Android security acknowledgements

The Android Security Team would like to thank the following people and parties for helping to improve Android security. They have done this either by finding and responsibly reporting security vulnerabilities through the AOSP bug tracker Security bug report template or by committing code that has a positive impact on Android security, including code that qualifies for the Patch Rewards program.

2024

November

Researchers CVEs
5ec1cff (https://github.com/5ec1cff) and vvb2060 (https://github.com/vvb2060) of LSPosed Developers CVE-2024-43093
Alena Skliarova () CVE-2024-43083
Canyie (https://github.com/canyie) (石松洲), of Guangdong Baiyun University (广东白云学院) CVE-2024-43080, CVE-2024-43081, CVE-2024-43088, CVE-2024-43090
Aman Pandey of bugsmirrorhttps://bugsmirror.com/ CVE-2024-40661
Anonymous CVE-2024-46740
Florian Draschbacher, Secure Information Technology Center Austria (A-SIT) and Institute for Applied Information Processing and Communications (IAIK), Graz University of Technology CVE-2024-43085
Hangyu Hua CVE-2024-36978
Jeong Wook (Matt) Oh of Google CVE-2024-43091
lovepink CVE-2024-47038
Matías Hernández of Google. CVE-2024-43084
P.Howe CVE-2024-47039, CVE-2024-47040
Patrick Williams of Google CVE-2024-40660
Sergey Toshin (@bagipro) from Oversecured Inc. (https://oversecured.com/) (https://blog.oversecured.com/Discovering-vendor-specific-vulnerabilities-in-Android/) CVE-2024-34719
Yu-Cheng Lin (林禹成) (@AndroBugs) CVE-2024-43094
Yuqing Zhou of vivo kM1rr0rs secLab CVE-2024-43089
Zi Fan Tan of Google CVE-2024-29779
Zinuo Han(https://twitter.com/ele7enxxh) of OPPO Amber Security Lab CVE-2024-20104
开元米粉实力代购 CVE-2024-43086

October

Researchers CVEs
Alena Skliarova (https://www.linkedin.com/in/askliarova) CVE-2024-40674
Abhishek S (Bugwatch) (https://x.com/abhiabhi2306) CVE-2024-40672, CVE-2024-40677
Bart Van Assche of Google CVE-2024-47033
Bedran Karakoc (https://x.com/BedranKK) CVE-2024-20094
Daniel Micay at the GrapheneOS Foundation CVE-2024-44099
Dyon Goos & Marius Muench CVE-2024-44101, CVE-2024-47012
Jeong Wook (Matt) Oh of Google CVE-2024-47024, CVE-2024-47025, CVE-2024-47027, CVE-2024-47029, CVE-2024-47035
Martijn Bogaard of Google CVE-2024-47016
Maxime Rossi Bellom, Quarkslab vendor in collaboration with Google CVE-2024-47026
Mohamed GHANNAM (@_simo36) CVE-2024-44098
MXY CVE-2024-40675
nosocksinbirks CVE-2024-47034
Shengxin Xia CVE-2024-40676
Tom Hebb from Meta Red Team X Canyie (石松洲) of Guangdong Baiyun University (广东白云学院) CVE-2024-0044
wrlu CVE-2024-40673
XiLong Zhang (@Resery4) of Xiaomi CVE-2024-20090, CVE-2024-20091, CVE-2024-20092, CVE-2024-20093
Xin Zhao of Google CVE-2024-47013, CVE-2024-47017, CVE-2024-47022
Xuan Xing (Android Security Assurance Red Team) CVE-2024-47014, CVE-2024-47020, CVE-2024-47031
Zi Fan Tan of Google CVE-2024-47028

September

Researchers CVEs
Abhishek S (Bugwatch) -https://x.com/abhiabhi2306 CVE-2024-40652
Ahmed Ezzat (BitTheByte) CVE-2024-40662
Alexander Kozlov,Kaspersky ICS CERT CVE-2024-39431, CVE-2024-39432
Aman Pandey of bugsmirrorhttps://bugsmirror.com/ CVE-2024-40655, CVE-2024-40659
Billy Jheng Bing-Jhong of Starlabs CVE-2024-36972
Daniel Mentz of Google CVE-2024-44096
Daniel Micay at the GrapheneOS Foundation CVE-2024-23694, CVE-2024-32896
Edward Cunningham of Google CVE-2024-43069
Jeong Wook (Matt) Oh of Google CVE-2024-44093, CVE-2024-44094, CVE-2024-44095
Jon Bottarini of Google CVE-2024-40650
Lucian CVE-2024-43074
Manthan CVE-2024-43079
Matthew Daley CVE-2024-40656
Michał Bednarski (michalbednarski) CVE-2024-43071
Mike McTernan of Google CVE-2024-44092
Sergei Volokitin of Hexplot CVE-2024-22013
SHIHAB P M CVE-2024-43072
Sithi CVE-2024-43070
Wayne Yang of Google CVE-2024-29779
Will Coster of Google CVE-2023-40119
Xianfeng Lu and Lei Ai of OPPO Amber Security Lab CVE-2024-43068
Xiling Gong (conghuiwang) CVE-2024-33039
Xingyu Jin CVE-2023-35659, CVE-2023-35686, CVE-2024-23715, CVE-2024-23716
Yu-Cheng Lin (林禹成) (@AndroBugs) CVE-2024-40663
Zhicheng Zeng (曾志成) of OPPO Amber Security Lab CVE-2024-40678
Zinuo Han (https://twitter.com/ele7enxxh) of OPPO Amber Security Lab CVE-2024-40658
开元米粉实力代购 CVE-2024-40657, CVE-2024-43075

August

Researchers CVEs
Alice Ryhl of Google CVE-2024-34731
Andr. Ess CVE-2024-34734
Dzmitry Lukyanenka CVE-2024-34744, CVE-2024-34746
Edward Cunningham of Google CVE-2024-34736, CVE-2024-34738, CVE-2024-34745
Fish of Pangu Team CVE-2024-33027
lovepink CVE-2023-28577
Mateusz Dziura (in/mateusz-dziura-780434240) CVE-2024-34741
Michał Bednarski (michalbednarski) CVE-2024-34740
Patrick Williams of Google CVE-2024-34743
Pavel Grafov of Google CVE-2024-34742
Rui Li and Wenrui Diao, Shandong University CVE-2023-20971
SHIHAB P M CVE-2024-34739
sp1kee CVE-2024-34735
WeiMin Cheng and Qi-AnXin of Tiangong Lab CVE-2024-34737

July

Researchers CVEs
Dzmitry Lukyanenka CVE-2024-31338
Edward Cunningham of Google CVE-2024-31331, CVE-2024-34720
Imtiaz Karim and Elisa Bertino, Purdue University; Abdullah Al Ishtiaq and Syed Rafiul Hussain, Pennsylvania State University CVE-2024-34722
Shengxin Xia CVE-2024-31320, CVE-2024-34723
Tuan Dinh Hoang, CheolJun Park, Mincheol Son, Taekkyung Oh, and Yongdae Kim @ SysSec, KAIST CVE-2024-20076, CVE-2024-20077
Vova Sharaienko of Google CVE-2024-31339
Xiling Gong of Google CVE-2024-0153
Yu-Cheng Lin (林禹成) (@AndroBugs) CVE-2024-31332

June

Researchers CVEs
Canyie (石松洲) (https://github.com/canyie) of Guangdong Baiyun University (广东白云学院) CVE-2024-31318
Aapo Oksman of Juurin Oy CVE-2024-32928
Aman Pandey of bugsmirror CVE-2024-31310, CVE-2024-31315
Anonymous CVE-2024-26926
Austin Borger of Google CVE-2023-21113, CVE-2023-21114
Bedran Karakoc (https://x.com/BedranKK) CVE-2024-32923
Carlos DeLeon of Google CVE-2024-32901
Daniel Micay at the GrapheneOS Foundation CVE-2024-32896
Dy9bala(向波)(https://twitter.com/xiangbo76042504) of OPPO Amber Security Lab CVE-2024-31325
Dzmitry Lukyanenka CVE-2024-20065
Edward Cunningham of Google CVE-2024-31322
Ehsan Nourbakhsh of Google CVE-2024-31329
Gabriel K. Gegenhuber (University of Vienna), Florian Holzbauer (University of Vienna), Philipp Frenzel (SBA Research), Edgar Weippl (University of Vienna), Adrian Dabrowski (CISPA Helmholtz Center for Information Security) CVE-2024-20069
Jeong Wook (Matt) Oh of Google CVE-2024-32891, CVE-2024-32892, CVE-2024-32899, CVE-2024-32906, CVE-2024-32908, CVE-2024-32909, CVE-2024-32922
Kai Tu, Abdullah Al Ishtiaq, Syed MD Mukit Rashid, Yilu Dong, Weixuan Wang, Tianwei Wu, Syed Rafiul Hussain --- SyNSec Lab at Penn State CVE-2023-50803
Keith Mok of Google CVE-2024-31312
Kholoud Mohamed of Google CVE-2024-31326
lovepink CVE-2024-29786, CVE-2024-32895, CVE-2024-32905, CVE-2024-32913, CVE-2024-32925
Lucian of OPPO Amber Security Lab CVE-2023-21266
Marius Muench (University of Birmingham, UK) CVE-2024-32894
Mohamed GHANNAM (@_simo36) CVE-2024-29784, CVE-2024-29787, CVE-2024-32900, CVE-2024-32903, CVE-2024-32919, CVE-2024-32921
Sergei Volokitin of Hexplot CVE-2024-22013
Shengxin Xia CVE-2024-31316
Syed MD Mukit Rashid, Tianwei Wu, Abdullah Al Ishtiaq, Kai Tu, Yilu Dong, Ridwanul Hasan Tanvir, Syed Rafiul Hussain --- SyNSec Lab at Penn State; Omar Haider Chowdhury --- Stony Brook University CVE-2024-32911
Tom Hebb from Meta Red Team X CVE-2024-31317
Xin Guan of Google CVE-2024-31314
Xin Zhao of Google CVE-2024-29780, CVE-2024-32910
Xingyu Jin CVE-2024-23695, CVE-2024-23696, CVE-2024-23697, CVE-2024-23698, CVE-2024-23711
Zi Fan Tan of Google CVE-2024-29779, CVE-2024-32918

May

Researchers CVEs
Anonymous CVE-2024-0024, CVE-2024-23700, CVE-2024-23701, CVE-2024-23703, CVE-2024-23705
Billy Jheng Bing Jhong (@st424204) of STAR Labs SG Pte. Ltd CVE-2023-4622
Daniel Micay at the GrapheneOS Foundation CVE-2024-23694
Dzmitry Lukyanenka CVE-2023-40132
Levit Nudi from Kenya CVE-2024-23708
Michał Bednarski (michalbednarski) CVE-2024-23707
Pratyush More of Google CVE-2024-23706
Sithi CVE-2023-40108
Varad Gautam of Google CVE-2023-6363
XiLong Zhang (@Resery4) of Xiaomi CVE-2023-32873
Yong Wang(@ThomasKing2014) CVE-2024-32929
Zinuo Han (https://twitter.com/ele7enxxh) of OPPO Amber Security Lab CVE-2024-23709
开元米粉实力代购 CVE-2024-0025

April

Researchers CVEs
Alena Skliarova (in/askliarova) (askliarova.com) CVE-2024-0026, CVE-2024-0027, CVE-2024-23712, CVE-2024-23713
Andr. Ess CVE-2023-21267
CheolJun Park of KAIST SysSec Lab, Marc Egli (@Spittfires_) of EPFL, and KAIST of SysSec Lab CVE-2023-32890, CVE-2024-20039
Daniel Micay of the GrapheneOS Foundation CVE-2024-29745, CVE-2024-29748
Edward Cunningham of Google CVE-2024-29757
Martijn Bogaard of Google CVE-2024-27231, CVE-2024-29738, CVE-2024-29739, CVE-2024-29740, CVE-2024-29742, CVE-2024-29743, CVE-2024-29744, CVE-2024-29746, CVE-2024-29747, CVE-2024-29749, CVE-2024-29752, CVE-2024-29753, CVE-2024-29754, CVE-2024-29755, CVE-2024-29782, CVE-2024-29783
Mostafa Saleh of Google CVE-2024-29741
Sophie Hou CVE-2024-23710
Vincent Tew and Eric Su of Google CVE-2024-29756
Yu-Cheng Lin (林禹成) (@AndroBugs) CVE-2024-23704

March

Researchers CVEs
Ali Ranjbar (https://aranjbar.me/), SyNSec Lab CVE-2024-0045
ayano23th CVE-2024-25985
Bong Gyoune Kim of Google CVE-2024-27237
Dominik Maier from Google CVE-2024-27227
Dyon Goos & Marius Muench (University of Birmingham, UK) CVE-2023-50805, CVE-2023-50807
Florian Mayer of Google CVE-2024-25984
Guoqi Cui of Google CVE-2024-22005
Harrison Wu (Kun-Da Wu) of Google CVE-2023-20928
ISMAEL AMZDAKwww.facebook.com/ismail.amzdak CVE-2024-0046
Jeong Wook (Matt) of Google CVE-2024-25986, CVE-2024-27233
Kai Tu, Abdullah Al Ishtiaq, Syed MD Mukit Rashid, Yilu Dong, Weixuan Wang, Tianwei Wu, Syed Rafiul Hussain --- SyNSec Lab at Penn State CVE-2023-50804
Lennert Wouters, rqu, Thomas Roth aka stacksmashing CVE-2023-6339, CVE-2023-48424
Lucian of OPPO Amber Security Lab CVE-2024-27207
Marc Newlin of SkySafe CVE-2024-23717
Martijn Bogaard of Google CVE-2024-22006, CVE-2024-22007, CVE-2024-22008, CVE-2024-22009, CVE-2024-22010, CVE-2024-25991, CVE-2024-25992, CVE-2024-25993, CVE-2024-27204, CVE-2024-27208, CVE-2024-27210, CVE-2024-27212, CVE-2024-27218, CVE-2024-27219, CVE-2024-27220, CVE-2024-27221, CVE-2024-27226, CVE-2024-27234, CVE-2024-27235
Matt Schulte of Google CVE-2024-27224
Natalie Silvanovich of Google Project Zero CVE-2024-27228
Nolen Johnson, DirectDefense and Jan Altensen, Ray Volpe CVE-2023-48425
Red-Shield Security Lab(天翼云红盾实验室) CVE-2024-25987, CVE-2024-25990
Rubin Xu of Google CVE-2024-0047
Ryan Hall from Meta's Red Team X CVE-2024-20020
Sergei Volokitin of Hexplot CVE-2024-22004
Shufan Yang(杨书范) of Baidu AIoT Security Team CVE-2024-27236
Tomasz Lisowski & Marius Muench (University of Birmingham, UK) CVE-2023-50806, CVE-2024-27209
Wu Chen(陈武) of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. CVE-2024-0048
Xuan Xing (Android Security Assurance Red Team) CVE-2024-25989
Yu-Cheng Lin (林禹成) (@AndroBugs) CVE-2023-21234
Zinuo Han (https://twitter.com/ele7enxxh) of OPPO Amber Security Lab CVE-2024-0039, CVE-2024-0049, CVE-2024-0050, CVE-2024-0051, CVE-2024-27225

February

Researchers CVEs
7h0r CVE-2024-0032
Anonymous CVE-2023-40122, CVE-2024-0035
Carlos LIamas of Google CVE-2023-5091
Christopher Wade CVE-2024-22012
Daniel Bakker CVE-2024-0014
Evan Ryan Gunter CVE-2023-40093
Felix Oghina of Google CVE-2024-0041
Keith Mok of Google CVE-2024-0033
Lei Ai(艾磊) and Xianfeng Lu(卢先锋) of OPPO Amber Security Lab CVE-2024-0030
Matheus Eduardo Garbelini of ASSET Research Group (https://asset-group.github.io/) from Singapore University of Technology and Design (SUTD) CVE-2023-32841, CVE-2023-32842, CVE-2023-32843
Mihai-Nicolae Popa CVE-2024-0038
Rubin Xu of Google CVE-2024-0029
Shang Zewen, together with additional information: Asset Research Group, Singapore University of Technology and Design CVE-2024-20003
Shufan Yang(杨书范) of Baidu AIoT Security Team CVE-2023-49667, CVE-2023-49668
Zi Fan Tan of Google CVE-2023-5249
Zinuo Han (https://twitter.com/ele7enxxh) of OPPO Amber Security Lab CVE-2023-33077, CVE-2024-0031
Zinuo Han(https://twitter.com/ele7enxxh) of OPPO Amber Security Lab CVE-2024-20007, CVE-2024-20009, CVE-2024-20011
开元米粉实力代购 CVE-2024-0037

January

Researchers CVEs
Daniel Komaromy (@kutyacica) of Taszk Security Labs CVE-2023-32874
Jeong Wook (Matt) of Google CVE-2024-0016
Necip Fazil Yildiran of Google CVE-2023-33094, CVE-2023-33108
Sergey Toshin (@bagipro) from Oversecured Inc. (https://oversecured.com/) (https://blog.oversecured.com/Discovering-vendor-specific-vulnerabilities-in-Android/) CVE-2024-0017
Stefan Toman of Google CVE-2023-21245
TerrorBlade and Xianfeng Lu of OPPO Amber Security Lab CVE-2024-0019
XiLong Zhang (@Resery4) of Xiaomi CVE-2023-32872
Xingyu Jin CVE-2023-21165
Zinuo Han (https://twitter.com/ele7enxxh) of OPPO Amber Security Lab CVE-2023-40085, CVE-2024-0023
Zinuo Han(https://twitter.com/ele7enxxh) of OPPO Amber Security Lab CVE-2023-48340, CVE-2023-48341, CVE-2023-48342, CVE-2023-48343, CVE-2023-48344, CVE-2023-48348, CVE-2023-48349, CVE-2023-48350, CVE-2023-48351, CVE-2023-48352

Additional contributions

We would also like to acknowledge the contributions of the following individuals to Android security:

  • flawedworld

2023

Note: Starting in 2018 and continuing in 2023, the security acknowledgements are listed by month. In prior years, acknowledgements were listed together.

