
| Wish Wu (@wish_wu 吴潍浠 此彼) of Ant-financial Light-Year Security Lab | CVE-2017-13259, CVE-2017-13272 |
| Yaoguang Chen of Ant-financial Light-Year Security Lab (蚂蚁金服巴斯光年安全实验室) | CVE-2017-13257, CVE-2017-13268 |
| Yonggang Guo (@guoygang) of IceSword Lab, Qihoo 360 Technology Co. Ltd. | CVE-2017-13271 |
| ZhangBo of Tencent Security Platform Department | CVE-2017-18069 |
| Zinuo Han from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd. | CVE-2017-13252, CVE-2017-13251, CVE-2018-3561 |
February
| Researchers | CVEs |
|---|---|
| Aaron Willey, autoprime (@utoprime), and Tyler Montgomery (@tylerfixer) of Team Codefire | CVE-2017-13238 |
| Cusas (华为公司的cusas) | CVE-2017-13235 |
| Elphet and Gong Guang of Alpha Team, Qihoo 360 Technology Co. Ltd. | CVE-2017-13229 |
| En He (@heeeeen4x) and Bo Liu of MS509Team | CVE-2017-13242 |
| Gal Beniamini of Google | CVE-2017-13236 |
| Hao Chen and Guang Gong of Alpha Team, Qihoo 360 Technology Co. Ltd. | CVE-2017-13245 |
| Hongli Han (@HexB1n), Dacheng Shao and Mingjian Zhou (@Mingjian_Zhou) of C0RE Team | CVE-2017-6258 |
| Hongli Han (@HexB1n), Mingjian Zhou (@Mingjian_Zhou) of C0RE Team | CVE-2017-17767, CVE-2017-6279 |
| Mingjian Zhou (周明建) (@Mingjian_Zhou) of C0RE Team | CVE-2017-13241, CVE-2017-13231 |
| Nightwatch Cybersecurity Research | CVE-2017-13243 |
| Niky1235 (@jiych_guru) | CVE-2017-13230, CVE-2017-13234 |
| Outware | CVE-2017-13239 |
| Qidan He (@flanker_hqd) of PDD Security Team | CVE-2017-13246 |
| Xiling Gong of Tencent Security Platform Department | CVE-2017-15852 |
| Yonggang Guo (@guoygang) of IceSword Lab, Qihoo 360 Technology Co. Ltd. | CVE-2017-13273 |
| ZhangBo of Tencent Security Platform Department | CVE-2015-9016 |
| Zinuo Han from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd. | CVE-2017-13232 |
January
| Researchers | CVEs |
|---|---|
| Adong Zhang (张阿东), Chao Liu (刘超), and Jinguang Dong (董金光) | CVE-2017-13215 |
| Amar Menezes of MWR Labs | CVE-2017-13212 |
| Andy Tyler (@ticarpi) of e2e-assure | CVE-2017-0846 |
| Baozeng Ding (@sploving), Chengming Yang, and Yang Song of Pandora Lab, Ali Security | CVE-2017-13222, CVE-2017-13220 |
| Billy Lau of Google | CVE-2017-14879 |
| Cameron Gutman | CVE-2017-13214 |
| Chi Zhang and Mingjian Zhou (@Mingjian_Zhou) of C0RE Team | CVE-2017-13178, CVE-2017-13179 |
| Gal Beniamini of Google | CVE-2017-13209 |
| Haosheng Wang (@gnehsoah) | CVE-2017-13198 |
| Hongli Han (@HexB1n) and Mingjian Zhou (@Mingjian_Zhou) of C0RE Team | CVE-2017-13183, CVE-2017-13180 |
| Hongli Han (@HexB1n), Dacheng Shao, and Mingjian Zhou (@Mingjian_Zhou) of C0RE Team | CVE-2017-13194 |
| Max Moroz of Google | CVE-2017-13224 |
| Mingjian Zhou (周明建) (@Mingjian_Zhou) of C0RE Team | CVE-2017-13184, CVE-2017-13201 |
| Niky1235 (@jiych_guru) | CVE-2017-0855, CVE-2017-13195, CVE-2017-13181 |
| tintinweb | CVE-2017-13208 |
| Tongxin Li and Xinhui Han of Peking University; Luyi Xing, Nan Zhang, Xueqiang Wang, and XiaoFeng Wang of Indiana University Bloomington; Xiaolong Bai of Tsinghua University; and Kai Chen of IIE, Chinese Academy of Sciences | CVE-2017-13176 |
| V.E.O (@VYSEa) of Mobile Threat Response Team, Trend Micro | CVE-2017-13196, CVE-2017-13186 |
| Wolfu (付敬贵) of Tencent Security Platform Department | CVE-2017-13219, CVE-2017-13207 |
| Xuan Xing of Google | CVE-2017-13217 |
| Yangkang (@dnpushme) of Qihoo360 Qex Team | CVE-2017-13200 |
| Yongke Wang (@Rudykewang) and Yuebin Sun of Tencent's Xuanwu Lab | CVE-2017-13202 |
| Yuan-Tsung Lo of C0RE Team | CVE-2017-13213, CVE-2017-13221 |
| Yu Pan and Yang Dai of Vulpecker Team, Qihoo 360 Technology Co. Ltd. | CVE-2017-0869 |
| Zinuo Han of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. | CVE-2017-13206, CVE-2017-13188, CVE-2017-13185 |
2017
| Researcher | CVEs |
|---|---|
| ADlab of Venustech | CVE-2017-0630 |
| Alexander Potapenko of Google Dynamic Tools team | CVE-2017-0537 |
| Alexandru Blanda | CVE-2017-0390 |
| Amir Cohen of Ben Gurion University Cyber Lab | CVE-2017-0650 |
| Ao Wang (@ArayzSegment) of Pangu Team | CVE-2017-0691, CVE-2017-0700 |
| Aravind Machiry of Shellphish Grill Team, University of California, Santa Barbara | CVE-2017-0865 |
| Dr. Asaf Shabtai of Ben Gurion University Cyber Lab | CVE-2017-0650 |
| Baozeng Ding (@sploving1) of Alibaba Mobile Security Group | CVE-2017-0463, CVE-2017-0506, CVE-2017-0711, CVE-2017-0741, CVE-2017-0742, CVE-2017-0751, CVE-2017-0796, CVE-2017-0798, CVE-2017-0800, CVE-2017-0827, CVE-2017-0843, CVE-2017-0864, CVE-2017-9703, CVE-2017-9708, CVE-2017-11000, CVE-2017-11059, CVE-2017-13170 |
| Ben Actis (@Ben_RA) | CVE-2016-8461 |