December

Researchers CVEs
Marc Newlin (https://twitter.com/marcnewlin) of SkySafe and Xiao Yu of Xiaomi CVE-2023-45866
Alex Li of Google CVE-2023-48407
Aman Pandey of bugsmirror CVE-2023-40079
Atneya Nair of Google CVE-2023-40096
Benoît Sevens of Google's Threat Analysis Group and Jann Horn of Google Project Zero CVE-2023-33107
CheolJun Park of KAIST SysSec Lab, Marc Egli (@Spittfires_) of EPFL & KAIST SysSec Lab CVE-2023-37366
Diego Zavala of Google CVE-2023-40076
jiayy CVE-2022-48456, CVE-2022-48461
Guile Chao using MTE CVE-2023-48420
Jann Horn of Google Project Zero CVE-2023-4272
Jeong Wook (Matt) Oh of Google CVE-2023-40078, CVE-2023-40087, CVE-2023-40090, CVE-2023-48402
Joel Voss of Google CVE-2023-48406
Lewei Qu(曲乐炜) CVE-2022-48454, CVE-2022-48455, CVE-2022-48457, CVE-2022-48458, CVE-2022-48459
lovepink CVE-2023-22383, CVE-2023-48412
Kiwan Ko, Eunsoo Kim, and Sangsup Lee CVE-2023-33063
Marcel Busch (@0ddc0de) and Philipp Mao of EPFL CVE-2023-32848
Matthew Daley CVE-2023-40094
Michał Bednarski (michalbednarski) CVE-2023-45777
Mitch Phillips using GWP-ASan CVE-2023-40103
Pierre-Clément Tosi of Google CVE-2023-40082
Sithi CVE-2023-40075
Suhyung Park of Google CVE-2023-40089
Syzbot CVE-2023-48414
Tom Hebb from Meta Red Team X CVE-2023-45779
Xianfeng Lu(卢先锋) and Lei Ai(艾磊) of OPPO Amber Security Lab CVE-2023-45781
Xianfeng Lu(卢先锋) and Yu Qin(秦彧) of OPPO Amber Security Lab CVE-2023-40083
Xiling Gong of Google CVE-2023-48409
Xin Zhao of Google CVE-2023-48421
Xingyu Jin CVE-2023-21162, CVE-2023-21163, CVE-2023-21164, CVE-2023-21166, CVE-2023-21215, CVE-2023-21216, CVE-2023-21217, CVE-2023-21218, CVE-2023-21227, CVE-2023-21228, CVE-2023-21263, CVE-2023-21401, CVE-2023-21402, CVE-2023-21403, CVE-2023-35690
Yuxiu Zhang (张玉秀) from MultiMedia Engineering Dept. of MediaTek (Beijing) Inc. CVE-2023-40077
Zhongquan Li @ ADLab of VenusTech and XiLong Zhang (@Resery4) of Xiaomi CVE-2023-32818
Zinuo Han (https://twitter.com/ele7enxxh) of OPPO Amber Security Lab CVE-2023-21634, CVE-2023-40080, CVE-2023-45773
Zinuo Han(https://twitter.com/ele7enxxh) of OPPO Amber Security Lab CVE-2023-32847, CVE-2023-32850, CVE-2023-32851
开元米粉实力代购 CVE-2023-35668, CVE-2023-40092, CVE-2023-40095

November

Researchers CVEs
Marcel Busch (@0ddc0de) and Philipp Mao of EPFL CVE-2023-32834, CVE-2023-32835
Matthew Daley CVE-2023-40105
Miguel Aranda CVE-2023-40104
Pawan Wagh CVE-2023-40115
Seth Jenkins @ Google Project Zero CVE-2023-32832
Sithi CVE-2023-21103, CVE-2023-21111
Stephan Zeisberg (@stze) ofSecurity Research Labs CVE-2023-40112
Zinuo Han(https://twitter.com/ele7enxxh) of OPPO Amber Security Lab CVE-2023-28570
开元米粉实力代购 CVE-2023-40109

October

Researchers CVEs
@agnostic-apollo CVE-2023-21309, CVE-2023-40101
Alena Skliarova (/In/askliarova) CVE-2023-21252, CVE-2023-21348, CVE-2023-21350
Alexander Yukhanov of Google CVE-2021-39810
Aman Pandey of bugsmirror CVE-2022-20264, CVE-2022-20531, CVE-2023-21293, CVE-2023-21294, CVE-2023-21295, CVE-2023-21296, CVE-2023-21298, CVE-2023-21299, CVE-2023-21300, CVE-2023-21301, CVE-2023-21303, CVE-2023-21304, CVE-2023-21305, CVE-2023-21306, CVE-2023-21316, CVE-2023-21317, CVE-2023-21318, CVE-2023-21319, CVE-2023-21320, CVE-2023-21321, CVE-2023-21324, CVE-2023-21327, CVE-2023-21328, CVE-2023-21329, CVE-2023-21331, CVE-2023-21332, CVE-2023-21333, CVE-2023-21334, CVE-2023-21335, CVE-2023-21336, CVE-2023-21337, CVE-2023-21338, CVE-2023-21344, CVE-2023-21345, CVE-2023-21346, CVE-2023-21376, CVE-2023-21378, CVE-2023-21391
Andrey Artemiev of Google CVE-2023-35660
Antonio Ruggia and Simone Aonzo CVE-2023-21377
Apple Security Engineering and Architecture (SEAR) and The Citizen Lab at The University of Torontoʼs Munk School CVE-2023-4863
Azhara Assanova of Google CVE-2023-21341
Bram Bonné of Google CVE-2023-21297
Bubb1e CVE-2023-21253
David Chiang CVE-2023-3781
Dileep Peethani of Google CVE-2023-35655
Eric Wei and Elijah Bowman of Accenture CVE-2023-40117
H3C GuanYu Team ZhongQing Jiang, WenMing Jiang CVE-2023-21372
Florian Draschbacher, Secure Information Technology Center Austria (A-SIT) and Institute for Applied Information Processing and Communications (IAIK), Graz University of Technology CVE-2023-21387
Gulshan Singh of Google CVE-2023-21310, CVE-2023-21380
Ha Lo CVE-2023-40120
Honor Cyber Security Lab(HCSL) CVE-2023-21358
hsia.angsh CVE-2023-21325, CVE-2023-21330
Jeong Wook Oh of Google CVE-2023-40129
Jeong Wook Oh of Google CVE-2023-35681
Jiachen Shao of Xiaomi ShadowBlade Security Lab CVE-2023-40127
Jianliang Wu of PurSec Lab at Purdue University CVE-2023-21307
JunjiSu (CoinIsMoney) CVE-2023-21362
Lei Ai(艾磊) and Xianfeng Lu(卢先锋) of OPPO Amber Security Lab CVE-2023-21347, CVE-2023-21395
Lewei Qu (曲乐炜) CVE-2023-40638
Lucian and Johnson of OPPO Amber Security Lab CVE-2023-21326
Lucian of OPPO Amber Security Lab CVE-2023-21266
Lucian of OPPO Amber Security Lab CVE-2023-21302, CVE-2023-21349, CVE-2023-21354, CVE-2023-21369
Miao Hu and Yufei Liu of KeenLab (@keen_lab), Tencent CVE-2023-21340
Michał Bednarski (michalbednarski) CVE-2023-21398
Mohammed Anwarullah of Google CVE-2023-21381
Nevv and SunQing CVE-2023-20819
Maddie Stone of Google's Threat Analysis Group and Jann Horn of Google Project Zero CVE-2023-4211
QQQ and Huinian Yang (@vmth6) of OPPO Amber Security Lab CVE-2023-40141
Rafał Prymus of Ergonode CVE-2023-21313
Ronak CVE-2023-35653
Sergey Toshin (@bagipro) from Oversecured Inc. (https://blog.oversecured.com/Discovering-vendor-specific-vulnerabilities-in-Android/) CVE-2023-21383
Seth Jenkins of Google Project Zero CVE-2023-35645
SHIHAB P M CVE-2023-40142
Sithi CVE-2023-40125
Vladyslav Kotko CVE-2023-21382
WeiMin Cheng (@Qi-AnXin) of Tiangong Lab CVE-2023-40116
wrlu CVE-2023-40130
Xianfeng Lu (卢先锋) and Lei Ai (艾磊) of OPPO Amber Security Lab CVE-2023-21315, CVE-2023-21359
Xianfeng Lu (卢先锋) and Yu Qin (秦彧) of OPPO Amber Security Lab CVE-2023-21357
XiLong Zhang (@Resery4) of Xiaomi CVE-2023-32819
Xuan Xing (Android Security Assurance Red Team) CVE-2023-21356, CVE-2023-21366, CVE-2023-21367
Yifei Xie CVE-2023-32820
Yu-Cheng Lin (林禹成) (@AndroBugs) CVE-2023-21373, CVE-2023-21388, CVE-2023-21390, CVE-2023-21393
Zinuo Han (https://twitter.com/ele7enxxh) of OPPO Amber Security Lab CVE-2022-40524, CVE-2023-21636, CVE-2023-21360, CVE-2023-21644, CVE-2023-21654, CVE-2023-21655, CVE-2023-21663
余尘炬 CVE-2023-21339
开元米粉实力代购 CVE-2023-40123
开元米粉实力代购 CVE-2023-21312

September

Researchers CVEs
Wester0x01 (https://x.com/wester0x01) CVE-2023-21364, CVE-2023-21365
Zinuo Han (https://x.com/ele7enxxh) of OPPO Amber Security Lab CVE-2023-21308, CVE-2023-21371, CVE-2023-21370, CVE-2023-35664
Tiziano Marra CVE-2023-35671
hluwa of iJiami Technology Co. Ltd CVE-2023-35676
Hongjian Cao of Ant Security Frontage Lab CVE-2023-33019, CVE-2023-28584
Hui Peng of Google CVE-2023-35684
Jeong Wook Oh of Google CVE-2023-35673
Joshua Steiner CVE-2023-35677
Peter Park (peterpark) CVE-2023-28573
Sithi CVE-2023-35665, CVE-2023-35680
Xuan Xing (Android Security Assurance Red Team) CVE-2023-35658

August

Researchers CVEs
Alexander Yukhanov of Google CVE-2023-35689
Andr. Ess CVE-2023-21267
Bob Beck of Google CVE-2023-21242
Christopher Menon (https://www.linkedin.com/in/christopher-menon/) CVE-2023-21235
Edward Cunningham of Google CVE-2023-21278
Hai Zhang of Google CVE-2023-21270
Ka Lok Wu and Sze Yiu Chau of The Chinese University of Hong Kong CVE-2023-20965
lovepink CVE-2023-21276
Matías Hernández of Google. CVE-2023-21277
Sergey Toshin (@bagipro) from Oversecured Inc. (https://oversecured.com/) (https://blog.oversecured.com/Discovering-vendor-specific-vulnerabilities-in-Android/) CVE-2023-21292
Shreya Singh of Google CVE-2023-21275
WeiMin Cheng@Qi-AnXin Tiangong Lab CVE-2023-21269
Will Deacon of Google CVE-2023-21264
Wu Chen(陈武) of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. CVE-2023-21282
XiLong Zhang(@Resery4) of Xiaomi security technology group CVE-2023-20780
Xuan Xing (Android Security Assurance Red Team) CVE-2023-21273
Necip Fazil Yildiran of Google CVE-2023-21232
Yu-Cheng Lin (林禹成) (@AndroBugs) CVE-2023-21230, CVE-2023-21231, CVE-2023-21234, CVE-2023-21281
Zinuo Han (https://twitter.com/ele7enxxh) of OPPO Amber Security Lab CVE-2023-21627
Zinuo Han (https://twitter.com/ele7enxxh) of OPPO Amber Security Lab CVE-2023-21271, CVE-2023-21274
Zinuo Han(https://twitter.com/ele7enxxh) of OPPO Amber Security Lab CVE-2023-21647, CVE-2023-21649, CVE-2023-21650, CVE-2023-28555
开元米粉实力代购 CVE-2023-21280

July

Researchers CVEs
Akshay Saini CVE-2023-21262
Alena Skliarova (/In/askliarova) CVE-2023-21240, CVE-2023-21243
Alexander Yukhanov of Google and  Aman Pandey of bugsmirror CVE-2023-21249
Bedran Karakoc CVE-2023-21631
Bo Zhang (张波) of Bytedance Wuheng Lab CVE-2023-20918
Bob Zamani of Google CVE-2023-20942
Christopher Menon CVE-2023-21235
Evan Severson of Google CVE-2023-21254
Guangshuai Xia CVE-2023-21624
heidada CVE-2023-24851
Jon Rhodes CVE-2023-21257
Leon Scroggins of Google CVE-2023-2136
Sergei Volokitin CVE-2023-20754
Sithi CVE-2023-21087
Stefan Toman of Google CVE-2023-21245
Xianfeng Lu(卢先锋) and Lei Ai(艾磊) of OPPO Amber Security Lab CVE-2023-21641
XiLong Zhang (张熙隆) of Xiaomi security technology group CVE-2023-20755
Yu-Cheng Lin (林禹成) (@AndroBugs) CVE-2023-21230, CVE-2023-21231, CVE-2023-21234
Zinuo Han (ele7enxxh) CVE-2023-21638
Zinuo Han(https://twitter.com/ele7enxxh) of OPPO Amber Security Lab CVE-2023-21241, CVE-2023-35694
Zinuo Han(weibo.com/ele7enxxh) of OPPO Amber Security Lab CVE-2023-21639, CVE-2023-21640

June

Researchers CVEs
Adrian Roos of Google CVE-2023-21177
Alena Skliarova (/In/askliarova) CVE-2023-21143
Alpha Lab CVE-2023-21236
Aman Pandey of bugsmirror CVE-2023-21185, CVE-2023-21192
Andrey Artemiev of Google CVE-2023-21146, CVE-2023-21147
Bedran Karakoc CVE-2022-39901
Benedict Wong of Google CVE-2023-21184
Binarly efiXplorer Team CVE-2022-40516, CVE-2022-40517, CVE-2022-40520
CheolJun Park @ KAIST Syssec CVE-2022-40536
CheolJun Park @ SysSec Lab, KAIST CVE-2022-40521
Conghui Wang (conghuiwang) CVE-2023-21656, CVE-2023-21669
Dileep Peethani of Google CVE-2023-21201
Edward Cunningham of Google CVE-2023-21183
Eric Biggers of Google CVE-2023-21178
jiayy CVE-2022-33303, CVE-2022-48438
Hai Shalom of Google CVE-2023-21027, CVE-2023-21179
Hao Ke (柯昊) of Google Android Malware Research CVE-2023-21121
Isaac Tackett CVE-2023-21187
Jann Horn of Google Project Zero CVE-2023-21670
Joel Voss of Google CVE-2023-21222
Julia Reynolds of Google CVE-2023-21191
Keith Mok of Google CVE-2023-21115
Kevin Sentosa of Google CVE-2023-21219, CVE-2023-21220
Kyle Cai of Google CVE-2023-21189
Lei Ai(艾磊) and Xianfeng Lu(卢先锋) of OPPO Amber Security Lab CVE-2023-20973, CVE-2023-20977, CVE-2023-20980, CVE-2023-20982, CVE-2023-20986, CVE-2023-20990, CVE-2023-20992, CVE-2023-21196, CVE-2023-21200, CVE-2023-21202
Lewei Qu(曲乐炜) CVE-2022-48390, CVE-2022-48391, CVE-2022-48392
Li Li of Google CVE-2023-21237
Mitch Phillips using GWP-ASan CVE-2023-21152
Mohammed Anwarullah of Google CVE-2023-21031, CVE-2023-21188
Pavan Chavali of Google CVE-2023-21128, CVE-2023-21225
Peter Park (peterpark) CVE-2022-33264
Pratheesh P Narayanan CVE-2023-21144
QQQ and Huinian Yang (@vmth6) of OPPO Amber Security Lab CVE-2023-21151
Ray Essick of Google CVE-2023-21127
Rui Li and Wenrui Diao, Shandong University CVE-2023-20971
Sithi CVE-2023-21105
stardesty of HSSL CVE-2023-21108
videosdebarraquito CVE-2023-21095
Wu Chen(陈武) of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. CVE-2023-21130, CVE-2023-21194
Xianfeng Lu (卢先锋) and Lei Ai (艾磊) of OPPO Amber Security Lab CVE-2023-20972, CVE-2023-20974, CVE-2023-20981, CVE-2023-20983, CVE-2023-20987, CVE-2023-20988, CVE-2023-20989, CVE-2023-20991, CVE-2023-21174, CVE-2023-21181, CVE-2023-21197, CVE-2023-21199
Xingyu Jin of Google CVE-2021-0701, CVE-2021-0945
Yu-Cheng Lin (林禹成) (@AndroBugs) CVE-2023-21122, CVE-2023-21123, CVE-2023-21141, CVE-2023-21142, CVE-2023-21149, CVE-2023-21172, CVE-2023-21173, CVE-2023-21175
Zinuo Han (https://twitter.com/ele7enxxh) of OPPO Amber Security Lab CVE-2023-20968, CVE-2023-20979, CVE-2023-20984, CVE-2023-20985, CVE-2023-21120, CVE-2023-21148, CVE-2023-21150, CVE-2023-21153, CVE-2023-21154, CVE-2023-21155, CVE-2023-21156, CVE-2023-21157, CVE-2023-21158, CVE-2023-21159, CVE-2023-21160, CVE-2023-21161, CVE-2023-21169, CVE-2023-21170, CVE-2023-21182, CVE-2023-21195, CVE-2023-21198, CVE-2023-21203, CVE-2023-21204, CVE-2023-21205, CVE-2023-21206, CVE-2023-21207, CVE-2023-21208, CVE-2023-21209, CVE-2023-21210, CVE-2023-21211, CVE-2023-21212, CVE-2023-21213, CVE-2023-21214
Zinuo Han(weibo.com/ele7enxxh) of OPPO Amber Security Lab CVE-2022-33224, CVE-2022-33226, CVE-2022-33227, CVE-2022-33230, CVE-2022-33240, CVE-2022-33263, CVE-2023-21101
开元米粉实力代购 CVE-2023-21126, CVE-2023-21131, CVE-2023-21138, CVE-2023-21139

May

Researchers CVEs
Ahmed Ezzat (BitTheByte) CVE-2022-20338
Ard Biesheuvel of Google CVE-2023-21102
Bernardo Rufino CVE-2022-20444
bugreporterca@gmail.com CVE-2022-46396
Dimitrios Valsamarasof Microsoft CVE-2021-39617
jiayy CVE-2022-47469, CVE-2022-47470, CVE-2022-47486, CVE-2022-47488
Jann Horn of Google Project Zero CVE-2023-21665, CVE-2023-21666
Jun Cen (nuaacenjun@126.com) CVE-2022-33281
Lewei Qu(曲乐炜) CVE-2022-47487
Michał Bednarski (michalbednarski) CVE-2023-21104
Mugdha Lakhani of Google CVE-2023-21117
Ryan Hall and Nik Tsytsarkin from Meta's Red Team X CVE-2023-20694, CVE-2023-20695, CVE-2023-20696
Ryan Johnson and Mohamed Elsabagh of Quokka CVE-2023-20726
Sithi CVE-2023-20930, CVE-2023-21103, CVE-2023-21107, CVE-2023-21111
Xingyu Jin of Google CVE-2021-0877
Zinuo Han(https://twitter.com/ele7enxxh) of OPPO Amber Security Lab CVE-2023-21112
Zinuo Han(weibo.com/ele7enxxh) of OPPO Amber Security Lab CVE-2023-26085

April

Researchers CVEs
Aman Pandey of bugsmirror CVE-2023-21083
Chavi Weingarten of Google CVE-2023-21094
Lewei Qu(曲乐炜) CVE-2022-47335, CVE-2022-47336, CVE-2022-47337, CVE-2022-47338
Lucian of OPPO Amber Security Lab CVE-2023-20655
Michał Bednarski (michalbednarski) CVE-2023-21092, CVE-2023-21098
Mitch Phillips using GWP-ASan CVE-2023-21096
Sergei Volokitin CVE-2022-32599
Shikha Panwar of Google CVE-2023-21084
Sithi CVE-2023-21082, CVE-2023-21087, CVE-2023-21091
Szymon Heidrich CVE-2023-20941
Wu Chen of OPPO Amber Security Lab CVE-2022-40503
Xianfeng Lu(卢先锋) and Yu Qin(秦彧) of OPPO Amber Security Lab CVE-2022-20463
Xingyu Jin of Google CVE-2021-0872, CVE-2021-0873, CVE-2021-0874, CVE-2021-0875, CVE-2021-0876, CVE-2021-0878, CVE-2021-0879, CVE-2021-0880, CVE-2021-0881, CVE-2021-0882, CVE-2021-0883, CVE-2021-0884, CVE-2021-0885
Yu Qin(秦彧) and Xianfeng Lu(卢先锋) of OPPO Amber Security Lab CVE-2022-20471
Zhongquan Li @ ADLab of VenusTech CVE-2023-20652, CVE-2023-20653, CVE-2023-20654
Zinuo Han (https://twitter.com/ele7enxxh) of OPPO Amber Security Lab CVE-2023-20935, CVE-2023-20967, CVE-2023-21080, CVE-2023-21085
Zinuo Han(weibo.com/ele7enxxh) of OPPO Amber Security Lab CVE-2022-33301

March

Researchers CVEs
Abhisek R, OWASP SASTRA University lead [https://twitter.com/abh1sek_r],[https://www.linkedin.com/in/abhisek-r] CVE-2023-21035
Aman Pandey of bugsmirror CVE-2023-21029
Amit Nama from Android Real Time Stability Insights (RTSI) CVE-2023-21000
Andrey Artemiev of Google CVE-2023-21042, CVE-2023-21043
Authors: Boyuan Yang, Ruirong Chen, Kai Huang, Jun Yang, Wei Gao Affiliation: Department of Electrical and Computer Engineering, University of Pittsburgh CVE-2022-22075
Binarly efiXplorer Team CVE-2022-40516, CVE-2022-40517, CVE-2022-40518, CVE-2022-40519, CVE-2022-40520
David Guzak CVE-2023-20995
Dimitrios Valsamarasof Microsoft CVE-2023-20906
Domien Schepers CVE-2023-21061
Dominik Röttsches of Google CVE-2023-20958
Edward Cunningham of Google CVE-2023-20917
Elena Petrova of Google CVE-2023-20954
Frederick Mayle of Google CVE-2023-21030
gzobqq@gmail.com CVE-2023-21065
Hao Zhou, Xiapu Luo from the Hong Kong Polytechnique University, Haoyu Wang from the Huazhong University of Science and Technology, Haipeng Cai from the Washington State University, and Yajin Zhou from the Zhejiang University CVE-2023-21017
hhjack (hhj4ck) CVE-2022-33260
Hongli Han(@hexb1n) and Guang Gong(@oldfresher) of 360 Alpha Lab CVE-2023-21020
Isaac Manjarres of Google CVE-2023-21045, CVE-2023-21051
Jeong Wook Oh of Google CVE-2022-42528
Jérémy BRETON of @thalium_team CVE-2023-20947
Keiichi Watanabe of Google CVE-2022-4452
Le Wu (吴乐) of Baidu Security CVE-2023-20623
Le Wu(吴乐) of Baidu Security CVE-2022-25712
Lee George Thomas of Google CVE-2023-21048
Lewei Qu(曲乐炜) CVE-2022-47460, CVE-2022-47461, CVE-2022-47462
lovepink CVE-2023-21056, CVE-2023-21069, CVE-2023-21070, CVE-2023-21071, CVE-2023-21072, CVE-2023-21073, CVE-2023-21077, CVE-2023-21078, CVE-2023-21079
Michał Bednarski (michalbednarski) CVE-2023-20964
Mohammed Anwarullah of Google CVE-2023-21018, CVE-2023-21022
Nan Wu of Google CVE-2023-20960
Peter Park (peterpark) CVE-2022-25694, CVE-2022-25705, CVE-2022-25709, CVE-2022-33213
Prabir Pradhan of Google CVE-2023-21026
Sergey Toshin (@bagipro) of Oversecured Inc. CVE-2023-20963, CVE-2023-21024
SHIHAB P M CVE-2023-20926, CVE-2023-20953
Shufan Yang(杨书范) of Baidu AIoT Security Team CVE-2023-21055
Simon Aarons CVE-2023-21036
Wu Chen(陈武) of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. CVE-2023-20951
Xianfeng Lu(卢先锋) and Lei Ai(艾磊) of OPPO Amber Security Lab CVE-2023-20987
Xianfeng Lu(卢先锋) and Yu Qin(秦彧) of OPPO Amber Security Lab CVE-2023-21034
Xie Yifei CVE-2022-47459
Yifei Xie CVE-2022-33245
Yu-Cheng Lin (林禹成) (@AndroBugs) CVE-2023-20929
Zinuo Han(https://twitter.com/ele7enxxh) of OPPO Amber Security Lab CVE-2022-20542, CVE-2022-40537, CVE-2022-42500, CVE-2023-20931, CVE-2023-20936, CVE-2023-20956, CVE-2023-20969, CVE-2023-20970, CVE-2023-20994, CVE-2023-21006, CVE-2023-21007, CVE-2023-21008, CVE-2023-21009, CVE-2023-21010, CVE-2023-21011, CVE-2023-21012, CVE-2023-21013, CVE-2023-21014, CVE-2023-21039, CVE-2023-21040, CVE-2023-21044, CVE-2023-21046, CVE-2023-21047, CVE-2023-21049, CVE-2023-21050, CVE-2023-21052, CVE-2023-21062, CVE-2023-21063, CVE-2023-21064, CVE-2023-21075, CVE-2023-21076

February

Researchers CVEs
Dmitry Myachin CVE-2022-20551
jiayy CVE-2022-47331
Hongguang Chen and Devin Moore of Google CVE-2023-20940
Isaac Manjarres of Google CVE-2023-20949
Jann Horn of Google Project Zero CVE-2023-20937
Le Wu of Baidu Security CVE-2022-33225
Lewei Qu(曲乐炜) CVE-2022-47339
Mayank Garg of Google CVE-2023-20927
Michał Bednarski (michalbednarski) CVE-2023-20944
Mohammed Anwarullah of Google CVE-2023-20939
Pengfei Ding (丁鹏飞) CVE-2022-25711
Peter Park CVE-2022-33233
Peter Park (peterpark) CVE-2022-33248
Sergej Salnikov of Google CVE-2023-20934
Shufan Yang(杨书范) of Baidu AIoT Security Team CVE-2023-20602
Sithi CVE-2023-20932
Xianfeng Lu(卢先锋) and Lei Ai(艾磊) of OPPO Amber Security Lab CVE-2022-20481
Zi Fan Tan of Google CVE-2023-20938
Zinuo Han (https://twitter.com/ele7enxxh) of OPPO Amber Security Lab CVE-2023-20945, CVE-2023-20948

January

Researchers CVEs
jiayy CVE-2022-22079, CVE-2022-44425, CVE-2022-44426
Jann Horn of Google Project Zero CVE-2023-20928
Karan Lalwani CVE-2023-20921
Le Wu of Baidu Security CVE-2022-25722
Lewei Qu(曲乐炜) CVE-2022-44434, CVE-2022-44435, CVE-2022-44436, CVE-2022-44437, CVE-2022-44438
Michał Bednarski (michalbednarski) CVE-2023-20904
Mitch Phillips using HWASan CVE-2023-20920
Mohammed Anwarullah of Google CVE-2023-20925
Muhammad Hasan Khan of Google CVE-2023-20919
nicolas (nicolas1993) CVE-2022-25715, CVE-2022-25717, CVE-2022-25721
Sithi CVE-2022-20494, CVE-2023-20912, CVE-2023-20913, CVE-2023-20915
wrlu CVE-2023-20923
Xianfeng Lu(卢先锋) and Lei Ai(艾磊) of OPPO Amber Security Lab CVE-2023-20905
Xie Yifei CVE-2022-44427, CVE-2022-44428, CVE-2022-44429, CVE-2022-44430, CVE-2022-44431, CVE-2022-44432
Xingyu Jin of Google CVE-2022-20235
Yu-Cheng Lin (林禹成) (@AndroBugs) CVE-2022-20213, CVE-2022-20214, CVE-2022-20215, CVE-2022-20458
Zhongquan Li @ ADLab of VenusTech CVE-2022-32637
Zinuo Han(@ele7enxxh) of OPPO Amber Security Lab CVE-2022-20461, CVE-2022-32635, CVE-2022-33255

Additional contributions

We would also like to acknowledge the contributions of the following individuals to Android security:

2022

Note: Starting in 2018 and continuing in 2022, the security acknowledgements are listed by month. In prior years, acknowledgements were listed together.

December

Researchers CVEs
Aman Pandey of bugsmirror CVE-2022-20510, CVE-2022-20511, CVE-2022-20525, CVE-2022-20535, CVE-2022-20538
Andrey Artemiev of Google CVE-2022-20581, CVE-2022-20600
Ben CVE-2022-20543
Bo Zhang (张波) of Bytedance Wuheng Lab CVE-2021-39795
David McGregor, UL CVE-2022-20199
Edward Cunningham of Google CVE-2022-20475, CVE-2022-20512
Florian Mayer of Google CVE-2022-20523
jiayy CVE-2022-39106, CVE-2022-39129, CVE-2022-39130, CVE-2022-39131, CVE-2022-39132, CVE-2022-39133, CVE-2022-39134, CVE-2022-42755, CVE-2022-42756, CVE-2022-42770, CVE-2022-42771, CVE-2022-42772
Hongli Han(@hexb1n) and Guang Gong(@oldfresher) of 360 Alpha Lab CVE-2022-20514, CVE-2022-20540
Jeong Wook Oh of Google CVE-2022-20582, CVE-2022-20583, CVE-2022-20584, CVE-2022-20585, CVE-2022-20586, CVE-2022-20587, CVE-2022-20588, CVE-2022-20589, CVE-2022-20590, CVE-2022-20591, CVE-2022-20592, CVE-2022-20597, CVE-2022-20598, CVE-2022-20599, CVE-2022-42531, CVE-2022-42532, CVE-2022-42534
Keith Mok of Google CVE-2022-20483
Kevin Kou of Google CVE-2022-20477
Lewei Qu(曲乐炜) of Baidu AIoT Security Team CVE-2022-42754
Lucian of OPPO Amber Security Lab CVE-2022-20559
Manjeet Rulhania of Google CVE-2022-20495
Matheus Eduardo Garbelini CVE-2021-30348
Michał Bednarski (michalbednarski) CVE-2022-20474
Mike McTernan of Google CVE-2022-42543
Mitch Phillips using HWASan CVE-2022-20561
Mohammed Anwarullah of Google CVE-2022-20548
Peter Park (peterpark) CVE-2022-25682, CVE-2022-25695
Phil Burk of Google CVE-2022-20562
Pratheesh P Narayanan CVE-2022-20124
RA Position at CactiLab (https://cactilab.github.io/) of University at Buffalo CVE-2022-20520
Wester0x01 (@wester0x01) CVE-2022-20544
Seonung Jang(@IFdLRx4At1WFm74) of STEALIEN CVE-2022-25677
Sergei Volokitin CVE-2022-32594, CVE-2022-32596, CVE-2022-32597, CVE-2022-32598
SHIHAB P M CVE-2022-20611
Sithi CVE-2022-20501
stardesty of HSSL CVE-2022-20411, CVE-2022-20469
Steve Thomas (@Sc00bzT) CVE-2022-20497
su4do4 CVE-2022-20568
Syed Rafiul Hussain, Abdullah Al Ishtiaq, Penn State; Imtiaz Karim, Elisa Bertino, Purdue; Omar Chowdhury, University of Iowa CVE-2022-25685
System and Software Security Lab in Fudan University CVE-2021-0934
Timur Mikhaylin CVE-2022-20529
Tomasz Kuchta CVE-2022-20569
William Escande of Google CVE-2022-20547
Xin Zhao of Google CVE-2022-20574, CVE-2022-20575
Xingyu Jin of Google CVE-2021-39660
Xuan Xing (Android Security Assurance Red Team) CVE-2020-0465, CVE-2022-42529, CVE-2022-42530
Yu-Cheng Lin (林禹成) (@AndroBugs) CVE-2022-20504, CVE-2022-20536, CVE-2022-20558
Zinuo Han(https://twitter.com/ele7enxxh) of OPPO Amber Security Lab CVE-2022-20468, CVE-2022-20509, CVE-2022-20513, CVE-2022-20516, CVE-2022-20521, CVE-2022-20526, CVE-2022-20527, CVE-2022-20539, CVE-2022-20541, CVE-2022-20546, CVE-2022-20549, CVE-2022-20552, CVE-2022-20557, CVE-2022-20576, CVE-2022-20577, CVE-2022-20578, CVE-2022-20579, CVE-2022-20593, CVE-2022-20594, CVE-2022-20595, CVE-2022-20596, CVE-2022-42501, CVE-2022-42502, CVE-2022-42503, CVE-2022-42504, CVE-2022-42505, CVE-2022-42506, CVE-2022-42507, CVE-2022-42508, CVE-2022-42509, CVE-2022-42510, CVE-2022-42511, CVE-2022-42512, CVE-2022-42513, CVE-2022-42514, CVE-2022-42515, CVE-2022-42516, CVE-2022-42517, CVE-2022-42518, CVE-2022-42519, CVE-2022-42520, CVE-2022-42521, CVE-2022-42522, CVE-2022-42523, CVE-2022-42525, CVE-2022-42526, CVE-2022-42542