| Ben Seri of Armis, Inc. | CVE-2017-0781, CVE-2017-0782, CVE-2017-0783, CVE-2017-0785 |
| Billy Lau of Android Security | CVE-2017-0335, CVE-2017-0336, CVE-2017-0338, CVE-2017-0460, CVE-2017-8263, CVE-2017-9682, CVE-2017-13162 |
| Bo Liu of MS509Team | CVE-2017-0490, CVE-2017-0601, CVE-2017-0639, CVE-2017-0645, CVE-2017-0784, CVE-2017-11042 |
| Chao Yang of Alibaba Mobile Security Group | CVE-2016-10280, CVE-2016-10281, CVE-2017-0565 |
| Chenfu Bao (包沉浮) of Baidu X-Lab (百度安全实验室) | CVE-2016-8417, CVE-2016-10236, CVE-2017-0728, CVE-2017-0738, CVE-2017-0766, CVE-2017-0794, CVE-2017-9681, CVE-2017-9684, CVE-2017-9693, CVE-2017-9694, CVE-2017-9696, CVE-2017-9702, CVE-2017-9715, CVE-2017-9717, CVE-2017-9720, CVE-2017-11001, CVE-2017-10999, CVE-2017-11057, CVE-2017-11060, CVE-2017-11061, CVE-2017-11064, CVE-2017-11089, CVE-2017-11090 |
| Chengming Yang of Alibaba Mobile Security Group | CVE-2016-10280, CVE-2016-10281, CVE-2017-0463, CVE-2017-0506, CVE-2017-0565, CVE-2017-0711, CVE-2017-0741, CVE-2017-0742, CVE-2017-0751, CVE-2017-0796, CVE-2017-0798, CVE-2017-0800, CVE-2017-0827, CVE-2017-0843, CVE-2017-0864, CVE-2017-9708, CVE-2017-11000, CVE-2017-11059, CVE-2017-13170 |
| Chenxiong Qian of Georgia Tech | CVE-2017-0860 |
| Chi Zhang of C0RE Team | CVE-2017-0666, CVE-2017-0681, CVE-2017-0684, CVE-2017-0765, CVE-2017-0836, CVE-2017-0857, CVE-2017-0880, CVE-2017-13166 |
| Chiachih Wu (@chiachih_wu) of C0RE Team | CVE-2016-8425, CVE-2016-8426, CVE-2016-8430, CVE-2016-8431, CVE-2016-8432, CVE-2016-8449, CVE-2016-8435, CVE-2016-8480, CVE-2016-8481, CVE-2016-8482, CVE-2017-0383, CVE-2017-0384, CVE-2017-0385, CVE-2017-0398, CVE-2017-0400, CVE-2017-0401, CVE-2017-0402, CVE-2017-0428, CVE-2017-0429, CVE-2017-0435, CVE-2017-0436, CVE-2017-0444, CVE-2017-0448 |
| Chong Wang of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. | CVE-2017-0758 |
| Cong Zheng (@shellcong) of Palo Alto Networks | CVE-2017-0752 |
| Constantinos Patsakis of University of Piraeus | CVE-2017-0807 |
| Cusas (华为公司的cusas) | CVE-2017-0870 |
| Dacheng Shao of C0RE Team | CVE-2017-0483, CVE-2017-0739, CVE-2017-0769, CVE-2017-0801 |
| Daniel Dakhno | CVE-2017-0420 |
| Daniel Micay of Copperhead Security | CVE-2017-0397, CVE-2017-0405, CVE-2017-0410, CVE-2017-0826, CVE-2017-13160 |
| Daxing Guo (@freener0) of Xuanwu Lab, Tencent | CVE-2017-0386, CVE-2017-0553, CVE-2017-0585, CVE-2017-0706 |
| derrek (@derrekr6) | CVE-2016-8413, CVE-2016-8477, CVE-2017-0392, CVE-2017-0521, CVE-2017-0531, CVE-2017-0576, CVE-2017-8260 |
| Di Shen (@returnsme) of KeenLab (@keen_lab), Tencent | CVE-2016-8412, CVE-2016-8427, CVE-2016-8444, CVE-2016-10287, CVE-2017-0334, CVE-2017-0403, CVE-2017-0427, CVE-2017-0456, CVE-2017-0457, CVE-2017-0525, CVE-2017-8265 |
| donfos (Aravind Machiry) of Shellphish Grill Team, UC Santa Barbara | CVE-2016-5349, CVE-2016-8448, CVE-2016-8470, CVE-2016-8471, CVE-2016-8472 |
| Dzmitry Lukyanenka | CVE-2017-0414, CVE-2017-0703, CVE-2017-0808, CVE-2017-13157, CVE-2017-13158, CVE-2017-13159 |
| Ecular Xu (徐健) of Trend Micro | CVE-2017-0599, CVE-2017-0635, CVE-2017-0641, CVE-2017-0643, CVE-2017-0859 |
| Efthimios Alepis of University of Piraeus | CVE-2017-0807 |
| Elphet of Alpha Team, Qihoo 360 Technology Co. Ltd. | CVE-2017-0692, CVE-2017-0694, CVE-2017-0771, CVE-2017-0774, CVE-2017-0775 |
| En He (@heeeeen4x) of MS509Team | CVE-2017-0394, CVE-2017-0490, CVE-2017-0601, CVE-2017-0639, CVE-2017-0645, CVE-2017-0784, CVE-2017-11042 |
| Eric Lafortune of GuardSquare | CVE-2017-13156 |
| Ethan Yonker of Team Win Recovery Project | CVE-2017-0493 |
| Fang Chen of Sony Mobile Communications Inc. | CVE-2017-0481 |
| Frank Liberato of Chrome | CVE-2017-0409 |
| Gal Beniamini of Project Zero | CVE-2017-0411, CVE-2017-0412, CVE-2017-0561, CVE-2017-0569 CVE-2017-0570, CVE-2017-0571, CVE-2017-0572 |
| Gengjia Chen (@chengjia4574) of IceSword Lab, Qihoo 360 Technology Co. Ltd. | CVE-2016-8464, CVE-2016-10285, CVE-2016-10288, CVE-2016-10290, CVE-2016-10294, CVE-2016-10295, CVE-2016-10296, CVE-2017-0329, CVE-2017-0332, CVE-2017-0432, CVE-2017-0434, CVE-2017-0446, CVE-2017-0447, CVE-2017-0500, CVE-2017-0501, CVE-2017-0502, CVE-2017-0503, CVE-2017-0509, CVE-2017-0524, CVE-2017-0529, CVE-2017-0536, CVE-2017-0566, CVE-2017-0573, CVE-2017-0581, CVE-2017-0616, CVE-2017-0617, CVE-2017-0624, CVE-2017-0649, CVE-2017-0744, CVE-2017-6426, CVE-2017-8243, CVE-2017-8244, CVE-2017-8266, CVE-2017-8270, CVE-2017-9691, CVE-2017-10997 |
| Godzheng (郑文选 @VirtualSeekers) of Tencent PC Manager | CVE-2017-0602, CVE-2017-0646 |
| Google WebM Team | CVE-2017-0393 |
| Gregory Vishnepolsky of Armis, Inc. | CVE-2017-0781, CVE-2017-0782, CVE-2017-0783, CVE-2017-0785 |
| Guang Gong (龚广) (@oldfresher) of Alpha Team, Qihoo 360 Technology Co. Ltd. | CVE-2016-8415, CVE-2016-8419, CVE-2016-8420, CVE-2016-8421, CVE-2016-8454, CVE-2016-8455, CVE-2016-8456, CVE-2016-8457, CVE-2016-8465, CVE-2016-8476, CVE-2016-10283, CVE-2017-0387, CVE-2017-0415, CVE-2017-0437, CVE-2017-0438, CVE-2017-0439, CVE-2017-0441, CVE-2017-0442, CVE-2017-0443, CVE-2017-0453, CVE-2017-0454, CVE-2017-0461, CVE-2017-0464, CVE-2017-0547, CVE-2017-0567, CVE-2017-0574, CVE-2017-0575, CVE-2017-0577, CVE-2017-0580, CVE-2017-0584, CVE-2017-0692, CVE-2017-0694, CVE-2017-0727, CVE-2017-0748, CVE-2017-0771, CVE-2017-0774, CVE-2017-0775, CVE-2017-0786, CVE-2017-0787, CVE-2017-0788, CVE-2017-0789, CVE-2017-0790, CVE-2017-0791, CVE-2017-0792, CVE-2017-0825, CVE-2017-6424, CVE-2017-14904 |
| Guangdong Bai of Singapore Institute of Technology (SIT) | CVE-2017-0496 |
| Güliz Seray Tuncay of the University of Illinois at Urbana-Champaign | CVE-2017-0593 |
| Guo Haoran of King Team | CVE-2017-13172 |
| Hanxiang Wen of C0RE Team | CVE-2017-0400, CVE-2017-0418, CVE-2017-0479, CVE-2017-0480, CVE-2017-0665, CVE-2017-0681, CVE-2017-0737, CVE-2017-14904 |
| Hao Chen of Alpha Team, Qihoo 360 Technology Co. Ltd. | CVE-2016-8415, CVE-2016-8419, CVE-2016-8420, CVE-2016-8421, CVE-2016-8454, CVE-2016-8455, CVE-2016-8456, CVE-2016-8457, CVE-2016-8465, CVE-2016-8476, CVE-2016-10283, CVE-2017-0437, CVE-2017-0438, CVE-2017-0439, CVE-2017-0441, CVE-2017-0442, CVE-2017-0443, CVE-2017-0453, CVE-2017-0454, CVE-2017-0461, CVE-2017-0464, CVE-2017-0567, CVE-2017-0574, CVE-2017-0575, CVE-2017-0577, CVE-2017-0580, CVE-2017-0584, CVE-2017-0748, CVE-2017-0786, CVE-2017-0787, CVE-2017-0788, CVE-2017-0789, CVE-2017-0790, CVE-2017-0791, CVE-2017-0792, CVE-2017-0825, CVE-2017-6424 |
| Hao Qin of Security Research Lab, Cheetah Mobile | CVE-2017-11056 |
| Hiroki Yamamoto of Sony Mobile Communications Inc. | CVE-2017-0481 |
| Hongli Han (@HexB1n) of C0RE Team | CVE-2017-0384, CVE-2017-0385, CVE-2017-0731, CVE-2017-0739, CVE-2017-13154, CVE-2017-6276 |
| hujianfei of Qihoo360 Qex Team | CVE-2017-0753 |
| Ian Foster (@lanrat) | CVE-2017-0554 |
| Jack Tang of Trend Micro Inc. | CVE-2017-0579, CVE-2017-9706 |
| Jake Corina of Shellphish Grill Team | CVE-2017-0636, CVE-2017-0802 |
| Jason Gu of Trend Micro | CVE-2017-0780 |
| Jeff Sharkey of Google | CVE-2017-0421, CVE-2017-0423 |
| Jeff Trim | CVE-2017-0422 |
| Jeremy Huang (@bittorrent3389) of King Team | CVE-2017-13172 |
| Jianjun Dai (@Jioun_dai) of Qihoo 360 Skyeye Labs | CVE-2017-0478, CVE-2017-0541, CVE-2017-0559 |
| Jianqiang Zhao (@jianqiangzhao) of IceSword Lab, Qihoo 360 | CVE-2016-5346, CVE-2016-8416, CVE-2016-8475, CVE-2016-8478, CVE-2017-0445, CVE-2017-0458, CVE-2017-0459, CVE-2017-0518, CVE-2017-0519, CVE-2017-0533, CVE-2017-0534, CVE-2017-0862, CVE-2017-6425, CVE-2017-8233, CVE-2017-8261, CVE-2017-8268, CVE-2017-9718, CVE-2017-1000380 |
| Joey Brand of Census Consulting Inc. | CVE-2017-0698 |
| Jon Sawyer (@jcase) | CVE-2016-8461, CVE-2016-8462 |
| Jose Martinez | CVE-2017-0841 |
| Juhu Nie of Xiaomi Inc. | CVE-2016-10276 |
| Jun Cheng of Alibaba Inc. | CVE-2017-0404 |
| Justin Paupore of Google | CVE-2017-0831 |
| Kevin Deus of Google | CVE-2017-11052, CVE-2017-11054, CVE-2017-11055, CVE-2017-11062 |
| Lenx Wei (韦韬) of Baidu X-Lab (百度安全实验室) | CVE-2016-8417, CVE-2016-10236, CVE-2017-0728, CVE-2017-0738, CVE-2017-0766, CVE-2017-0794 CVE-2017-9681, CVE-2017-9684, CVE-2017-9693, CVE-2017-9694, CVE-2017-9696, CVE-2017-9702, CVE-2017-9715, CVE-2017-9717, CVE-2017-9720, CVE-2017-10999, CVE-2017-11001, CVE-2017-11057, CVE-2017-11060, CVE-2017-11061, CVE-2017-11064, CVE-2017-11089, CVE-2017-11090 |
| Liyadong of Qex Team, Qihoo 360 | CVE-2017-0647 |
| Lorenzo Nicolodi | CVE-2017-13165 |
| Lubo Zhang of C0RE Team | CVE-2016-8479, CVE-2017-0564, CVE-2017-7368 |
| ma.la of LINE Corporation | CVE-2016-5552 |
| Makoto Onuki of Google | CVE-2017-0491 |
| Marco Bartoli (@wsxarcher) | CVE-2017-0712 |
| Mark Salyzyn of Google | CVE-2017-0558 |
| Max Spector of Google | CVE-2017-0416 |
| Michael Goberman of IBM Security X-Force | CVE-2016-8467 |
| Michal Bednarski | CVE-2017-0598, CVE-2017-0806, CVE-2017-0871 |
| Mike Anderson (@manderbot) of Tesla Motors Product Security Team | CVE-2017-0327, CVE-2017-0328 |
| Mingjian Zhou (@Mingjian_Zhou) of C0RE Team | CVE-2017-0383, CVE-2017-0417, CVE-2017-0418, CVE-2017-0425, CVE-2017-0450, CVE-2017-0479, CVE-2017-0480, CVE-2017-0483, CVE-2017-0665, CVE-2017-0666, CVE-2017-0681, CVE-2017-0684, CVE-2017-0731, CVE-2017-0737, CVE-2017-0739, CVE-2017-0765, CVE-2017-0768, CVE-2017-0769, CVE-2017-0779, CVE-2017-0801, CVE-2017-0812, CVE-2017-0815, CVE-2017-0816, CVE-2017-0836, CVE-2017-0837, CVE-2017-0840, CVE-2017-0857, CVE-2017-8080, CVE-2017-6276, CVE-2017-13152, CVE-2017-13154, CVE-2017-13166, CVE-2017-13169, CVE-2017-14904 |