November

Researchers CVEs
Ahaan Ugale of Google CVE-2022-20446
Aman Pandey of bugsmirror CVE-2022-20451
Arash Tohidi (h4ul4) CVE-2021-35132
Edward Cunningham of Google CVE-2022-20441
jiayy CVE-2022-2984, CVE-2022-38672, CVE-2022-38673, CVE-2022-38676, CVE-2022-38690, CVE-2022-39105
gzobqq@gmail.com CVE-2022-20427, CVE-2022-20428, CVE-2022-20454, CVE-2022-20459, CVE-2022-20460
Hai Zhang of Google CVE-2022-20450
Karol Wrótniak - Droids On Roids CVE-2022-20448
Le Wu of Baidu Security CVE-2022-25676, CVE-2022-25743
Lewei Qu(曲乐炜) of Baidu AIoT Security Team CVE-2022-2985, CVE-2022-38669, CVE-2022-38670
Michał Bednarski (michalbednarski) CVE-2022-20452
Sylvester Yao (姚圣禹, blog.ysy950803.top) CVE-2022-20414
Xingyu Jin CVE-2021-1050
Xingyu Jin of Google CVE-2021-39661
Zhicheng Zeng (曾志成) of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. CVE-2022-25679, CVE-2022-32601
Zhongquan Li @ ADLab of VenusTech CVE-2022-32602
Zinuo Han(https://twitter.com/ele7enxxh) of OPPO Amber Security Lab CVE-2022-20445, CVE-2022-20447, CVE-2022-20462, CVE-2022-2209, CVE-2022-42533

October

Researchers CVEs
Amit Nama from Android Real Time Stability Insights (RTSI) CVE-2022-20397
anonymous CVE-2021-39758
C_C CVE-2022-20351
chen gengjia CVE-2022-33217
Edward Cunningham of Google CVE-2022-20394
jiayy CVE-2022-22078
gzobqq@gmail.com CVE-2022-20421
Hao Ke (柯昊) of Google Android Malware Research CVE-2022-20415
Hongli Han (@hexb1n) and Mingjian Zhou (周明建) (@Mingjian_Zhou) ofC0RE Team CVE-2021-39624
Jiabin Huang of Google CVE-2022-20413, CVE-2022-20464
Jianliang Wu of PurSec Lab at Purdue University CVE-2021-39673
Kevin Deus of Google CVE-2022-20416
Le Wu of Baidu Security CVE-2022-25662, CVE-2022-25687
Lewei Qu(曲乐炜) of Baidu AIoT Security Team CVE-2022-20430, CVE-2022-20431, CVE-2022-20432, CVE-2022-20433, CVE-2022-20434, CVE-2022-20435, CVE-2022-20436, CVE-2022-20437, CVE-2022-20438, CVE-2022-20439, CVE-2022-20440
lovepink CVE-2022-33214
Man Yue Mo of GitHub Security Lab CVE-2022-25664
Martijn Bogaard (Riscure) CVE-2022-20231, CVE-2022-20364
Michał Bednarski (michalbednarski) CVE-2022-20419
OPTiM Corporation CVE-2022-20420
Pengfei Ding(丁鹏飞) CVE-2022-25660, CVE-2022-25661, CVE-2022-25665
QQQ and Huinian Yang (@vmth6) of OPPO Amber Security Lab CVE-2022-20422
Seonung Jang(@IFdLRx4At1WFm74) of STEALIEN CVE-2022-25666
Xingyu Jin of Google CVE-2021-0696, CVE-2021-0699, CVE-2021-0951
Yong Liu, Xiaodong Wang, Jun Yao and Guang Gong of 360 Vulnerability Research Institute CVE-2022-1786
Yu-Cheng Lin (林禹成) (@AndroBugs) CVE-2022-20429
Zhenpeng Lin (@Markek_) CVE-2022-20409
Zhicheng Zeng (曾志成) of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. CVE-2022-26471, CVE-2022-26472
Zinuo Han(weibo.com/ele7enxxh) of OPPO Amber Security Lab CVE-2022-20410, CVE-2022-20417, CVE-2022-20418

September

Researchers CVEs
Karthik Nair (realkarthiknair) CVE-2022-20317
Abhinav Saxena (xandfury@gmail.com) & AppCensus Inc. (https://appcensus.io) CVE-2022-20339, CVE-2022-20399
Ahmed Ezzat (BitTheByte) CVE-2022-20338
Aman Pandey of bugsmirror CVE-2021-0734, CVE-2021-0975, CVE-2022-20242, CVE-2022-20245, CVE-2022-20252, CVE-2022-20262, CVE-2022-20263, CVE-2022-20266, CVE-2022-20267, CVE-2022-20270, CVE-2022-20275, CVE-2022-20276, CVE-2022-20277, CVE-2022-20279, CVE-2022-20284, CVE-2022-20285, CVE-2022-20287, CVE-2022-20288, CVE-2022-20289, CVE-2022-20290, CVE-2022-20291, CVE-2022-20293, CVE-2022-20294, CVE-2022-20295, CVE-2022-20296, CVE-2022-20298, CVE-2022-20299, CVE-2022-20300, CVE-2022-20301, CVE-2022-20303, CVE-2022-20304, CVE-2022-20305, CVE-2022-20307, CVE-2022-20309, CVE-2022-20310, CVE-2022-20311, CVE-2022-20315, CVE-2022-20316, CVE-2022-20318, CVE-2022-20320, CVE-2022-20322, CVE-2022-20323, CVE-2022-20324, CVE-2022-20326, CVE-2022-20328, CVE-2022-20332, CVE-2022-20336, CVE-2022-20341
Andr. Ess CVE-2022-20335
Boze Zekan and Scott Cosentino of BlackBerry Product Security Incident Response Team (https://www.blackberry.com/us/en/services/blackberry-product-security-incident-response) CVE-2022-20280
C_C CVE-2022-20246, CVE-2022-20250, CVE-2022-20286, CVE-2022-20395
Chaoyuan Peng (@ret2happy) CVE-2022-20333
Chucheng Ye, Binhu Yang, Hongzhi Ding of OPPO and En He of OPPO ZIWU Security Lab CVE-2022-20197
derrek CVE-2022-22094
Edward Cunningham of Google CVE-2020-0500
Elijah Bowman of Accenture CVE-2022-20302
Elijah Bowman of Accenture CVE-2022-20297
En He of OPPO ZIWU Security Lab CVE-2022-20281, CVE-2022-20282
jiayy CVE-2022-20385
Grace Cheng of Google CVE-2022-20261
Hai Zhang of Google CVE-2022-20218
Han Yan(闫晗), Lewei Qu(曲乐炜), Dongxiang Ke(柯懂湘) of Baidu AIoT Security Team CVE-2022-26447
Ivan Lozano of Google CVE-2022-20258
Le Wu of Baidu Security CVE-2022-25653, CVE-2022-25654, CVE-2022-25686, CVE-2022-25688
Lei Ai(艾磊) and Xianfeng Lu(卢先锋) of OPPO Amber Security Lab CVE-2022-20253, CVE-2022-20308, CVE-2022-25706
Lewei Qu(曲乐炜) of Baidu AIoT Security Team CVE-2022-20386, CVE-2022-20387, CVE-2022-20388, CVE-2022-20389, CVE-2022-20390, CVE-2022-20391
lovepink CVE-2022-25696
Lucian and Sheep of OPPO Amber Security Lab CVE-2022-20249, CVE-2022-20251, CVE-2022-20255
Lucian of OPPO Amber Security Lab CVE-2022-20259, CVE-2022-20398
Mitch Phillips using HWASan CVE-2022-20256
Nguyễn Hoàng Thạch (d4rkn3ss) of STAR Labs CVE-2022-20244
PengfeiDing CVE-2022-22092, CVE-2022-22093
Pratheesh P Narayanan CVE-2022-20265
Raphael Farias (https://www.linkedin.com/in/raphaelfariascarneiro/) from the Unversity of Pernambuco CVE-2022-20292
Rayhan Akhter from Android Real Time Stability Insights (RTSI) CVE-2022-20325
Ricky Wai of Google CVE-2022-20241
Wester0x01 (@wester0x01) CVE-2022-20248, CVE-2022-20260
Rui Li and Wenrui Diao, Shandong University CVE-2022-20392
Seonung Jang(@IFdLRx4At1WFm74) of STEALIEN CVE-2022-22095
Syed Rafiul Hussain, Abdullah Al Ishtiaq, Penn State; Imtiaz Karim, Elisa Bertino, Purdue; Omar Chowdhury, University of Iowa CVE-2022-22091
Valerio Brussani (@val_brux) working at NoZero (nozero.io) CVE-2022-20340
Vladislav Butorov CVE-2022-20243
Xianfeng Lu(卢先锋) and Lei Ai(艾磊) of OPPO Amber Security Lab CVE-2022-20257, CVE-2022-25704
Xingyu Jin of Google CVE-2021-0697, CVE-2021-0871, CVE-2021-0942, CVE-2021-0943
Yansong Li CVE-2022-20334
Yu-Cheng Lin (林禹成) (@AndroBugs) CVE-2021-0518, CVE-2022-20268, CVE-2022-20271, CVE-2022-20272, CVE-2022-20274, CVE-2022-20278, CVE-2022-20312, CVE-2022-20314, CVE-2022-20327, CVE-2022-20329, CVE-2022-20331
Zinuo Han(weibo.com/ele7enxxh) of OPPO Amber Security Lab CVE-2022-20247, CVE-2022-20273, CVE-2022-20283, CVE-2022-20362, CVE-2022-20393

August

Researchers CVEs
Abhinav Saxena (xandfury@gmail.com) & AppCensus Inc. (https://appcensus.io) CVE-2022-20339
Ahmed Ezzat (BitTheByte) CVE-2022-20338
Aman Pandey of bugsmirror CVE-2022-20352, CVE-2021-0734, CVE-2021-0975, CVE-2022-20242, CVE-2022-20245, CVE-2022-20252, CVE-2022-20262, CVE-2022-20263, CVE-2022-20266, CVE-2022-20267, CVE-2022-20270, CVE-2022-20275, CVE-2022-20276, CVE-2022-20277, CVE-2022-20279, CVE-2022-20284, CVE-2022-20285, CVE-2022-20287, CVE-2022-20288, CVE-2022-20289, CVE-2022-20290, CVE-2022-20291, CVE-2022-20293, CVE-2022-20294, CVE-2022-20295, CVE-2022-20296, CVE-2022-20298, CVE-2022-20299, CVE-2022-20300, CVE-2022-20301, CVE-2022-20303, CVE-2022-20304, CVE-2022-20305, CVE-2022-20307, CVE-2022-20309, CVE-2022-20310, CVE-2022-20311, CVE-2022-20315, CVE-2022-20316, CVE-2022-20318, CVE-2022-20320, CVE-2022-20322, CVE-2022-20323, CVE-2022-20324, CVE-2022-20326, CVE-2022-20328, CVE-2022-20332, CVE-2022-20336, CVE-2022-20341
Amit Nama from Android Real Time Stability Insights (RTSI) CVE-2022-20383
Andr. Ess CVE-2022-20335
Android Security Assurance Red Team CVE-2022-20384, CVE-2022-20402, CVE-2022-20404, CVE-2022-20405, CVE-2022-20407, CVE-2022-20408
au4to4 CVE-2022-20368
Austin Emmitt ofNowSecure(@alkalinesec) CVE-2022-20355
Bodong Zhao of NISL Lab, Tsinghua University CVE-2022-20373
Boze Zekan and Scott Cosentino of BlackBerry Product Security Incident Response Team (https://www.blackberry.com/us/en/services/blackberry-product-security-incident-response) CVE-2022-20280
C_C CVE-2022-20246, CVE-2022-20250, CVE-2022-20286
Chaoyuan Peng (@ret2happy) CVE-2022-20333
Daniele Antonioli (EURECOM), Nils Ole Tippenhauer (CISPA), Kasper Rasmussen (University of Oxford), Mathias Payer (EPFL). CVE-2022-20361
Edward Cunningham of Google CVE-2021-39696, CVE-2022-20358
Elijah Bowman of Accenture CVE-2022-20302
En He of OPPO ZIWU Security Lab CVE-2022-20281, CVE-2022-20282
jiayy CVE-2022-20239
Grace Cheng of Google CVE-2022-20261
Hongli Han(@hexb1n) and Guang Gong(@oldfresher) of 360 Alpha Lab CVE-2022-20344
Ivan Lozano of Google CVE-2022-20258
Karthik Nair (realkarthiknair) CVE-2022-20317
Kieron Quinn (https://kieronquinn.co.uk/) CVE-2022-20356
Le Wu (吴乐) of Baidu Security CVE-2022-20082, CVE-2022-22059, CVE-2022-25668
Lei Ai(艾磊) and Xianfeng Lu(卢先锋) of OPPO Amber Security Lab CVE-2022-20253, CVE-2022-20308,CVE-2022-20345
lovepink CVE-2022-20180, CVE-2022-20357, CVE-2022-20366, CVE-2022-20367, CVE-2022-20379
Lucian and Sheep of OPPO Amber Security Lab CVE-2022-20249, CVE-2022-20251, CVE-2022-20255
Lucian of OPPO Amber Security Lab CVE-2022-20259
Marco Nelissen of Google CVE-2022-20376
Mitch Phillips using HWASan CVE-2022-20256
Nathan Harold of Google CVE-2022-20354
Nguyễn Hoàng Thạch (d4rkn3ss) of STAR Labs CVE-2022-20244
Peter Park (peterpark) CVE-2021-30259
Pratheesh P Narayanan CVE-2022-20265
Raphael Farias (https://www.linkedin.com/in/raphaelfariascarneiro/) from the Unversity of Pernambuco CVE-2022-20292
Rayhan Akhter from Android Real Time Stability Insights (RTSI) CVE-2022-20325, CVE-2022-20381
Ricky Wai of Google CVE-2022-20241
Wester0x01 (@wester0x01) CVE-2022-20248, CVE-2022-20260, CVE-2022-20348, CVE-2022-20349
Elijah Bowman of Accenture CVE-2022-20297
Starry, QQQ, CenJ of OPPO Amber Security Lab CVE-2022-20369
Tomasz Kuchta CVE-2022-20365
Tri Vo of Google CVE-2022-20377
Valerio Brussani (@val_brux) working at NoZero (nozero.io) CVE-2022-20340
Vladislav Butorov CVE-2022-20243
Xianfeng Lu(卢先锋) and Lei Ai(艾磊) of OPPO Amber Security Lab CVE-2022-20257
Xingyu Jin CVE-2021-0698, CVE-2021-0887, CVE-2021-0891, CVE-2021-0946, CVE-2021-0947
Yansong Li CVE-2022-20334
Yu-Cheng Lin (林禹成) (@AndroBugs) CVE-2022-20350, CVE-2021-0518, CVE-2022-20268, CVE-2022-20271, CVE-2022-20272, CVE-2022-20274, CVE-2022-20278, CVE-2022-20312, CVE-2022-20314, CVE-2022-20327, CVE-2022-20329, CVE-2022-20331
Zi Fan Tan of Google CVE-2022-20371
Zinuo Han(weibo.com/ele7enxxh) of OPPO Amber Security Lab CVE-2022-20247, CVE-2022-20273, CVE-2022-20283, CVE-2022-20346

July

Researchers CVEs
Aman Pandey of bugsmirror CVE-2022-20225
Daniel Komaromy (@kutyacica) of Taszk Security Labs CVE-2022-21744
jiayy CVE-2022-20238
Eric Biggers of Google CVE-2022-20219
Han Yan(闫晗), Lewei Qu(曲乐炜), Dongxiang Ke(柯懂湘) of Baidu AIoT Security Team CVE-2022-21767, CVE-2022-21768
Jun Yao (@_2freeman) and Guang Gong (@oldfresher) of 360 Alpha Lab CVE-2021-35133
Le Wu of Baidu Security CVE-2022-25657, CVE-2022-25658, CVE-2022-25659
Lewei Qu(曲乐炜) and Dongxiang Ke(柯懂湘) of Baidu AIoT Security Team CVE-2022-20216
Lewei Qu(曲乐炜) of Baidu AIoT Security Team CVE-2022-20217
Lucian of OPPO Amber Security Lab CVE-2022-21763, CVE-2022-21764
Rob Carr of Google CVE-2022-20226
Szymon Heidrich CVE-2022-20227
Tianyi Hu (胡天易) of Bytedance Wuheng Lab CVE-2022-20223
Yu-Cheng Lin (林禹成) (@AndroBugs) CVE-2022-20212, CVE-2022-20234
Zinuo Han(weibo.com/ele7enxxh) of OPPO Amber Security Lab CVE-2022-20221, CVE-2022-20222, CVE-2022-20224, CVE-2022-20229