| Monk Avel | CVE-2017-0396, CVE-2017-0399 |
| Nan Li of Xiaomi Inc. | CVE-2016-10276 |
| Nathan Crandall (@natecray) | CVE-2017-0535 |
| Nathan Crandall (@natecray) of Tesla Motors Product Security Team | CVE-2017-0306, CVE-2017-0327, CVE-2017-0328, CVE-2017-0331, CVE-2017-0606, CVE-2017-8242, CVE-2017-9679 |
| Nick Stephens of Shellphish Grill Team | CVE-2017-0636, CVE-2017-0802 |
| Nikolay Elenkov of LINE Corporation | CVE-2016-5552 |
| Niky1235 (@jiych_guru) | CVE-2017-0603, CVE-2017-0670, CVE-2017-0697, CVE-2017-0726, CVE-2017-0818 |
| Ning You of Alibaba Mobile Security Group | CVE-2016-10280, CVE-2016-10281, CVE-2017-0463, CVE-2017-0565 |
| Nitay Artenstein of Exodus Intelligence | CVE-2017-9417 |
| Omer Shwartz of Ben Gurion University Cyber Lab | CVE-2017-0650 |
| Peide Zhang of Vulpecker Team, Qihoo 360 Technology Co. Ltd. | CVE-2017-0618, CVE-2017-0625 |
| Peng Xiao of Alibaba Mobile Security Group | CVE-2016-10280, CVE-2016-10281, CVE-2017-0463, CVE-2017-0506, CVE-2017-0565, CVE-2017-0842 |
| Pengfei Ding (丁鹏飞) of Baidu X-Lab (百度安全实验室) | CVE-2016-8417, CVE-2016-10236, CVE-2017-0728, CVE-2017-0738, CVE-2017-0766, CVE-2017-0794, CVE-2017-9681, CVE-2017-9684, CVE-2017-9693, CVE-2017-9694, CVE-2017-9696, CVE-2017-9702, CVE-2017-9715, CVE-2017-9717, CVE-2017-9720, CVE-2017-11001, CVE-2017-10999, CVE-2017-11057, CVE-2017-11060, CVE-2017-11061, CVE-2017-11064, CVE-2017-11089, CVE-2017-11090 |
| Peter Pi of Tencent Security Platform Department | CVE-2017-11046, CVE-2017-11091 |
| Peter Pi (@heisecode) of Trend Micro | CVE-2016-8424, CVE-2016-8428, CVE-2016-8429, CVE-2016-8460, CVE-2016-8469, CVE-2016-8473, CVE-2016-8474 |
| pjf of IceSword Lab, Qihoo 360 Technology Co. Ltd. | CVE-2016-5346, CVE-2016-8416, CVE-2016-8464, CVE-2016-8475, CVE-2016-8478, CVE-2016-10285, CVE-2016-10288, CVE-2016-10290, CVE-2016-10294, CVE-2016-10295, CVE-2016-10296, CVE-2017-0329, CVE-2017-0332, CVE-2017-0432, CVE-2017-0434, CVE-2017-0445, CVE-2017-0446, CVE-2017-0447, CVE-2017-0458, CVE-2017-0459, CVE-2017-0500, CVE-2017-0501, CVE-2017-0502, CVE-2017-0503, CVE-2017-0509, CVE-2017-0518, CVE-2017-0519, CVE-2017-0524, CVE-2017-0529, CVE-2017-0533, CVE-2017-0534, CVE-2017-0536, CVE-2017-0566, CVE-2017-0573, CVE-2017-0581, CVE-2017-0616, CVE-2017-0617, CVE-2017-0624, CVE-2017-0649, CVE-2017-0744, CVE-2017-0862, CVE-2017-6425, CVE-2017-6426, CVE-2017-8233, CVE-2017-8243, CVE-2017-8244, CVE-2017-8261, CVE-2017-8266, CVE-2017-8268, CVE-2017-8270, CVE-2017-9691, CVE-2017-9718, CVE-2017-10997, CVE-2017-1000380 |
| Qidan He (何淇丹) (@flanker_hqd) of KeenLab, Tencent (腾讯科恩实验室) | CVE-2017-0325, CVE-2017-0337, CVE-2017-0382, CVE-2017-0427, CVE-2017-0476, CVE-2017-0544, CVE-2017-0861, CVE-2017-0866, CVE-2017-13167, CVE-2017-13324, CVE-2017-15868 |
| Qing Zhang of Qihoo 360 | CVE-2017-0496 |
| Qiwu Huang of Xiaomi Inc. | CVE-2016-10276 |
| Quhe of Ant-financial Light-Year Security Lab (蚂蚁金服巴斯光年安全实验室) | CVE-2017-0522 |
| Roee Hay (@roeehay) of Aleph Research, HCL Technologies | CVE-2016-10277, CVE-2017-0563, CVE-2017-0582, CVE-2017-0648, CVE-2017-0829, CVE-2017-13174 |
| Roee Hay of IBM Security X-Force Research | CVE-2016-8467, CVE-2017-0510 |
| Sagi Kedmi of IBM Security X-Force Research | CVE-2017-0433, CVE-2017-0510 |
| Sahara of Secure Communications in DarkMatter | CVE-2017-0528 |
| salls (@chris_salls) of Shellphish Grill Team, UC Santa Barbara | CVE-2017-0505, CVE-2017-13168 |
| Scott Bauer (@ScottyBauer1) | CVE-2016-10274, CVE-2017-0339, CVE-2017-0405, CVE-2017-0504, CVE-2017-0516, CVE-2017-0521, CVE-2017-0562, CVE-2017-0576, CVE-2017-0705, CVE-2017-0740, CVE-2017-8259, CVE-2017-8260, CVE-2017-9680, CVE-2017-11053, CVE-2017-13160 |
| Sean Beaupre (@firewaterdevs) | CVE-2016-8461, CVE-2016-8462, CVE-2017-0455 |
| Seven Shen (@lingtongshen) of Trend Micro Mobile Threat Research Team | CVE-2016-8418, CVE-2016-8466, CVE-2016-10231, CVE-2017-0449, CVE-2017-0452, CVE-2017-0578, CVE-2017-0586, CVE-2017-0724, CVE-2017-0772, CVE-2017-0780, CVE-2017-6247, CVE-2017-6248, CVE-2017-6249, CVE-2017-7369 |
| Shinichi Matsumoto of Fujitsu | CVE-2017-0498 |
| Simon Chung of Georgia Tech | CVE-2017-0860 |
| Stéphane Marques of ByteRev | CVE-2017-0489 |
| Stephen Morrow | CVE-2017-0389 |
| Svetoslav Ganov of Google | CVE-2017-0492 |
| Tim Becker | CVE-2017-0546 |
| Timothy Becker of CSS Inc. | CVE-2017-0667, CVE-2017-0732, CVE-2017-0805 |
| Tong Lin of C0RE Team | CVE-2016-8425, CVE-2016-8426, CVE-2016-8449, CVE-2016-8479, CVE-2016-8481, CVE-2016-10291, CVE-2017-0333, CVE-2017-0428, CVE-2017-0435, CVE-2017-0436, CVE-2017-10661 |
| Uma Sankar Pradhan (@umasankar_iitd) | CVE-2017-0560 |
| Valerio Costamagna (@vaio_co) | CVE-2017-0712 |
| Vasily Vasiliev | CVE-2017-0589, CVE-2017-0637, CVE-2017-0638, CVE-2017-0642, CVE-2017-0675, CVE-2017-0676, CVE-2017-0682, CVE-2017-0683, CVE-2017-0696, CVE-2017-0699, CVE-2017-0701, CVE-2017-0702, CVE-2017-0716, CVE-2017-0757 |
| V.E.O (@VYSEa) of Mobile Threat Research Team, Trend Micro | CVE-2017-0381, CVE-2017-0424, CVE-2017-0466, CVE-2017-0467, CVE-2017-0468, CVE-2017-0469, CVE-2017-0470, CVE-2017-0471, CVE-2017-0472, CVE-2017-0473, CVE-2017-0482, CVE-2017-0484, CVE-2017-0485, CVE-2017-0486, CVE-2017-0487, CVE-2017-0494, CVE-2017-0495, CVE-2017-0538, CVE-2017-0539, CVE-2017-0540, CVE-2017-0555, CVE-2017-0556, CVE-2017-0557, CVE-2017-0587, CVE-2017-0590, CVE-2017-0600, CVE-2017-0640, CVE-2017-0674, CVE-2017-0677, CVE-2017-0679, CVE-2017-0680, CVE-2017-0685, CVE-2017-0686, CVE-2017-0689, CVE-2017-0693, CVE-2017-0695, CVE-2017-0713, CVE-2017-0715, CVE-2017-0750, CVE-2017-10662, CVE-2017-10663 |
| wanchouchou of Ant-financial Light-Year Security Lab (蚂蚁金服巴斯光年安全实验室) | CVE-2017-0522 |
| Weichao Sun (@sunblate) of Alibaba Inc. | CVE-2017-0391, CVE-2017-0407, CVE-2017-0549, CVE-2017-0759 |
| Wenjun Hu of Palo Alto Networks | CVE-2017-0752 |
| Wenke Lee of Georgia Tech | CVE-2017-0860 |
| Wenke Dou of C0RE Team | CVE-2017-0384, CVE-2017-0385, CVE-2017-0398, CVE-2017-0400, CVE-2017-0401, CVE-2017-0402, CVE-2017-0417, CVE-2017-0418, CVE-2017-0450, CVE-2017-0483, CVE-2017-0768, CVE-2017-0779, CVE-2017-0812, CVE-2017-0815, CVE-2017-0816 |
| Wenlin Yang (@wenlin_yang) of Alpha Team, Qihoo 360 Technology Co. Ltd. | CVE-2017-0577, CVE-2017-0580 |
| Wish Wu (@wish_wu) (吴潍浠 此彼) of Ant-financial Light-Year Security Lab | CVE-2017-0408, CVE-2017-0477, CVE-2017-11063, CVE-2017-11092 |
| Wolfu (付敬贵) of Tencent Security Platform Department | CVE-2017-0863, CVE-2017-11050, CVE-2017-11051, CVE-2017-11067, CVE-2017-11073, CVE-2017-11093 |
| Xiangqian Zhang of Alibaba Mobile Security Group | CVE-2017-0796, CVE-2017-0827 |
| Xiao Zhang of Palo Alto Networks | CVE-2017-0752 |
| Xiaodong Wang of C0RE Team | CVE-2017-0429, CVE-2017-0448 |
| Xiling Gong of Tencent Security Platform Department | CVE-2017-0597, CVE-2017-0708, CVE-2017-8236, CVE-2017-9690 |
| Xingyuan Lin of 360 Marvel Team | CVE-2017-0627, CVE-2017-13163 |
| Xuxian Jiang of C0RE Team | CVE-2016-8425, CVE-2016-8426, CVE-2016-8430, CVE-2016-8431, CVE-2016-8432, CVE-2016-8449, CVE-2016-8435, CVE-2016-8479, CVE-2016-8480, CVE-2016-8481, CVE-2016-8482, CVE-2016-10291, CVE-2017-0326, CVE-2017-0333, CVE-2017-0383, CVE-2017-0384, CVE-2017-0385, CVE-2017-0398, CVE-2017-0400, CVE-2017-0401, CVE-2017-0402, CVE-2017-0417, CVE-2017-0418, CVE-2017-0425, CVE-2017-0428, CVE-2017-0429, CVE-2017-0435, CVE-2017-0436, CVE-2017-0444, CVE-2017-0448, CVE-2017-0450, CVE-2017-0479, CVE-2017-0480, CVE-2017-0483, CVE-2017-0526, CVE-2017-0527, CVE-2017-0651, CVE-2017-0665, CVE-2017-0666, CVE-2017-0681, CVE-2017-0684, CVE-2017-0709, CVE-2017-0731, CVE-2017-0737, CVE-2017-0739, CVE-2017-0765, CVE-2017-0768, CVE-2017-0769, CVE-2017-0779, CVE-2017-0801, CVE-2017-7368, CVE-2017-8264, CVE-2017-10661 |
| XTN | CVE-2017-13165 |
| Yan Zhou of Eagleye team, SCC, Huawei | CVE-2017-9678 |
| Yanfeng Wang of C0RE Team | CVE-2016-8430, CVE-2016-8482 |
| Yang Cheng of Xiaomi Inc. | CVE-2016-10276 |
| Yang Dai of Vulpecker Team, Qihoo 360 Technology Co. Ltd | CVE-2017-0795, CVE-2017-0799, CVE-2017-0804, CVE-2017-0803, CVE-2017-6262, CVE-2017-6263, CVE-2017-6280 |
| Yang Song of Alibaba Mobile Security Group | CVE-2016-10280, CVE-2016-10281, CVE-2017-0463, CVE-2017-0506, CVE-2017-0565, CVE-2017-0711, CVE-2017-0741, CVE-2017-0742, CVE-2017-0751, CVE-2017-0796, CVE-2017-0798, CVE-2017-0800, CVE-2017-0827, CVE-2017-0842, CVE-2017-0843, CVE-2017-0864, CVE-2017-11000, CVE-2017-11059, CVE-2017-9703, CVE-2017-9708, CVE-2017-13170 |
| Yanick Fratantonio (UC Santa Barbara, Shellphish Grill Team, EURECOM) | CVE-2017-0860 |
| Yangkang (@dnpushme) of Qex Team, Qihoo 360 | CVE-2017-0647, CVE-2017-0690, CVE-2017-0753 |
| Yao Jun of C0RE Team | CVE-2016-8431, CVE-2016-8432, CVE-2016-8435, CVE-2016-8480 |
| Yaoguang Chen of Ant-financial Light-Year Security Lab (蚂蚁金服巴斯光年安全实验室) | CVE-2017-13171 |
| Yong Wang (王勇) (@ThomasKing2014) of Alibaba Inc. | CVE-2017-0404, CVE-2017-0588, CVE-2017-0842, CVE-2017-13164, CVE-2017-9708, CVE-2017-13170 |