June

Researchers CVEs
360 Alpha Lab CVE-2021-35120
Aman Pandey of bugsmirror CVE-2021-0983, CVE-2022-20126, CVE-2022-20133, CVE-2022-20206
Android Security Assurance Red Team CVE-2022-20149, CVE-2022-20164, CVE-2022-20167, CVE-2022-20170, CVE-2022-20171, CVE-2022-20179
Android Security Assurance RedTeam of Google CVE-2022-20132
Bodong Zhao of NISL Lab, Tsinghua University CVE-2022-20155, CVE-2022-20183, CVE-2022-20185
Chong Wang (王冲) (weibo.com/csddl) from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd. and Pengfei Ding (丁鹏飞) of Huawei CVE-2020-27068
Chucheng Ye, Binhu Yang, Hongzhi Ding of OPPO and En He of OPPO ZIWU Security Lab CVE-2022-20197
Damiano Melotti and Maxime Rossi Bellom of Quarkslab CVE-2022-20233
Domen Puncer Kugler, Samsung Electronics, SRUK CVE-2022-20166
Fabien Lheureux of Google CVE-2022-20152, CVE-2022-20174
flawedworld and CreepNT CVE-2021-39653
jiayy CVE-2021-35119
Gopal Krishna Shukla, Qualcomm India CVE-2021-39806
Gulshan Singh of Google CVE-2022-20176
Hao Zhou, Xiapu Luo from the Hong Kong Polytechnique University, Haoyu Wang from the Huazhong University of Science and Technology, Haipeng Cai from the Washington State University, and Yajin Zhou from the Zhejiang University CVE-2022-20200
Heimdallr of Cyber Security of Zhejiang ZEEKR Intelligent Technology CVE-2022-25375
Hongli Han (@hexb1n) and Mingjian Zhou (周明建) (@Mingjian_Zhou) of C0RE Team CVE-2021-39624, CVE-2022-20141
ISMAEL AMZDAK CVE-2022-20125
Joshua Nearchos (LinkedIn) CVE-2022-20006
Jun Yao (@_2freeman) and Guang Gong (@oldfresher) of 360 Alpha Lab CVE-2021-35121
Keith Mok of Google CVE-2022-20148
Kevin Yang of Google CVE-2022-20182
Le Wu of Baidu Security CVE-2022-22082, CVE-2022-22083, CVE-2022-22084, CVE-2022-22085, CVE-2022-22086, CVE-2022-22087
lovepink CVE-2022-20156
Lucian of OPPO Amber Security Lab CVE-2022-20137
Man Yue Mo of GitHub Security Lab CVE-2022-20186
Matthew Daley CVE-2021-39691
Nate Myren of Google CVE-2022-20193
Pengfei Ding(丁鹏飞) CVE-2021-35118
Qidan He (@flanker_hqd) CVE-2022-20146, CVE-2022-20172
Rob Carr of Google CVE-2022-20192
Sergey Toshin (@bagipro) of Oversecured Inc. CVE-2022-20135, CVE-2022-20142
smakk CVE-2022-20210
su4do4 CVE-2022-20153
Sze Yiu Chau, Hugo Hue, and Ka Lok Wu of The Chinese University of Hong Kong (CUHK) CVE-2022-20145
TerrorBlade of OPPO Amber Security Lab CVE-2022-20139
Tianyi Hu (胡天易) of Bytedance Wuheng Lab CVE-2022-20205
Yifei Xie CVE-2022-21745
Yu-Cheng Lin (林禹成) (@AndroBugs) CVE-2022-20138, CVE-2022-20194, CVE-2022-20204, CVE-2022-20207
Zinuo Han(weibo.com/ele7enxxh) of OPPO Amber Security Lab CVE-2022-20123, CVE-2022-20127, CVE-2022-20131, CVE-2022-20140, CVE-2022-20147, CVE-2022-20198, CVE-2022-20201

May

Researchers CVEs
Aman Pandey of bugsmirror CVE-2022-20004, CVE-2022-20114
Android Security Assurance RedTeam CVE-2022-20120
Art (github) CVE-2022-20011
Ben Turley CVE-2022-20113
Christian Loehle, Hyperstone GmbH cloehle@hyperstone.com CVE-2022-20008
Edward Cunningham of Google CVE-2022-20005
jiayy CVE-2021-35092
jiayy CVE-2021-35084, CVE-2021-35085
Gregory Montoir and Gary Arakaki of Google CVE-2021-39700
hsia.angsh CVE-2022-20115
Kevin Deus of Google CVE-2022-20010
Le Wu (吴乐) of Baidu Security CVE-2022-20109, CVE-2022-20110
Le Wu (吴乐) of Baidu Security CVE-2022-20118
lovepink CVE-2022-20119
Man Yue Mo of GitHub Security Lab CVE-2022-22057, CVE-2022-22068
Max Kellermann of IONOS SE CVE-2022-0847
Michał Bednarski (michalbednarski) CVE-2022-20116
Peter Park (peterpark) CVE-2021-35072, CVE-2022-22072
Sithi CVE-2021-39670
Szymon Heidrich CVE-2022-20009
TerrorBlade of OPPO Amber Security Lab CVE-2022-20121
Xianbo Wang (@sanebow) of MobiTec, The Chinese University of Hong Kong CVE-2022-20007
Xianfeng Lu(卢先锋) and Lei Ai(艾磊) of OPPO Amber Security Lab CVE-2022-20112
Yu-Cheng Lin (林禹成) (@AndroBugs) CVE-2021-39738

April

Researchers CVEs
Syed Rafiul Hussain, Abdullah Al Ishtiaq, Penn State; Imtiaz Karim, Elisa Bertino, Purdue; Omar Chowdhury, University of Iowa CVE-2021-30344
Aman Pandey of bugsmirror CVE-2021-39808
Andrea Arcangeli of Red Hat and Peter Collingbourne of Google CVE-2021-39802
Dawuge of Pangu Team CVE-2021-39804
Eloi Sanfelix of Blue Frost Security CVE-2021-35112
jiayy CVE-2021-35071, CVE-2021-35081
Hao Zhou, Xiapu Luo from the Hong Kong Polytechnique University, Haoyu Wang from the Huazhong University of Science and Technology, and Yajin Zhou from the Zhejiang University CVE-2021-39796
Yu-Cheng Lin (林禹成) (@AndroBugs) and hluwa CVE-2021-39794
John Tsai of Google CVE-2021-39812
Le Wu of Baidu Security CVE-2021-35100
Le Wu(吴乐) of Baidu Security CVE-2021-39800, CVE-2021-39801
Lei Ai(艾磊) and Xianfeng Lu(卢先锋) of OPPO Amber Security Lab CVE-2021-39805, CVE-2021-39807
lovepink CVE-2021-39798
Makoto Onuki of Google CVE-2021-0694
Michał Bednarski (michalbednarski) CVE-2021-39797, CVE-2021-39799
Pierre-Yves Marche from Orange Security team CVE-2022-20081
Zinuo Han(weibo.com/ele7enxxh) of Alibaba Cloud Security Team CVE-2021-39809

March

Researchers CVEs
7h0r CVE-2021-39709
Aman Pandey of bugsmirror CVE-2021-39701, CVE-2021-39704
Android Security Assurance RedTeam of Google CVE-2021-39726
Bo Zhang (张波) and Tianyi Hu (胡天易) of Bytedance Wuheng Lab CVE-2021-39707
Bo Zhang (张波) of Bytedance Wuheng Lab CVE-2021-39697
Bodong Zhao from Tsinghua University CVE-2021-39717
Elijah Bowman of Accenture CVE-2021-39703
Eugene Rodionov of Google CVE-2021-39792
Fabien Lheureux CVE-2021-39729
jiayy CVE-2021-35088
jiayy CVE-2021-35103, CVE-2021-35106, CVE-2021-35117
gzobqq@gmail.com CVE-2021-39698
Hang Zhang,Zhiyun Qian from UC Riverside CVE-2021-30299
Hao Zhou, Xiapu Luo from the Hong Kong Polytechnique University, Haoyu Wang from the Beijing University of Posts and Telecommunications, and Yajin Zhou from the Zhejiang University CVE-2021-39692, CVE-2021-39702
Huinian Yang (@vmth6) of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. CVE-2022-20047, CVE-2022-20048
Jann Horn of Google Project Zero CVE-2021-39686
Jiakai Zhang of Google CVE-2021-39689
Jun Yao (姚俊) (⁠@freeman) and Guang Gong (@oldfresher) of Alpha Lab, Qihoo 360 Technology Co. Ltd. CVE-2021-39725, CVE-2021-39735
Le Wu(吴乐) of Baidu Security CVE-2021-39714
Lucian and Sheep of OPPO Amber Security Lab CVE-2021-39706
Man Yue Mo of GitHub Security Lab CVE-2021-35105
Matt Oh of Google CVE-2021-39727
Max Spector of spector.tech, Kenneth Kang of Google, Huizi Yang of Google, Dmitry Vyukov of Google CVE-2021-39711, CVE-2021-39721
Mitch Phillips using HWASan CVE-2021-39722
Peter Park (peterpark) CVE-2021-30331, CVE-2021-30333
Qidan He (@flanker_hqd) CVE-2021-39734
Rui Li and Wenrui Diao, Shandong University CVE-2021-39695
Sam Schumacher of Google CVE-2021-39710
SHIHAB P M CVE-2021-0957
Sithi CVE-2021-39690
Soonil Nagarkar of Google CVE-2021-39693
Szymon Heidrich CVE-2021-39685
Vahan Aslanyan CVE-2021-39694
Will Coster of Google CVE-2021-39718, CVE-2021-39731
Xiling Gong of Google CVE-2021-39737
Xuan Xing of Google CVE-2021-39720, CVE-2021-39723
Zinuo Han(weibo.com/ele7enxxh) of Alibaba Cloud Security Team CVE-2021-39708

February

Researchers CVEs
Alexander Yukhanov of Google CVE-2021-39777
Aman Pandey of bugsmirror CVE-2021-39743, CVE-2021-39744, CVE-2021-39745, CVE-2021-39747, CVE-2021-39751, CVE-2021-39754, CVE-2021-39755, CVE-2021-39756, CVE-2021-39760, CVE-2021-39761, CVE-2021-39766, CVE-2021-39769, CVE-2021-39770, CVE-2021-39773, CVE-2021-39778, CVE-2021-39779, CVE-2021-39781, CVE-2021-39782, CVE-2021-39788, CVE-2021-39791
Amit Nama CVE-2021-39786
Corbin Souffrant with Leviathan Security Group CVE-2021-39741
h0rd7 CVE-2021-39764
Hao Ke (柯昊) of Google Android Malware Research CVE-2021-1000, CVE-2021-1033
Hao Zhou, Xiapu Luo from the Hong Kong Polytechnique University, Haoyu Wang from the Beijing University of Posts and Telecommunications, and Yajin Zhou from the Zhejiang University CVE-2021-39789
Jann Horn of Google Project Zero CVE-2021-39767, CVE-2022-20002
Lucian and Sheep of OPPO Amber Security Lab CVE-2022-42544, CVE-2021-39780
Lucian of OPPO Amber Security Lab CVE-2021-39750, CVE-2021-39752, CVE-2021-39753
Michał Bednarski (michalbednarski) CVE-2021-39749
Rayhan Akhter CVE-2021-39776
Sergey Toshin (@bagipro) of Oversecured Inc. CVE-2021-25393
Tianyi Hu (胡天易) of Bytedance Wuheng Lab CVE-2021-39763
Xianfeng Lu(卢先锋) and Lei Ai(艾磊) of OPPO Amber Security Lab CVE-2021-39772
Xianfeng Lu(卢先锋) and Yu Qin(秦彧) of OPPO Amber Security Lab CVE-2021-39768
Yu-Cheng Lin (林禹成) (@AndroBugs) CVE-2021-39739, CVE-2021-39775, CVE-2021-39784
Zinuo Han(weibo.com/ele7enxxh) of Alibaba Cloud Security Team CVE-2021-39774
Researchers CVEs
Lewei Qu(曲乐炜) and Dongxiang Ke(柯懂湘) of Baidu AIoT Security Team CVE-2021-39635
Aman Pandey of bugsmirror CVE-2021-0524
Amit Nama of Google using Realtime Stability Insights (RTSI) CVE-2021-39687
Bodong Zhao of NISL Lab, Tsinghua University CVE-2021-30324, CVE-2021-30325
Dongxiang Ke(柯懂湘) and Lewei Qu(曲乐炜) and Han Yan(闫晗) of Baidu AIoT Security Team CVE-2022-20025, CVE-2022-20026, CVE-2022-20027, CVE-2022-20028
Dzmitry Lukyanenka CVE-2021-39663
jiayy CVE-2021-35069
Hongli Han(@hexb1n) and Guang Gong(@oldfresher) of Vulnerability Research Institute CVE-2021-39666
Jooyung Han of Google CVE-2021-39671
Kris Alder of Google CVE-2020-13112, CVE-2020-13113
Lewei Qu(曲乐炜) and Dongxiang Ke(柯懂湘) of Baidu AIoT Security Team CVE-2021-39616, CVE-2021-39658
Max Spector of spector.tech, Kenneth Kang of Google, Huizi Yang of Google, Dmitry Vyukov of Google CVE-2021-39688
Nguyễn Hoàng Thạch (d4rkn3ss) of STAR Labs CVE-2021-39674
Nolen Johnson, Hardware Security Consultant, DirectDefense CVE-2021-39672
Peter Park (peterpark) CVE-2021-30317, CVE-2021-30322, CVE-2021-30323
Pustam Raut (पुस्तम राउत) from Sarlahi & IISc/RIT/NMC CVE-2021-39631
Ryan Johnson and Mohamed Elsabagh of Kryptowire CVE-2021-0706
Seonung Jang (@IFdLRx4At1WFm74) of STEALIEN CVE-2021-35077
Tianyi Hu (胡天易) of Bytedance Wuheng Lab CVE-2021-39669
Zinuo Han(weibo.com/ele7enxxh) of Alibaba Cloud Security Team CVE-2021-39665, CVE-2021-39676

January

Researchers CVEs
Aman Pandey of bugsmirror CVE-2021-0643
Amit Nama of Google using Realtime Stability Insights (RTSI) CVE-2021-39620, CVE-2021-39679
Atharav R. Hedage and Om Suryakant Koli CVE-2021-39628
Dongsong Yu CVE-2021-30319
Dzmitry Lukyanenka CVE-2021-0846
Eugene Rodionov of Google CVE-2021-39684
h0rd7 CVE-2021-39625
Huinian Yang (@vmth6) and Qingyu Li (QQQ) of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. CVE-2021-39623
Jann Horn of Google Project Zero CVE-2021-0959
Kyungtae Kim CVE-2021-30313
Lewei Qu(曲乐炜) and Dongxiang Ke(柯懂湘) of Baidu AIoT Security Team CVE-2021-1049
Max Spector of spector.tech, Kenneth Kang of Google, Huizi Yang of Google, Dmitry Vyukov of Google CVE-2021-39682
Peter Park (peterpark) CVE-2021-30308, CVE-2021-30311
Sam Schumacher of Google CVE-2021-39632, CVE-2021-39678
Syed Rafiul Hussain, Pennsylvania State University; Imtiaz Karim, Purdue University; Abdullah Al Ishtiaq, Pennsylvania State University; Omar Chowdhury, The University of Iowa; Elisa Bertino, Purdue University CVE-2021-40148
Tianyi Hu (胡天易) of Bytedance Wuheng Lab CVE-2021-1035
Vikram Singh CVE-2021-39622
Yu-Cheng Lin (林禹成) (@AndroBugs) CVE-2021-1036, CVE-2021-1037, CVE-2021-39626
吴宪林(Xianlin Wu) from OPPO Amber Security Lab and 卢昌鑫(Changxin Lu) from Tencent Keen Security Lab CVE-2021-30314

Additional contributions

We would also like to acknowledge the contributions of the following individuals to Android security:

2021

Android 12 security notes

Researchers CVEs
7h0r CVE-2021-0789
Aman Pandey of bugsmirror CVE-2021-0711, CVE-2021-0712, CVE-2021-0715, CVE-2021-0717, CVE-2021-0718, CVE-2021-0721, CVE-2021-0724, CVE-2021-0725, CVE-2021-0726, CVE-2021-0728, CVE-2021-0729, CVE-2021-0731, CVE-2021-0732, CVE-2021-0733, CVE-2021-0736, CVE-2021-0737, CVE-2021-0738, CVE-2021-0742, CVE-2021-0746, CVE-2021-0747, CVE-2021-0751, CVE-2021-0752, CVE-2021-0754, CVE-2021-0755, CVE-2021-0756, CVE-2021-0757, CVE-2021-0760, CVE-2021-0761, CVE-2021-0763, CVE-2021-0764, CVE-2021-0765, CVE-2021-0768, CVE-2021-0770, CVE-2021-0771, CVE-2021-0772, CVE-2021-0780, CVE-2021-0781, CVE-2021-0783, CVE-2021-0784, CVE-2021-0792, CVE-2021-0800, CVE-2021-0801, CVE-2021-0803, CVE-2021-0806, CVE-2021-0807, CVE-2021-0812, CVE-2021-0823, CVE-2021-0827, CVE-2021-0831, CVE-2021-0832, CVE-2021-0834, CVE-2021-0851, CVE-2021-0866, CVE-2022-20211
Andrew Scull of Google CVE-2021-0720
Android Security Red Team CVE-2021-0817, CVE-2021-0819
Chaoyuan Peng (@ret2happy) CVE-2021-0791, CVE-2021-0795, CVE-2021-0796, CVE-2021-0797, CVE-2021-0798, CVE-2021-0804, CVE-2021-0808, CVE-2021-0809, CVE-2021-0810, CVE-2021-0811, CVE-2021-0886
Cheonho Park of Google CVE-2021-0727
Chong Wang (王冲) CVE-2021-0818
Cusas of L.O. Team CVE-2021-0822, CVE-2021-0824
David Zeuthen of Google CVE-2021-0890
Dmitri Plotnikov of Google CVE-2021-0719
Dmitry Valter CVE-2021-0858
Dongwon Kang of Google CVE-2021-0857
Edward Cunningham of Google CVE-2021-0853
excalibursec59@gmail.com of topsec(蒋钟庆) CVE-2021-0847
jiayy CVE-2021-0844
Gerald Palfinger, A-SIT Secure Information Technology Center Austria / Institute for Applied Information Processing and Communications (IAIK), Graz University of Technology CVE-2021-0845
Hao Ke (柯昊) of Google Android Malware Research CVE-2021-0709, CVE-2021-0710, CVE-2021-0723, CVE-2021-0762, CVE-2021-0868
hard_______ CVE-2021-0785, CVE-2021-0828, CVE-2021-0837
Hongli Han (@hexb1n) and Guang Gong (@oldfresher) of 360 Alpha Lab working with 360 BugCloud CVE-2021-0767, CVE-2021-0855
Hongli Han (@hexb1n) and Mingjian Zhou (周明建) (@Mingjian_Zhou) of C0RE Team CVE-2021-0865
HuiSu Jeon of Financial Security Institute CVE-2021-0826
Jayant Chowdhary of Google CVE-2021-0774
Joao Lucas Melo Brasio from Elytron Security CVE-2019-9428
JulIen Thomas (@Julien_Thomas) CVE-2021-0856
Kirill Romanovskiy, cyril@yandex-team.ru/romanovskiy.k@gmail.com CVE-2021-0862
Lauren Winston of Google CVE-2021-0722
Lucian of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd CVE-2021-0867
Luowen Qian of Boston University (https://cs-people.bu.edu/luowenq/) CVE-2021-0980
Marcin Mikosik CVE-2021-0863
Matthew Daley CVE-2021-0949
Michael Ensing of Leviathan Security CVE-2021-0838, CVE-2021-0840, CVE-2021-0841
Michael Groover of Google CVE-2021-0716
Michał Bednarski (michalbednarski) CVE-2021-0748, CVE-2021-0749, CVE-2021-0750
Mitch Phillips using GWP-ASan CVE-2021-0850
Nate(Qiang) Jiang of Google CVE-2021-0753
Ned Williamson of Google Project Zero CVE-2021-0802
Nguyễn Hoàng Thạch (d4rkn3ss) of STAR Labs CVE-2021-0950
Nikita Kurtin CVE-2021-0864
Niky1235 (@jiych_guru) CVE-2020-0127
Ricky Wai of Google CVE-2021-0849
Sam Schumacher of Google using HWASan CVE-2021-0766
Sergey Toshin (@bagipro) of Oversecured Inc. CVE-2021-0788
The Magnificent Steven Moreland of Google CVE-2021-0775, CVE-2021-0852, CVE-2021-0861
Winson Chiu of Google CVE-2021-0440
Wyatt Riley of Google CVE-2021-0743
Xianfeng Lu(卢先锋) of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. CVE-2021-0842
Yu-Cheng Lin (林禹成) (@AndroBugs) CVE-2021-0778, CVE-2021-0782, CVE-2021-0786, CVE-2021-0790, CVE-2021-0825
Zeeshan Shaikh (@bugzzzhunter) from NotSoSecure CVE-2021-0843
Zinuo Han (weibo.com/ele7enxxh) of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. CVE-2021-0713, CVE-2021-0714
Zongheng Wang and Jack He of Google CVE-2021-0816
Łukasz Siewierski of Google CVE-2021-0860