| Yonggang Guo (@guoygang) of IceSword Lab, Qihoo 360 Technology Co. Ltd. | CVE-2016-10289, CVE-2017-0465, CVE-2017-0564, CVE-2017-0746, CVE-2017-0749, CVE-2017-7370, CVE-2017-8267, CVE-2017-8269, CVE-2017-8271, CVE-2017-8272, CVE-2017-11048, CVE-2017-12146 |
| Yongke Wang of Tencent's Xuanwu Lab | CVE-2017-0729, CVE-2017-0767, CVE-2017-0839, CVE-2017-0848 |
| Dr. Yossi Oren of Ben Gurion University Cyber Lab | CVE-2017-0650 |
| Yu Pan of Vulpecker Team, Qihoo 360 Technology Co. Ltd | CVE-2016-10282, CVE-2017-0517, CVE-2017-0532, CVE-2017-0615, CVE-2017-0618, CVE-2017-0625, CVE-2017-0795, CVE-2017-0799, CVE-2017-0804, CVE-2017-0803, CVE-2017-6262, CVE-2017-6263, CVE-2017-6280 |
| Yuan-Tsung Lo of C0RE Team | CVE-2016-8425, CVE-2016-8426, CVE-2016-8430, CVE-2016-8431, CVE-2016-8432, CVE-2016-8435, CVE-2016-8449, CVE-2016-8479, CVE-2016-8480, CVE-2016-8481, CVE-2016-8482, CVE-2016-10291, CVE-2017-0326, CVE-2017-0333, CVE-2017-0428, CVE-2017-0429, CVE-2017-0435, CVE-2017-0436, CVE-2017-0444, CVE-2017-0448, CVE-2017-0526, CVE-2017-0527, CVE-2017-6264, CVE-2017-6274, CVE-2017-6275, CVE-2017-0651, CVE-2017-0709, CVE-2017-0824, CVE-2017-7368, CVE-2017-8264, CVE-2017-10661, CVE-2017-14903 |
| Yuebin Sun of Tencent's Xuanwu Lab | CVE-2017-0767, CVE-2017-0839, CVE-2017-0848 |
| Yuqi Lu (@nikos233) of C0RE Team | CVE-2017-0383, CVE-2017-0401, CVE-2017-0417, CVE-2017-0425, CVE-2017-0483 |
| Yuxiang Li (@Xbalien29) of Tencent Security Platform Department | CVE-2017-0395, CVE-2017-0669, CVE-2017-0704 |
| Zach Riggle (@ebeip90) of the Android Security Team | CVE-2017-0710 |
| Zhanpeng Zhao (行之) (@0xr0ot) of Security Research Lab, Cheetah Mobile | CVE-2016-8451 |
| Zhe Jin (金哲) of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. | CVE-2017-0758, CVE-2017-0760 |
| Zhen Zhou (@henices) of NSFocus | CVE-2017-0406 |
| Zhi Xu of Palo Alto Networks | CVE-2017-0752 |
| Zhixin Li of NSFocus | CVE-2017-0406 |
| Zinuo Han from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd. | CVE-2017-0475, CVE-2017-0497, CVE-2017-0548, CVE-2017-0678, CVE-2017-0691, CVE-2017-0700, CVE-2017-0714, CVE-2017-0718, CVE-2017-0719, CVE-2017-0720, CVE-2017-0722, CVE-2017-0725, CVE-2017-0745, CVE-2017-0760, CVE-2017-0761, CVE-2017-0764, CVE-2017-0776, CVE-2017-0777, CVE-2017-0778, CVE-2017-0813, CVE-2017-0814, CVE-2017-0820, CVE-2017-0823, CVE-2017-0850, CVE-2017-0858, CVE-2017-0879 |
| Zubin Mithra of Google | CVE-2017-0462, CVE-2017-8241 |
Additional contributions
We would also like to acknowledge the contributions of the following individuals to Android security:
- William Roberts (william.c.roberts@intel.com)
2016
Abhishek Arya of Google Chrome Security Team
Adam Donenfeld et al. of Check Point Software Technologies Ltd.
Adam Powell of Google
Alex Chapman of Context Information Security
Altaf Shaik of Security in Telecommunications
Andre Teixeira Rizzo
Andrea Biondo
Andrei Kapishnikov of Google
Andy Tyler (@ticarpi) of e2e-assure
Anestis Bechtsoudis (@anestisb) of CENSUS S.A.
Ao Wang (@ArayzSegment) of PKAV, Silence Information Technology
Askyshang of Security Platform Department, Tencent
Baozeng Ding of Alibaba Mobile Security Group
Ben Hawkes of Google Project Zero
Billy Lau of Android Security
Brad Ebinger of Google Telecom Team
Broadgate Team
Chad Brubaker of Android Security
Chao Yang of Alibaba Mobile Security Group
Chenfu Bao (包沉浮) of Baidu X-Lab
Chengming Yang of Alibaba Mobile Security Group
Chiachih Wu (@chiachih_wu) of C0RE Team from Qihoo 360
Christian Seel
Christopher Tate of Google
Constantinos Patsakis of University of Piraeus
Cory Pruce of Carnegie Mellon University
Cristiano Giuffrida of Vrije Universiteit Amsterdam
Daniel Micay of Copperhead Security
David Benjamin of Google
David Riley of the Google Pixel C Team
Dawei Peng (Vinc3nt4H) of Alibaba Mobile Security Team
Di Shen (@returnsme) of KeenLab (@keen_lab), Tencent
Dianne Hackborn of Google
Dmitry Vyukov of Google Dynamic Tools team
Dominik Schürmann of Institute for Operating Systems and Computer Networks, TU Braunschweig
Dongdong She of UC Riverside
Dongkwan Kim (dkay@kaist.ac.kr) of System Security Lab, KAIST
dosomder
dragonltx of Alibaba mobile security team
DS
Dzmitry Lukyanenka (www.linkedin.com/in/dzima)
Ecular Xu (徐健) of Trend Micro
Efthimios Alepis of University of Piraeus
En He (@heeeeen4x) of MS509Team
Gal Beniamini (@laginimaineb, http://bits-please.blogspot.com)
Gengjia Chen (@chengjia4574) of Lab 0x031E, Qihoo 360 Technology Co. Ltd
Gengming Liu (刘耕铭) (@dmxcsnsbh) of KeenLab, Tencent
George Piskas of École polytechnique fédérale de Lausanne
Giovanni Vigna of University of California, Santa Barbara
Greg Kaiser of Google Android Team
Guang Gong (龚广) (@oldfresher) of Qihoo 360 Technology Co. Ltd.
Hang Zhang of UC Riverside
Hao Chen of Vulpecker Team, Qihoo 360 Technology Co. Ltd.
Hao Qin of Security Research Lab, Cheetah Mobile
Herbert Bos of Vrije Universiteit Amsterdam
Hongil Kim (hongilk@kaist.ac.kr) of System Security Lab, KAIST
Imre Rad of Search-Lab Ltd.
Jake Valletta of Mandiant, a FireEye company
James Forshaw of Google Project Zero
Jann Horn (https://thejh.net)
Jeremy C. Joslin of Google
jfang of KEEN lab, Tencent (@K33nTeam)
Jianqiang Zhao (@jianqiangzhao) of IceSword Lab, Qihoo 360
Joshua Drake (@jduck)
Jouni Malinen PGP id EFC895FA
Kai Lu (@K3vinLuSec) of Fortinet's FortiGuard Labs
Kandala Shivaram reddy
Kaveh Razavi of Vrije Universiteit Amsterdam
Kenny Root of Google
Lee Campbell of Google
Maciej Szawłowski of the Google Security Team
Madhu Priya Murugan of CISPA, Saarland University
Makoto Onuki of Google
Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent
Marco Nelissen of Google
Mark Brand of Google Project Zero
Mark Renouf of Google
Martin Barbella of Google Chrome Security Team
Martina Lindorfer of University of California, Santa Barbara
Max Spector of Google
MengLuo Gou (@idhyt3r) of Bottle Tech
Michał Bednarski ( github.com/michalbednarski)
Mike Maarse
Min Chong of Android Security
Mingjian Zhou (@Mingjian_Zhou) of C0RE Team, Qihoo 360
Miriam Gershenson of Google
Nancy Wang of Vertu Corporation LTD
Nathan Crandall (@natecray) of Tesla Motors Product Security Team
Nico Golde (@iamnion) of Qualcomm Product Security Initiative
Nightwatch Cybersecurity Research (@nightwatchcyber)
Ning You of Alibaba Mobile Security Group
Oleksiy Vyalov of Google
Oliver Chang of Google Chrome Security Team
Paul Stone of Context Information Security
Peng Xiao of Alibaba Mobile Security Group
Pengfei Ding (丁鹏飞) of Baidu X-Lab
Peter Pi (@heisecode) of Trend Micro
pjf of IceSword Lab, Qihoo 360
Quan Nguyen of Google Information Security Engineer Team
Qianwei Hu (rayxcp@gmail.com) of WooYun TangLab
Qidan He (@Flanker_hqd) of KeenLab (@keen_lab), Tencent
Richard Shupak
Ricky Wai of Google
Robin Lee of Google
Roee Hay, IBM Security X-Force Researcher
Roeland Krak
Romain Trouvé of MWR Labs
Ronald L. Loor Vargas (@loor_rlv) of TEAM Lv51
Sagi Kedmi, IBM Security X-Force Researcher
Samuel Tan of Google
Santos Cordon of Google Telecom Team
Sen Nie (@nforest_) of KEEN lab, Tencent (@K33nTeam)
Sergey Bobrov (@Black2Fan) of Kaspersky Lab
Seven Shen (@lingtongshen) of Trend Micro (www.trendmicro.com)
Sharvil Nanavati of Google
Shinjo Park (@ad_ili_rai) of Security in Telecommunications
Stuart Henderson
Su Mon Kywe of Singapore Management University
Tao (Lenx) Wei (韦韬) of Baidu X-Lab
Thom Does
Tieyan Li of Huawei
Tim Strazzere (@timstrazz) of SentinelOne / RedNaga
Tom Craig of Google X
Tom Rootjunky
Tongxin Li of Peking University
trotmaster (@trotmaster99)
Vasily Vasilev
Victor Chang of Google
Victor van der Veen of Vrije Universiteit Amsterdam
Vignesh Venkatasubramanian of Google
Vishwath Mohan of Android Security
Wei Wei (@Danny__Wei) of Xuanwu LAB, Tencent
Weichao Sun (@sunblate) of Alibaba Inc
Wen Niu (@NWMonster) of KeenLab (@keen_lab), Tencent
Wenlin Yang of Alpha Team, Qihoo 360 Technology Co. Ltd.
William Roberts ( william.c.roberts@intel.com)
Wish Wu (@wish_wu) (吴潍浠) of Mobile Threat Response Team, Trend Micro Inc.
Xiaofeng Wang of Indiana University Bloomington
Xiling Gong of Tencent Security Platform Department
Xingyu He (何星宇) (@Spid3r_) of Alibaba Inc
Xinhui Han of Peking University
Xuxian Jiang of C0RE Team, Qihoo 360
Yabin Cui from Android Bionic Team
Yacong Gu of TCA Lab, Institute of Software, Chinese Academy of Sciences
Yakov Shafranovich of Nightwatch Cybersecurity
Yang Dong of Alibaba Mobile Security Group
Yang Song of Alibaba Mobile Security Group
Yanick Fratantonio of University of California, Santa Barbara
Yeonjoon Lee of Indiana University Bloomington
Yi Zhang of Alibaba Mobile Security Group
Yingjiu Li of Singapore Management University
Yong Shi of Eagleye team, SCC, Huawei
Yong Wang (王勇) (@ThomasKing2014) of Alibaba Inc.
Yongke Wang (@Rudykewang) of Xuanwu LAB, Tencent
Yongzheng Wu of Huawei
Yuan-Tsung Lo (computernik@gmail.com) of C0RE Team
Yulong Zhang of Baidu X-Lab
Yuru Shao of University of Michigan Ann Arbor
Yuxiang Li (@Xbalien29) of Tencent Security Platform Department
Zach Riggle (@ebeip90) of the Android Security Team
Zhanpeng Zhao (行之) (@0xr0ot) of Security Research Lab, Cheetah Mobile
Zhe Jin (金哲) of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd.