December

Researchers CVEs
360 Alpha Lab CVE-2021-30335, CVE-2021-30337
Aman Pandey of bugsmirror CVE-2021-0978, CVE-2021-0979, CVE-2021-0982, CVE-2021-0984, CVE-2021-0986, CVE-2021-0987, CVE-2021-0989, CVE-2021-0990, CVE-2021-0994, CVE-2021-0995, CVE-2021-1003, CVE-2021-1004, CVE-2021-1005, CVE-2021-1009, CVE-2021-1010, CVE-2021-1011, CVE-2021-1012, CVE-2021-1013, CVE-2021-1014, CVE-2021-1015, CVE-2021-1017, CVE-2021-1018, CVE-2021-1019, CVE-2021-1020, CVE-2021-1021, CVE-2021-1023, CVE-2021-1025, CVE-2021-1026, CVE-2021-1030, CVE-2021-1031, CVE-2021-1032, CVE-2021-1034
Bodong Zhao from Tsinghua University CVE-2021-30298
Chaoyuan Peng (@ret2happy) CVE-2021-0996, CVE-2021-1016, CVE-2021-1022
Chris Fries of Google CVE-2021-39639
d414d4 (d414d4@gmail.com) CVE-2021-39649, CVE-2021-39656, CVE-2021-39657
Edward Cunningham of Google CVE-2021-0704, CVE-2021-0988
Eugene Rodionov of Google CVE-2021-39643, CVE-2021-39647, CVE-2021-39648
flawedworld and CreepNT CVE-2021-39653
Ian Thompson of Green Hills Software CVE-2021-0904
Jann Horn of Google Project Zero CVE-2021-0966
Jay Lv (@evilpan) of AntGroup TianQiong Security Lab CVE-2021-1007
Keuntae Shin CVE-2021-1008
Marcin Glinski CVE-2021-39652
Max Spector of Google CVE-2021-1046, CVE-2021-39638, CVE-2021-39642, CVE-2021-39655
Mitch Phillips using GWP-ASan CVE-2021-0955
MyTyrannosaurusBuddy CVE-2021-0970
Netanel Ben Simon and Slava Makkaveev of Check Point Software Technologies Ltd. CVE-2021-0675, CVE-2021-30351
Nguyễn Hoàng Thạch (d4rkn3ss) of STAR Labs CVE-2021-0956, CVE-2021-0977
Peter Park (peterpark) CVE-2021-30267, CVE-2021-30268, CVE-2021-30289
QQQ of OPPO Amber Security Lab CVE-2021-39650
Sithi CVE-2021-0952
Sulthan Alaudeen (@parallel_beings) CVE-2021-39640, CVE-2021-39651
The UK's National Cyber Security Centre (NCSC) CVE-2021-0961
Tianyi Hu (胡天易) of Bytedance Wuheng Lab CVE-2021-0963
Tri Vo of Google CVE-2021-39637
Vijay Prakash and Ruian Duan, Palo Alto Networks Inc CVE-2021-0968
Xianfeng Lu (卢先锋) and Lei Ai (艾磊) of OPPO Amber Security Lab CVE-2021-0999
Xuan Xing of Google CVE-2021-39641, CVE-2021-39644, CVE-2021-39645, CVE-2021-39646
Yong Wang (王勇) (@ThomasKing2014) of Alibaba Security CVE-2021-39636
Yu-Cheng Lin (林禹成) (@AndroBugs) CVE-2021-0965, CVE-2021-0991, CVE-2021-1006, CVE-2021-1038, CVE-2021-1039, CVE-2021-1040
Zinuo Han(weibo.com/ele7enxxh) of Alibaba Cloud Security Team CVE-2021-1027, CVE-2021-1028, CVE-2021-1029

November

Researchers CVEs
Aman Pandey of bugsmirror CVE-2021-0649
Android Security Red Team CVE-2021-0925
Bodong Zhao from Tsinghua University CVE-2021-30265
Chaoyuan Peng (@ret2happy) CVE-2021-0930
Christophe Devine, ANSSI CVE-2021-0434
Clément Lecigne and Christian Resell from Google's Threat Analysis Group CVE-2021-1048
d414d4 (d414d4@gmail.com) CVE-2021-1042
Eugene Rodionov of Google CVE-2021-1044
Hongjian Cao of Ant Security Frontage Lab CVE-2021-1903
Khouloud Mansouri of Google CVE-2021-0922
Le Wu(吴乐) of Baidu Security CVE-2021-0929
Makoto Onuki of Google CVE-2021-0799
Matt Oh of Google CVE-2021-1045
Maxime Rossi Bellom, Philippe Teuwen, and Damiano Melotti of Quarkslab CVE-2021-1043
Michał Bednarski (michalbednarski) CVE-2021-0928
Peter Park (peterpark) CVE-2021-1973, CVE-2021-1979, CVE-2021-30254, CVE-2021-30255
Xianfeng Lu(卢先锋) and Lei Ai(艾磊) of OPPO Amber Security Lab CVE-2021-0918
Xianlin Wu(吴宪林) of OPPO Amber Security Lab CVE-2021-0923
Yu-Cheng Lin (林禹成) (@AndroBugs) CVE-2021-0926, CVE-2021-0932
Yu-Cheng Lin (林禹成) (@AndroBugs) CVE-2021-0653
Zinuo Han(weibo.com/ele7enxxh) of Alibaba Cloud Security Team CVE-2021-0921

October

Researchers CVEs
Andy Nguyen of Google CVE-2021-22555
anupritaisno1 CVE-2021-0703
Arvind Sankar CVE-2021-0938
Chong Wang (王冲) (csddl147@gmail.com) CVE-2021-1966
d414d4@gmail.com CVE-2021-0935
Edward Cunningham of Google CVE-2021-0708
Efthimios Alepis and Constantinos Patsakis, Department of Informatics, University of Piraeus, Greece CVE-2021-0651
jiayy CVE-2021-1977
Hao Chen (@flankersky) and Guang Gong (@oldfresher) of 360 Alpha Lab CVE-2021-1980
Hongjian Cao of ANT Security Frontage Lab CVE-2021-30310
Hongli Han (@hexb1n) and Guang Gong (@oldfresher) of 360 Alpha Lab working with 360 BugCloud CVE-2021-0483
Kyungtae Kim CVE-2021-0936
Man Yue Mo of GitHub Security Lab CVE-2021-1968, CVE-2021-1969
Mathy Vanhoef CVE-2020-11264, CVE-2020-11301, CVE-2020-24587, CVE-2020-24588, CVE-2020-26139, CVE-2020-26140, CVE-2020-26141, CVE-2020-26145, CVE-2020-26146, CVE-2020-26147, CVE-2021-30302, CVE-2021-30312
Max Spector, Dmitry Vyukov CVE-2021-0941
Maxime Rossi Bellom of Quarkslab CVE-2021-0939
Ned Williamson of Google Project Zero CVE-2021-0870
Peter Park (peterpark) CVE-2021-1959, CVE-2021-30288
QQQ of OPPO Amber Security Lab CVE-2021-0940
Rayhan Akhter of Google using Realtime Stability Insights (RTSI) CVE-2021-0652
Thomas Sutter (Me7e0r) CVE-2021-0705
Tim Treese of Google CVE-2021-0702
Yu-Cheng Lin (林禹成) (@AndroBugs) CVE-2021-0583
Zhenxiong Wu of OPPO ZIWU Cyber Security Lab CVE-2021-1967

September

Researchers CVEs
360 Alpha Lab CVE-2021-1963
Aman Pandey of bugsmirror CVE-2021-0686
Bernardo Rufino of Google CVE-2021-0693
Anonymous CVE-2021-0682
Qidan He (@flanker_hqd) of Dawn Security Lab, JD.com CVE-2021-0691
Fei Zhang, Tan Liu, and Qiyuan Tong of ZTE Cybersecurity Lab CVE-2021-1971, CVE-2021-1974
jiayy CVE-2021-1941, CVE-2021-1948
Hao Ke (柯昊) of Google Android Malware Research CVE-2021-0683
Harsh Tyagi CVE-2021-0595
Le Wu (吴乐) of Baidu Security CVE-2021-0635, CVE-2021-0636
Leon Scroggins III of Google CVE-2021-0689
Michał Bednarski (michalbednarski) CVE-2021-0685
Mitch Phillips using HWASan CVE-2021-0869
Nathan Harold of Google CVE-2021-0644
Pratheesh P Narayanan CVE-2021-0687
Ragini Angarkar (ragini.angarkar@gmail.com) CVE-2021-0688
Siarhei Vishniakou of Google CVE-2021-0684
Tamir Zahavi-Brunner CVE-2021-1961
WuHeng Lab of Bytedance CVE-2021-0428
Xianlin Wu(吴宪林) of OPPO Amber Security Lab CVE-2021-0681
Xingyu Jin of Google CVE-2021-30295, CVE-2021-0695
Yanfeng Wang (bigwyfone@gmail.com) of 360 Alpha Lab. CVE-2021-1962
Yu-Cheng Lin (林禹成) (@AndroBugs) CVE-2021-0598, CVE-2021-0692

August

Researchers CVEs
Aman Pandey of bugsmirror CVE-2021-0641
Ben Hawkes and Jann Horn of Google Project Zero CVE-2021-1904
Yu-Cheng Lin (林禹成) (@AndroBugs) and En He of OPPO ZIWU Security Lab CVE-2021-0591, CVE-2021-0593
Google OSS-Fuzz CVE-2021-1972
gzobqq@gmail.com CVE-2021-3347
Haikuo Xie of Singular Security Lab CVE-2021-0578, CVE-2021-0579, CVE-2021-0580, CVE-2021-0581, CVE-2021-0582
Jann Horn from Google Project Zero CVE-2021-1947
KryptoWire CVE-2021-1929
Le Wu (吴乐) of Baidu Security CVE-2021-0573, CVE-2021-0574, CVE-2021-0576
Matthew Daley CVE-2021-0645
Mohamed Sabt of the University of Rennes, CNRS, IRISA and Gwendal Patat CVE-2021-0639
Nan Wang (@eternalsakura13) and Guang Gong of Alpha Lab, Qihoo 360 CVE-2021-0646
Neo Ma of Trend Micro Mobile security research working with Trend Micro Zero Day Initiative CVE-2021-0640
Peter Park (peterpark) CVE-2021-30260
tomz.ppmm@gmail.com CVE-2021-0584
xbq CVE-2021-30261

July

Researchers CVEs
Calum Hutton (Perspective Risk) CVE-2020-0368
Chaoyuan Peng CVE-2021-0589, CVE-2021-0596
Dawn Security Lab, JD.com CVE-2021-0515
Dennis Kugelmann CVE-2021-0654
Devin Moore of Google CVE-2021-0585
jiayy CVE-2021-1897, CVE-2021-1899, CVE-2021-1901, CVE-2021-1943, CVE-2021-1945, CVE-2021-1954, CVE-2021-1964
Guang Gong (@oldfresher) of Alpha Team, Qihoo 360 Technology Co. Ltd. CVE-2021-0514
Güliz Seray Tuncay of Google CVE-2021-0486
Haikuo Xie of Singular Security Lab CVE-2021-1938, CVE-2021-1953, CVE-2021-1955
Hao Chen (@flankersky) and Guang Gong (@oldfresher) of 360 Alpha Lab CVE-2021-1965, CVE-2021-1970
hard_______ CVE-2020-0417
Le Wu (吴乐) of Baidu Security CVE-2021-0577
Man Yue Mo <mmo@semmle.com> CVE-2021-1940
Sergey Toshin (@bagipro) of Oversecured Inc. CVE-2021-0600
Steven Moreland of Google CVE-2021-0587
Yu-Cheng Lin (林禹成) (@AndroBugs) CVE-2021-0586, CVE-2021-0588, CVE-2021-0590, CVE-2021-0597, CVE-2021-0599, CVE-2021-0603
Zeeshan Shaikh (@bugzzzhunter) from NotSoSecure CVE-2021-0602

June

Researchers CVEs
Aman Pandey of bugsmirror CVE-2021-0478, CVE-2021-0513
Android Security Red Team CVE-2021-0512
Anonymous CVE-2021-0554
Calin Juravle of Google CVE-2021-0511
Chaoyuan Peng CVE-2021-0507, CVE-2021-0555, CVE-2021-0557
Chong Wang (王冲) CVE-2021-0508, CVE-2021-0509, CVE-2021-0510, CVE-2021-0520, CVE-2021-0564
Dzmitry Lukyanenka CVE-2021-0608
En He of OPPO ZIWU Security Lab CVE-2021-0536
jiayy CVE-2021-0540, CVE-2021-0541, CVE-2021-0543, CVE-2021-0544, CVE-2021-0545, CVE-2021-0546
Gengjia Chen ( @chengjia4574 ) and Chaoyuan Peng CVE-2021-0504
GWP-ASan CVE-2021-0522, CVE-2021-0565
Hai Zhang of Google CVE-2021-0571
Haikuo Xie of Singular Security Lab CVE-2021-1925, CVE-2021-1937
Hang Zhang & Zhiyun Qian (UC Riverside) CVE-2021-0607
Hao Chen and Guang Gong of Alpha Team, Qihoo 360 Technology Co. Ltd. CVE-2021-0605
hard_______ CVE-2021-0542, CVE-2021-0569
Hongli Han (@hexb1n) and Guang Gong (@oldfresher) of 360 Alpha Lab working with 360 BugCloud CVE-2021-0566
Le Wu (吴乐) of Baidu Security CVE-2021-0525, CVE-2021-0526, CVE-2021-0527, CVE-2021-0528, CVE-2021-0529, CVE-2021-0530, CVE-2021-0531, CVE-2021-0532, CVE-2021-0533
Matt Domenici of Google CVE-2021-0517
Neo Ma and Jesse Chang of Trend Micro working with Trend Micro’s Zero Day Initiative CVE-2021-0535
Pratheesh P. Narayanan CVE-2021-0551
Qi Zhao (@JHyrathon) and Guang Gong (@oldfresher) of Alpha Team, Qihoo 360 Technology Co. Ltd. CVE-2020-11304
Seigo Nonaka of Google CVE-2021-0567
Sergey Toshin (@bagipro) of Oversecured Inc. CVE-2021-0550
Slava Makkaveev Of Checkpoint CVE-2020-11292
Tao Sauvage of IOActive CVE-2021-0548
Will Coster of Google CVE-2020-1971
Xia Guangshuai & Zhang Qing of ByteDance, Bai Guangdong of The University of Queensland / 字节跳动的夏光帅和张清,昆士兰大学的白光冬 CVE-2021-0521
Yanfeng Wang of 360 Alpha Lab working with 360 BugCloud CVE-2021-0606
Yu-Cheng Lin (林禹成) (@AndroBugs) CVE-2021-0506, CVE-2021-0534, CVE-2021-0547, CVE-2021-0549, CVE-2021-0568