Zhiyun Qian of UC Riverside
Zinuo Han of PKAV, Silence Information Technology
Zubin Mithra of Google
2015
Abhishek Arya, Google Chrome Security Team
Alex Copot
Alex Eubanks
Alexandru Blanda
Arne Swinnen (www.arneswinnen.net)
Artem Chaykin
Ben Hawkes
Brennan Lautner
Chiachih Wu of C0RE Team from Qihoo 360
Darmstadt (siegfried.rasthofer@gmail.com)
Daniel Micay (daniel.micay@copperhead.co) at Copperhead Security
Dongkwan Kim of System Security Lab, KAIST (dkay@kaist.ac.kr)
dragonltx of Alibaba Mobile Security Team
Gal Beniamini ( http://bits-please.blogspot.com)
Guang Gong (龚广) (@oldfresher, higongguang@gmail.com) of Qihoo 360 Technology Co.Ltd
Hongil Kim of System Security Lab, KAIST (hongilk@kaist.ac.kr)
Ian Beer of Google Project Zero
Iván Arce (@4Dgifts) of Programa STIC at Fundación Dr. Manuel Sadosky, Buenos Aires Argentina
Jack Tang of Trend Micro (@jacktang310)
jgor of The University of Texas at Austin (@indiecom)
Joaquín Rinaudo (@xeroxnir) of Programa STIC at Fundación Dr. Manuel Sadosky, Buenos Aires Argentina
Jordan Gruskovnjak of Exodus Intelligence (@jgrusko)
Joshua Drake of Zimperium
Lei Wu of C0RE Team from Qihoo 360
Marco Grassi (@marcograss) of KeenTeam (@K33nTeam)
Mark Carter (@hanpingchinese) of EmberMitre Ltd
Martin Barbella, Google Chrome Security Team
Michael Peck of The MITRE Corporation (mpeck@mitre.org)
Michał Bednarski ( https://github.com/michalbednarski)
Michael Roland of JR-Center u'smile at University of Applied Scienses, Upper Austria/Hagenberg
Natalie Silvanovich of Google Project Zero
Oliver Chang, Google Chrome Security Team
Peter Pi of Trend Micro
Ping Li of Qihoo 360 Technology Co. Ltd
Qidan He (@flanker_hqd) from KeenTeam (@K33nTeam, http://k33nteam.org/)
Roee Hay and Or Peles
Seven Shen of Trend Micro
Siegfried Rasthofer of Secure Software Engineering Group, EC SPRIDE Technische Universität
Stephan Huber of Testlab Mobile Security, F raunhofer SIT (Stephan.Huber@sit.fraunhofer.de)
Steven Vittitoe of Google Project Zero
Tony Beltramelli (@Tbeltramelli) of tonybeltramelli.com
Tzu-Yin (Nina) Tai
Wangtao(neobyte) of Baidu X-Team
Wen Xu (@antlr7) from KeenTeam (@K33nTeam, http://k33nteam.org/)
William Roberts ( william.c.roberts@intel.com)
Wish Wu of Trend Micro Inc. (@wish_wu)
Xuxian Jiang of C0RE Team from Qihoo 360
Yajin Zhou of C0RE Team from Qihoo 360
2014
Aaron Mangel of Banno (amangel@gmail.com)
Alex Park (@saintlinu)
Alexandru Gheorghita
Ange Albertini (@angealbertini)
Axelle Apvrille of Fortinet, FortiGuards Labs
Dan Amodio of Aspect Security (@DanAmodio)
Henry Hoggard of MWR Labs (@HenryHoggard)
Imre Rad of Search-Lab Ltd.
Jeff Forristal of Bluebox Security
Joseph Redfern of MWR Labs
(@JosephRedfern)
Kunal Patel of Samsung KNOX Security Team (kunal.patel1@samsung.com)
Luander Michel Ribeiro (@luanderock)
Luyi Xing of Indiana University Bloomington (xingluyi@gmail.com)
Marc Blanchou (@marcblanchou)
Mathew Solnik (@msolnik)
Raimondas Sasnauskas of University of Utah
Robert Craig of
Trusted Systems Research Group, US National Security Agency
Scotty Bauer of University of Utah (sbauer@eng.utah.edu)
Sebastian Brenza
Siegfried Rasthofer of Secure Software Engineering Group, EC SPRIDE Technische Universität Darmstadt (siegfried.rasthofer@gmail.com)
Stephan Huber of Testlab Mobile Security, Fraunhofer SIT (Stephan.Huber@sit.fraunhofer.de)
Stephen Smalley of
Trusted Systems Research Group, US National Security Agency
Steven Arzt of Secure Software Engineering Group, EC SPRIDE Technische Universität Darmstadt (Steven.Arzt@ec-spride.de)
Tongxin Li of Peking University (litongxin1991@gmail.com)
Tony Trummer of The Men in the Middle
(@SecBro1)
Valera Neronov
Wang Tao of Baidu X-Team (wintao@gmail.com)
Wang Yu of Baidu X-Team (@xi4oyu)
William Roberts (bill.c.roberts@gmail.com)
Xiaofeng Wang of Indiana University Bloomington (xw7@indiana.edu)
Xiaoyong Zhou of
Indiana University Bloomington
(@xzhou,
zhou.xiaoyong@gmail.com)
Xinhui Han of Peking University (hanxinhui@pku.edu.cn)
Yeonjoon Lee of Indiana University Bloomington (luc2yj@gmail.com)
Zhang Dong Hui of Baidu X-Team (shineastdh)
2013
Ivaylo Marinkov of eCommera (ivo@tsarstva.bg)
Jon Sawyer of Applied Cybersecurity LLC (jon@cunninglogic.com)
Joshua J. Drake of Accuvant LABS
(@jduck)
Kan Yuan
Lucas Yang (amadoh4ck) of RaonSecurity (amadoh4ck@gmail.com)
Luyi Xing of Indiana University Bloomington (xingluyi@gmail.com)
Mike Ryan of
iSEC Partners
(@mpeg4codec,
mikeryan@isecpartners.com
)
Muhammad Naveed
of University of Illinois
at Urbana-Champaign
(naveed2@illinois.edu)
Qualcomm Product Security Initiative
Roee Hay (@roeehay, roeehay@gmail.com)
Robert Craig of
Trusted Systems Research Group, US National Security Agency
Ruben Santamarta of IOActive (@reversemode)
Stephen Smalley of
Trusted Systems Research Group, US National Security Agency
William Roberts (bill.c.roberts@gmail.com)
Xiaorui Pan of Indiana University Bloomington (eagle200467@gmail.com)
XiaoFeng Wang of Indiana University Bloomington (xw7@indiana.edu)
2012
David Weinstein (@insitusec) of viaForensics
Ravishankar Borgaonkari (@raviborgaonkar) of TU Berlin
Robert Craig of
Trusted Systems Research Group, US National Security Agency
Roee Hay (@roeehay, roeehay@gmail.com)
Stephen Smalley of
Trusted Systems Research Group, US National Security Agency
2011
Collin Mulliner of MUlliNER.ORG (@collinrm)
2009
Charlie Miller (@0xcharlie)
Collin Mulliner of MUlliNER.ORG (@collinrm)
Content and code samples on this page are subject to the licenses described in the Content License. Java and OpenJDK are trademarks or registered trademarks of Oracle and/or its affiliates.
Last updated 2023-12-04 UTC.
[{
"type": "thumb-down",
"id": "missingTheInformationINeed",
"label":"Missing the information I need"
},{
"type": "thumb-down",
"id": "tooComplicatedTooManySteps",
"label":"Too complicated / too many steps"
},{
"type": "thumb-down",
"id": "outOfDate",
"label":"Out of date"
},{
"type": "thumb-down",
"id": "samplesCodeIssue",
"label":"Samples / code issue"
},{
"type": "thumb-down",
"id": "otherDown",
"label":"Other"
}]
[{
"type": "thumb-up",
"id": "easyToUnderstand",
"label":"Easy to understand"
},{
"type": "thumb-up",
"id": "solvedMyProblem",
"label":"Solved my problem"
},{
"type": "thumb-up",
"id": "otherUp",
"label":"Other"
}]