May

Researchers CVEs
360 Alpha Lab CVE-2021-1927
Andrey Tsaplin of Resonance Software CVE-2019-2219
Bram Bonné of Google CVE-2021-0466
Dimitrios Valsamaras (Linkedin) of Cognizant CVE-2021-0485
Edward Cunningham of Google CVE-2021-0472
Evgenii Stepanov of Google CVE-2020-11295, CVE-2020-11295
Frédéric Basse CVE-2021-0467
GWP-ASan CVE-2021-0476
Güliz Seray Tuncay of Google CVE-2021-0486
hard_______ CVE-2021-0487
Hongli Han (@hexb1n) and Guang Gong (@oldfresher) of 360 Alpha Lab working with 360 BugCloud CVE-2021-0482
Le Wu (吴乐) of Baidu Security CVE-2021-0489, CVE-2021-0490, CVE-2021-0491, CVE-2021-0492, CVE-2021-0493, CVE-2021-0494, CVE-2021-0495, CVE-2021-0496, CVE-2021-0497, CVE-2021-0498
Łukasz Siewierski of Google CVE-2021-0324
Ned Williamson of Google Project Zero CVE-2021-0473
Peter Park (peterpark) CVE-2021-1915
Qi Zhao (@JHyrathon) and Guang Gong (@oldfresher) of Alpha Team, Qihoo 360 Technology Co. Ltd. CVE-2020-11293, CVE-2020-11293
Song Hu (胡松), Jiawei Qin (秦佳伟) of System Security Center of the State Key Laboratory of Network and Switching Technology, Beijing University of Posts and Telecommunications(北京邮电大学网络与交换技术国家重点实验室) and Tengfei Tu(涂腾飞) of Zhongshi Ruian Beijing Network Technology Co., Ltd (中时瑞安(北京)网络科技有限责任公司) CVE-2021-0484
Wenwen Wang and Fei of L.O. Team CVE-2021-0475
Yu-Cheng Lin (林禹成) (@AndroBugs) CVE-2021-0480

April

Researchers CVEs
Chong Wang (王冲) CVE-2021-0436, CVE-2021-0437, CVE-2021-0471
Cusas of L.O. Team CVE-2021-0431, CVE-2021-0435
Elliott Brooks CVE-2021-0443
GWP-ASan CVE-2021-0429, CVE-2021-0432
Ned Williamson of Google Project Zero CVE-2021-0430
Rob Carr of Google CVE-2021-0438
Sergey Toshin (@bagipro) of Oversecured Inc. CVE-2021-0444
Soonil Nagarkar of Google CVE-2021-0400
Weiteng Chen (wchen130@ucr.edu) CVE-2020-11231
Xiaobo Xiang; Guang Gong of Alpha Lab, Qihoo 360 Technology Co. Ltd CVE-2021-0426, CVE-2021-0427
Mingming Wang (汪明明) CVE-2021-0442

March

Researchers CVEs
18be2a6c CVE-2021-0449, CVE-2021-0450, CVE-2021-0451, CVE-2021-0452, CVE-2021-0453, CVE-2021-0454, CVE-2021-0455, CVE-2021-0456
360 Alpha Lab CVE-2020-11290
7h0r CVE-2021-0391
Alvin Abdagic of Google CVE-2021-0369
Aman Pandey of bugsmirror CVE-2021-0389
Andr. Ess CVE-2020-0025
Android Security Red Team CVE-2021-0371
Arash Tohidi (h4ul4) CVE-2020-11194, CVE-2020-11195
Ben Hutchings of Codethink Ltd CVE-2020-11230
Bodong Zhao from Tsinghua University CVE-2021-0461
Dharmeshkumar Mokani of Google CVE-2021-0375
Fei, Wenwen Wang, and Cusas of L.O.Team CVE-2021-0397
jiayy CVE-2021-0370, CVE-2020-11308
GWP-ASan CVE-2021-0464
hhjack (hhj4ck) CVE-2020-11199
Hongli Han (@hexb1n) and Guang Gong (@oldfresher) of 360 Alpha Lab working with 360 BugCloud CVE-2021-0387, CVE-2021-0392, CVE-2021-0395
Jeff Sharkey of Google CVE-2021-0376
Jesse Chang and Jack Tang of Trend Micro working with Trend Micro's Zero Day Initiative CVE-2021-0457, CVE-2021-0458, CVE-2021-0459, CVE-2021-0460
Jun Yao (姚俊) (@_2freeman) and Guang Gong (@oldfresher) of 360 Alpha Lab working with 360 BugCloud CVE-2020-11309
Miao Hu and Yufei Liu of KeenLab (@keen_lab), Tencent CVE-2021-0383, CVE-2021-0388
Michał Bednarski (michalbednarski) CVE-2021-0382, CVE-2021-0398
Mitch Phillips using HWASan/GWP-ASan CVE-2021-0465, CVE-2021-0463
Qidan He (@flanker_hqd" CVE-2021-0393
Roshan Pius of Google CVE-2021-0390
Steven Moreland of Google CVE-2021-0394
Wen Guanxing from Pangu LAB CVE-2020-3664
Will Coster of Google CVE-2021-0377
Xianfeng Lu (卢先锋) and Wu Chen (陈武) of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. CVE-2021-0374
Xianfeng Lu (卢先锋) of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. CVE-2021-0385
Yu-Cheng Lin (林禹成) (@AndroBugs) CVE-2021-0380

February

Researchers CVEs
7h0r CVE-2021-0333
Bernardo Rufino of Google CVE-2021-0302, CVE-2021-0305
Chong Zhang of Android Media Team CVE-2021-0340
Domien Schepers CVE-2020-11270, CVE-2020-11280, CVE-2020-11281, CVE-2020-11287
Edward Cunningham of Google CVE-2021-0339
Hongli Han (@hexb1n) and Guang Gong (@oldfresher) of 360 Alpha Lab working with 360 BugCloud CVE-2021-0329, CVE-2021-0330, CVE-2021-0332
Jeyasri. A (LinkedIn, @Jeyasri001, @jeyasri__001) and mr.karthikeyan (LinkedIn) CVE-2021-0334
Man Yue Mo of GitHub Security Lab CVE-2020-11282
Manthi Le of Infosys at Google CVE-2021-0335
Matthew Daley CVE-2021-0337
Michał Bednarski (michalbednarski) CVE-2021-0327
OSS-Fuzz and Jouni Malinen, Qualcomm CVE-2021-0326
Raymond Wang CVE-2021-0338
Sulthan Alaudeen (@parallel_beings) CVE-2020-11286
Vincent Toubiana CVE-2021-0328
Will Coster of Google CVE-2020-11203
Yuri Schimke of Google CVE-2021-0341

January

Researchers CVEs
7h0r CVE-2021-0315
Aman Pandey of bugsmirror CVE-2021-0319
Anthony Steinhauser of Google CVE-2020-10767
excalibursec59@gmail.com of topsec (蒋钟庆) CVE-2016-6328
jiayy CVE-2021-0316
Gerald Palfinger, A-SIT Secure Information Technology Center Austria / Institute for Applied Information Processing and Communications (IAIK), Graz University of Technology CVE-2021-0321
Hasini Gunasinghe of Google CVE-2021-0320
Hongli Han (@hexb1n) and Guang Gong (@oldfresher) of 360 Alpha Lab working with 360 BugCloud CVE-2020-11161, CVE-2021-0310, CVE-2021-0318
Jazzy (@ret2jazzy) of Google CVE-2021-0308
Jun Yao (姚俊) (@_2freeman) and Guang Gong (@oldfresher) of 360 Alpha Lab working with 360 BugCloud CVE-2020-11160
Konstantin Milev CVE-2021-0313
Le Wu (吴乐) of Baidu Security CVE-2021-0301
Man Yue Mo of GitHub Security Lab CVE-2020-11239, CVE-2020-11261
Marco Nelissen of Google CVE-2021-0311
Matthew Daley CVE-2021-0309
Nathaniel Theis of IOActive security consultant CVE-2020-0471
Rui Li and Wenrui Diao, Shandong University CVE-2021-0307, CVE-2021-0317
Sergei Glazunov of Google Project Zero CVE-2020-15999
syzkaller, kernel fuzzer CVE-2021-0342
Wenrui Diao & Rui Li, Shandong University CVE-2021-0306
Xianbo Wang (@sanebow) of MobiTec, The Chinese University of Hong Kong CVE-2020-27059
Xiaodong Wang CVE-2020-11250
Zhaoming Yin of Google CVE-2021-0303

2020

Android 11 security notes

Researchers CVEs
A.V. Flox and Yonatan Zunger CVE-2020-0286
Alexandru Bogdan Geana CVE-2020-0369
Andrea Possemato of IDEMIA CVE-2020-0317, CVE-2020-0327, CVE-2020-0343, CVE-2020-0372
Android Security Red Team CVE-2020-0281, CVE-2020-0300, CVE-2020-0319, CVE-2020-0325, CVE-2020-0326, CVE-2020-0334, CVE-2020-0350
Bruce Chen of Google CVE-2020-0365
Calum Hutton (Perspective Risk) CVE-2020-0352
jiayy CVE-2020-0335, CVE-2020-0348, CVE-2020-0349
Chi Zhang and Guang Gong (@oldfresher) of 360 Alpha Lab working with 360 BugCloud (https://bugcloud.360.cn/) CVE-2020-0341, CVE-2020-0354
Chong Wang (王冲) (weibo.com/csddl) from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd. CVE-2020-0264, CVE-2020-0322, CVE-2020-0323
Cusas @ L.O. Team CVE-2020-0266, CVE-2020-0301, CVE-2020-0320, CVE-2020-0332, CVE-2020-0351, CVE-2020-0353 CVE-2020-0362
Cyrille Chatras of Orange Labs CVE-2020-0130
Dai of L.O. Team CVE-2020-0287
Daoyuan Wu of The Chinese University of Hong Kong CVE-2020-0308, CVE-2020-0374
Edward Cunningham of Google CVE-2020-0263, CVE-2020-0275, CVE-2020-0313, CVE-2020-0426
En He of OPPO ZIWU Cyber Security Lab CVE-2020-0331, CVE-2020-0405
Gerald Palfinger, A-SIT Secure Information Technology Center Austria / Institute for Applied Information Processing and Communications (IAIK), Graz University of Technology CVE-2021-0846
Evgenii Stepanov of Google CVE-2020-0268, CVE-2020-0330
Hamzeh Zawawy of Google CVE-2020-0291
Hao Liu and Jianqiang Zhao of IceSword Lab, Qihoo 360 CVE-2020-0282
Hongli Han (@hexb1n) and Guang Gong (@oldfresher) of 360 Alpha Lab working with 360 BugCloud (https://bugcloud.360.cn/) CVE-2020-0273, CVE-2020-0357, CVE-2020-0358
Ilja van Sprundel of IOActive CVE-2020-0328
Jeff Vander Stoep of Google CVE-2020-0293
Joshua Steiner CVE-2020-0366
Kostya Serebryany of Google using libFuzzer and AddressSanitizer CVE-2020-0279
Lorne Laliberte (mailto:lorne.laliberte@gmail.com, @creativekind) CVE-2020-0333
Matthew Daley CVE-2020-0265, CVE-2020-0277, CVE-2020-0288, CVE-2020-0289, CVE-2020-0290, CVE-2020-0298, CVE-2020-0299, CVE-2020-0360
Miao Hu and Yufei Liu of KeenLab (@keen_lab), Tencent CVE-2020-0276, CVE-2020-0284, CVE-2020-0285, CVE-2020-0314, CVE-2020-0316, CVE-2020-0375
Michal Bednarski (https://github.com/michalbednarski) CVE-2020-0344, CVE-2020-0345, CVE-2020-27097, CVE-2020-27098
Mingjian Zhou (周明建) (@Mingjian_Zhou) of C0RE Team CVE-2020-0329
Niky(kittymore83@gmail.com) of China Mobile CVE-2019-8842
Pedro Umbelino, Security Researcher at Checkmarx CVE-2020-0089
Qi Zhao (@JHyrathon) and Guang Gong (@oldfresher) of Alpha Lab, Qihoo 360 Technology Co. Ltd. CVE-2020-0272
Qilin Wang(王麒麟),Jiawei Qin(秦佳伟) of Gtensor Team, Cyber Security Center, State Key Laboratory of Network and Switching Technology, Beijing University of Posts and Telecommunications(北京邮电大学网络与交换技术国家重点实验室) and Tengfei Tu(涂腾飞) of Zhongshi Ruian Beijing Network Technology Co., Ltd (中时瑞安(北京)网络科技有限责任公司) CVE-2020-0363
Stephan Zeisberg of Security Research Labs CVE-2020-3898
tomz CVE-2020-0271
V.E.O. (@VYSEa) (一〇) of Ant Financial CVE-2020-0292
Will Coster of Google CVE-2020-0356
Xiaobo Xiang and Guang Gong of Alpha Lab, Qihoo 360 Technology Co. Ltd CVE-2020-0309, CVE-2020-0347, CVE-2020-0359
Yong Wang (王勇) (@ThomasKing2014) of Alibaba Security CVE-2020-0274
Yury Shabalin (@Mr_R1p), Evgeniy Blashko (@jd7drw) of Stingray LLC (https://stingray-mobile.ru/) CVE-2020-0267
Zinuo Han (weibo.com/ele7enxxh) of Alibaba Cloud Security Team CVE-2020-0125, CVE-2020-0303, CVE-2020-0324, CVE-2020-0336, CVE-2020-0346, CVE-2020-0364, CVE-2020-0370, CVE-2020-0373

December

Researchers CVEs
Abhay Kailasia, student of Lakshmi Narain College of Technology, Bhopal, MP, INDIA CVE-2020-0473,CVE-2020-0485
Alan Stokes of Google CVE-2020-27056
Aman Pandey CVE-2020-27054
Andr. Ess CVE-2020-0202
Andrii Kulian of Google CVE-2020-0440
Android Security Red Team CVE-2020-0465, CVE-2020-27031, CVE-2020-27033, CVE-2020-27043
Ben Hawkes CVE-2020-11179
Chong Wang (王冲) (weibo.com/csddl) of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. CVE-2020-11183, CVE-2020-27036, CVE-2020-27037, CVE-2020-27040
d414d4 CVE-2020-27066, CVE-2020-27067
Daniel Jarai of Bartec Pixavi CVE-2020-27052
David Su of Google CVE-2020-0459, CVE-2020-27053
Edward Cunningham of Google CVE-2020-0294,CVE-2020-0464, CVE-2020-0500, CVE-2020-27041
excalibursec59@gmail.com of topsec (蒋钟庆) CVE-2020-0470, CVE-2020-0478
jiayy CVE-2020-27021,CVE-2020-27027, CVE-2020-27028
gzobqq@gmail.com CVE-2020-0466
Haikuo Xie of Huawei Security and Ying Wang of Baidu Security Lab CVE-2020-11225
Hamzeh Zawawy of Google CVE-2020-0244
Hao Liu and Jianqiang Zhao of IceSword Lab, Qihoo 360 CVE-2020-0482,CVE-2020-0493, CVE-2020-0495, CVE-2020-0496, CVE-2020-11152
Hao Zhou, Xiapu Luo from the Hong Kong Polytechnique University, Haoyu Wang, Xiaoting Wang from the Beijing University of Posts and Telecommunications, Yajin Zhou from the Zhejiang University, and Yutian Tang from the Shanghai Tech University CVE-2020-27057
Hongli Han (@hexb1n) and Guang Gong (@oldfresher) of 360 Alpha Lab working with 360 BugCloud CVE-2020-0483, CVE-2020-0484, CVE-2020-11148, CVE-2020-27035
Hugo M. H. Hue of the Chinese University of Hong Kong (CUHK) CVE-2020-27055
Jun Yao (姚俊) (@_2freeman) and Guang Gong (@oldfresher) of 360 Alpha Lab working with 360 BugCloud CVE-2020-11146, CVE-2020-11149, CVE-2020-11150, CVE-2020-11151
Le Wu (吴乐) of Baidu Security CVE-2020-0455, CVE-2020-0456, CVE-2020-0457
Linus Tufvesson of Google CVE-2020-0475
Matthew Daley CVE-2020-0479, CVE-2020-0480, CVE-2020-0481, CVE-2020-0486, CVE-2020-0497, CVE-2020-27032
Maxim Pestryakov CVE-2020-0099
Michael Farrell of Google CVE-2020-27026
Nathan Harold of Google CVE-2020-0460, CVE-2020-0468
Paul Ngo CVE-2020-0467
Pengfei Ding (丁鹏飞) of Huawei and Chong Wang (王冲) (weibo.com/csddl) from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd. CVE-2020-27068
Phil Burk of Google CVE-2020-0458
Pierre-Hugues Husson CVE-2020-0016, CVE-2020-0019
Pratheesh P. Narayanan CVE-2020-27029
Rubin Xu of Google CVE-2020-0469
Stephen Crane of Immunant CVE-2020-27044
syzkaller, kernel fuzzer CVE-2020-0444
Tao Sauvage of IOActive CVE-2020-27045, CVE-2020-27046, CVE-2020-27047, CVE-2020-27048, CVE-2020-27049, CVE-2020-27050, CVE-2020-27051
Titan of MS509Team CVE-2020-27034, CVE-2020-27039
Wenwen Wang and Fei of L.O. Team CVE-2020-0463
Will Coster of Google CVE-2020-27023, CVE-2020-27025
Xianfeng Lu (卢先锋) and Wu Chen (陈武) of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. CVE-2020-27024
Xiaobo Xiang and Guang Gong of Alpha Lab, Qihoo 360 Technology Co. Ltd CVE-2020-0489
Xuan Xing of Google CVE-2020-0280
Yu-Cheng Lin (林禹成) (@AndroBugs) CVE-2020-0477, CVE-2020-27030
Zhaoming Yin of Google CVE-2020-0474

November

Researchers CVEs
Alwen Tiu of The Australian National University and Jim Mussared of George Robotics CVE-2020-12856
Aman Pandey CVE-2020-0448
Anonymous CVE-2020-0437, CVE-2020-11123
Dylan Katz of Leviathan Security CVE-2020-0409
Joel Reardon, University of Calgary and AppCensus, Inc. CVE-2020-0454
Ned Williamson and Hua Sun of Google CVE-2020-0424
Pratheesh P. Narayanan CVE-2020-0441, CVE-2020-0442
Qi Zhao and Guang Gong 360 Alpha Lab working with 360 BugCloud CVE-2020-11132
Sithi CVE-2020-0443
Stephen Crane CVE-2020-0438
Tao Sauvage of IOActive CVE-2020-0450
Wei Liu (刘炜) of Tencent Security Xuanwu Lab (腾讯安全玄武实验室) CVE-2020-0452
Wenke Dou and Guang Gong (@oldfresher) of Alpha Lab, Qihoo 360 Technology Co. Ltd. CVE-2020-11121, CVE-2020-11130
Wenrui Diao and Rui Li of Shandong University CVE-2020-0418
Winson Chiu of Google CVE-2020-0439
XUEN LI (@lxe524) and Le Wu (吴乐) of Baidu Security CVE-2020-0445, CVE-2020-0446
Yang Xiao (@VARAS_IIE) CVE-2020-11131

October

Researchers CVEs
Bernardo Rufino of Google CVE-2020-0416
Chong Wang (王冲) (csddl147@gmail.com) CVE-2020-0377, CVE-2020-0413
Dai of L.O. Team CVE-2020-0411
Dylan Katz of Leviathan Security CVE-2020-0408, CVE-2020-0421
Edward Cunningham of Google CVE-2020-0412, CVE-2020-0419
Francesco Durighetto of Bandyer CVE-2020-0414
Hao Liu and Jianqiang Zhao of IceSword Lab, Qihoo 360 CVE-2020-0213
hard_______ CVE-2020-0422
Hongli Han (@hexb1n) and Mingjian Zhou (周明建) (@Mingjian_Zhou) of C0RE Team CVE-2019-2194
Jun Yao (姚俊) (@_2freeman) and Guang Gong (@oldfresher) of 360 Alpha Lab working with 360 BugCloud CVE-2020-11173, CVE-2020-11174
Matheus E. Garbelini, Sudipta Chattopadhyay, and Chundong Wang of Singapore University Technology and Design CVE-2020-3703, CVE-2020-3704
Matthew Daley CVE-2020-0246, CVE-2020-0378
Sergei Volokitin of Riscure CVE-2020-0283, CVE-2020-0339, CVE-2020-0367, CVE-2020-0371, CVE-2020-0376
Will Coster of Google CVE-2020-0410, CVE-2020-0415
Xiaodong Wang, Hongli Han, Peng Zhou and Guang Gong of 360 Alpha Lab working with 360 BugCloud CVE-2020-0423
Yiwei Zhang of Google CVE-2020-0420
Yu-Cheng Lin (林禹成) (@AndroBugs) CVE-2020-0215

September

Researchers CVEs
derrek CVE-2019-10498
Abhijeet Kaur of Google CVE-2020-0382
Alain Iamburg of IO Active CVE-2020-0432
Anonymous CVE-2020-0393
Arash Tohidi (h4ul4) CVE-2019-14074
d414d4 (d414d4@gmail.com) CVE-2020-0430, CVE-2020-0433
Edward Cunningham of Google CVE-2020-0074, CVE-2020-0387
Elena Petrova of Google CVE-2020-0427
Eric Biggers of Google CVE-2020-0407
Evgenii Stepanov of Google CVE-2019-10518
Hamzeh Zawawy of Google CVE-2020-0380
Hao Liu and Jianqiang Zhao of IceSword Lab, Qihoo 360 CVE-2020-0435
hard_______ CVE-2020-0388
Hayawardh Vijayakumar (vijayakuma@samsung.com) and Lee Harrison (lee.harrison@samsung.com) CVE-2020-3679
Hongli Han (@hexb1n) and Guang Gong (@oldfresher) of 360 Alpha Lab working with 360 BugCloud CVE-2020-0392
Ian Thompson of Green Hills Software CVE-2020-0278
@ickyphuz CVE-2019-2290
Jann Horn of Google Project Zero CVE-2020-0390
Manish Patel of Green Hills Software CVE-2020-0342
Matthew Daley CVE-2020-0401
Max Spector, Hamzeh Zawawy, Kris Alder, Christopher Cole, Jessica Lin, Dmitry Vyukov, Michael Specter, and Abhishek Arya of Google CVE-2020-0429
Mitch Phillips of Google CVE-2020-0434,
CVE-2020-3671
Pengfei Ding (丁鹏飞) of Huawei Mobile Security Lab CVE-2019-2284, CVE-2019-10564
RA Position at Cactilab (https://cactilab.github.io/) of University at Buffalo CVE-2020-0394
Ryan Johnson and Mohamed Elsabagh of Kryptowire CVE-2020-0391
Shuo Qian of Google CVE-2020-0396
Sourcell Xu of HatLab, DBAPP Security(安恒信息 海特实验室 的 徐井源) CVE-2020-0379
Tancy at Cactilab (https://cactilab.github.io/) of University at Buffalo CVE-2020-0386
@TimGMichaud of Leviathan Security Group CVE-2019-10521
Trend Micro CVE-2019-10519
Xiaobo Xiang; Guang Gong of Alpha Lab, Qihoo 360 Technology Co. Ltd CVE-2020-0381, CVE-2020-0383, CVE-2020-0384, CVE-2020-0385
Yanfeng Wang of C0RE Team, Qihoo 360 Technology Co. Ltd. CVE-2020-3674

August

Researchers CVEs
aedla CVE-2020-11115, CVE-2020-11116, CVE-2020-11118
Dmitry Vyukov of Google CVE-2020-0255
Dor Avraham from Nexar CVE-2020-0108
Dzmitry Lukyanenka (https://www.linkedin.com/in/dzima) CVE-2020-0238
Hongli Han (@hexb1n) and Guang Gong (@oldfresher) of 360 Alpha Lab working with 360 BugCloud CVE-2020-0241, CVE-2020-0242, CVE-2020-0243
Jann Horn of Google Project Zero CVE-2020-0257, CVE-2020-0258
Jianqiang Zhao (@jianqiangzhao) and pjf (weibo.com/jfpan) of IceSword Lab, Qihoo 360 CVE-2020-3646, CVE-2020-3647
Matthew Daley CVE-2020-0239
Max Thomas CVE-2020-11128
Maxim Pestryakov CVE-2020-0099
Miao Hu and Yufei Liu of KeenLab (@keen_lab), Tencent (腾讯安全科恩实验室 的胡淼和刘宇飞) CVE-2020-0250
Pierre-Hugues Husson (@phhusson) of Softathome CVE-2020-0259
Ray Sukhoi CVE-2020-0240
Steven Moreland of Google CVE-2020-0261
Vasily Vasiliev CVE-2020-0256
Wu Le (吴乐) of Baidu Security CVE-2020-0251, CVE-2020-0252, CVE-2020-0253, CVE-2020-0254, CVE-2020-0260

July

Researchers CVEs
aedla CVE-2020-3698
Alan Stokes of Google CVE-2020-0122
Arash Tohidi (@h4ul4) CVE-2019-14101
chengjia4574@gmail.com CVE-2020-0225
Chi Zhang and Mingjian Zhou (周明建) (@Mingjian_Zhou) of C0RE Team CVE-2019-14037
Chong Wang (王冲) (weibo.com/csddl) from Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. CVE-2019-14093
Hongli Han (@hexb1n) and Guang Gong (@oldfresher) of 360 Alpha Lab working with 360 BugCloud CVE-2020-0226
Ian Thompson of Green Hills Software CVE-2020-0231
Jianqiang Zhao (@jianqiangzhao) and pjf (weibo.com/jfpan) of IceSword Lab, Qihoo 360 Technology Co. Ltd. CVE-2019-14100
Matthew Daley CVE-2020-0107
Ray Sukhoi CVE-2020-0224
Ricky Wai of Google CVE-2020-0227

June

Researchers CVEs
Andr. Ess CVE-2020-0133
Andrea Possemato (@_pox_) of IDEMIA CVE-2020-0124, CVE-2020-0132, CVE-2020-0153, CVE-2020-0156, CVE-2020-0164, CVE-2020-0165, CVE-2020-0180, CVE-2020-0182, CVE-2020-0200, CVE-2020-0205, CVE-2020-0211,
Chi Zhang (email) and Mingjian Zhou (周明建) (@Mingjian_Zhou) of C0RE Team CVE-2020-0129
Chong Wang (王冲) (weibo.com/csddl) and Zhe jin (金哲) from cdsrc of Qihoo 360 Technology Co. Ltd. CVE-2020-0176, CVE-2020-0185
Cusas of L.O. Team CVE-2020-0088, CVE-2020-0128, CVE-2020-0131, CVE-2020-0160, CVE-2020-0161, CVE-2020-0162, CVE-2020-0163, CVE-2020-0170, CVE-2020-0171, CVE-2020-0172, CVE-2020-0173, CVE-2020-0174, CVE-2020-0175, CVE-2020-0177, CVE-2020-0219
Cyrille Chatras of Orange Labs CVE-2020-0199
Dacheng Shao (email) and Mingjian Zhou (周明建) (@Mingjian_Zhou) of C0RE Team CVE-2019-10501
Daulet Zhanguzin of Google CVE-2020-0187
Dave Burke of Google CVE-2020-0203
Emilian Peev of Google CVE-2020-0120
En He (何恩) (@heeeeen4x) of OPPO ZIWU Cyber Security Lab CVE-2020-0114
En He (@heeeeen4x) and Wenbo Chen of OPPO ZIWU Cyber Security Lab CVE-2020-0188
Evgenii Stepanov and Nick Desaulniers of Google CVE-2020-0141
Gaokun Li (李高坤) (koozxcv) of Vulpecker Team, Qihoo 360 Technology Co. Ltd. CVE-2020-0155
jiayy CVE-2020-0144, CVE-2020-0145, CVE-2020-0146, CVE-2020-0147, CVE-2020-0148, CVE-2020-0149, CVE-2020-0157, CVE-2020-0214, CVE-2020-0223, CVE-2020-0235
Hanxiang Wen (email) and Mingjian Zhou (周明建) (@Mingjian_Zhou) of C0RE Team CVE-2019-9460
Hao Liu and Jianqiang Zhao of IceSword Lab, Qihoo 360 Technology Co. Ltd. CVE-2020-0138, CVE-2020-0213
Hongli Han (@hexb1n) and Guang Gong (@oldfresher) of 360 Alpha Lab working with 360 BugCloud CVE-2020-0233
Jianqiang Zhao(@jianqiangzhao) and pjf (weibo.com/jfpan) of IceSword Lab, Qihoo 360 Technology Co. Ltd. CVE-2017-9704
Jun Yao (姚俊) (@_2freeman) and Guang Gong (@oldfresher) of 360 Alpha Lab working with 360 BugCloud CVE-2020-0232
Kris Alder of Google CVE-2020-0181, CVE-2020-0198
Li Changjun (李长军) and Shen Ying(沈颖) from Huawei CVE-2020-0206
Man Yue Mo of GitHub Security Lab CVE-2020-0139, CVE-2020-0140, CVE-2020-0142, CVE-2020-0143
Matt Pape of Google CVE-2020-0178
Matthew Daley CVE-2020-0135
Mike dDavis CVE-2020-0204
Min Jang (@skensita) CVE-2020-0117, CVE-2020-0137
Mitch Phillips of Google CVE-2020-0191, CVE-2020-0196
Mitch Phillips using GWP-ASan CVE-2020-0113
Nate Jiang of Google CVE-2020-0119
Niky1235 (@jiych_guru) CVE-2020-0127, CVE-2020-0169
Qi Zhao (@JHyrathon) and Guang Gong (@oldfresher) of Alpha Lab, Qihoo 360 Technology Co. Ltd. CVE-2020-0216
Shuzhen Wang of Google CVE-2020-0095
Sigmund Albert Gorski III and William Enck of North Carolina State University, and Haining Chen of Google CVE-2020-0208, CVE-2020-0209, CVE-2020-0210
Steven Moreland of Google CVE-2020-0118
Tim Pisaki of Google CVE-2020-0115
V.E.O (@VYSEa) (一〇) of Ant Financial CVE-2020-0184
Wei Wang of Google CVE-2020-0121
Wenke Dou (email) and Guang Gong (@oldfresher) of Alpha Lab, Qihoo 360 Technology Co. Ltd. CVE-2020-0186
Xuan Xing of Google CVE-2020-0150, CVE-2020-0154, CVE-2020-0158, CVE-2020-0159, CVE-2020-0217
Yu Shan of Google CVE-2020-0151
Yu-Cheng Lin (林禹成) (@AndroBugs) CVE-2020-0215
Yuwei Zheng (郑玉伟) (@YuweiZheng101) of Bytedance Security Center CVE-2020-0201
Zinuo Han of Alibaba Cloud Security Team CVE-2020-0126, CVE-2020-0134, CVE-2020-0152, CVE-2020-0167, CVE-2020-0197, CVE-2020-0218

May

Researchers CVEs
Andr. Ess CVE-2020-0024
Arash Tohidi of Solita CVE-2019-14042, CVE-2019-14043
Chong Wang (王冲) (weibo.com/csddl) from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd. CVE-2020-0101
Eugenia Lemberg of Google CVE-2020-0103
jiayy CVE-2019-14038, CVE-2019-14039, CVE-2020-0220
Ilja van Sprundel of IOActive CVE-2020-0100
John Høegh-Omdal of Promon (https://promon.co) CVE-2020-0096
Jun Yao (姚俊) (⁠@freeman) and Guang Gong (@oldfresher] of Alpha Lab, Qihoo 360 Technology Co. Ltd. CVE-2020-3680
Kris Alder of Google CVE-2020-0093
Matthew Daley CVE-2020-0105, CVE-2020-0109
Michal Bednarski CVE-2020-0098
Monk Avel CVE-2020-3610
Svetoslav Ganov of Google CVE-2020-0097
Thierry Boulord CVE-2020-0092
Xiaobo Xiang; Guang Gong of Alpha Lab, Qihoo 360 Technology Co. Ltd CVE-2020-0094
Yu-Cheng Lin (林禹成) (@AndroBugs) CVE-2020-0110

April

Researchers CVEs
aedla CVE-2019-14131
Arash Tohidi CVE-2019-14009, CVE-2020-0075, CVE-2020-0076, CVE-2020-0077
Bernardo Rufino and Edward Cunningham of Google CVE-2020-0080
Chong Wang (王冲) (weibo.com/csddl) from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd. CVE-2019-10625, CVE-2020-0078, CVE-2020-0079
D.2.Y.P (d2yp_) CVE-2019-10624
Dacheng Shao (email) and Mingjian Zhou (周明建) (@Mingjian_Zhou) of C0RE Team CVE-2020-0067
Eric Biggers and Paul Crowley of Google CVE-2019-2056
jiayy CVE-2020-0068
Jianqiang Zhao (jianqiangzhao) CVE-2019-10620
Jianqiang Zhao (@jianqiangzhao) and pjf (weibo.com/jfpan) of IceSword Lab, Qihoo 360 Technology Co. Ltd. CVE-2019-10556
Man Yue Mo of GitHub Security Lab CVE-2020-0070, CVE-2020-0071, CVE-2020-0072, CVE-2020-0073
Michal Bednarski CVE-2020-0082
Peter Park (peterpark) CVE-2019-14021, CVE-2019-14018
Slava Makkaveev (email) CVE-2019-10574
Tamir Zahavi-Brunner (@tamir_zb) of Zimperium zLabs Team CVE-2019-14040, CVE-2019-14041
Zhihao Yao, Seyed Mohammadjavad Seyed Talebi, and Ardalan Amiri Sani of University of California, Irvine CVE-2019-10547
Zili Liang of Alibaba UC Team CVE-2020-0081

March

Researchers CVEs
(avel) CVE-2019-14072
Min Jang (@skensita) CVE-2020-0047
Andrea Possemato (@_pox_) of IDEMIA / EURECOM and Yanick Fratantonio (@reyammer) of EURECOM CVE-2020-0087
Arash Tohidi CVE-2020-0010, CVE-2020-0011, CVE-2020-0012, CVE-2020-0042, CVE-2020-0043, CVE-2020-0044
Baozeng Ding (@sploving1) CVE-2020-0066
Calum Hutton (Perspective Risk) CVE-2020-0060
Carlo Di Dato of Advantio Ltd. CVE-2020-0035
Chad Brubaker of Android Platform Security CVE-2020-0052
Chong Wang (王冲) (weibo.com/csddl) of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. CVE-2020-0033, CVE-2020-0048, CVE-2019-10544, CVE-2019-10623
dex (Marcel Busch) of FAU Security Team, FAU Erlangen-Nuremberg CVE-2019-10561
Edward Cunningham of Google CVE-2020-0054, CVE-2020-0061
Eloi Sanfelix and Jordan Gruskovnjak of Blue Frost Security CVE-2020-0041
Etienne Helluy of Lafont Universit´e de Lille CVE-2019-14095
Feng Cao of Google CVE-2020-0031
jiayy CVE-2019-10584, CVE-2020-0055, CVE-2020-0056, CVE-2020-0057, CVE-2020-0058, CVE-2020-0059
Hao Liu and Jianqiang Zhao of IceSword Lab, Qihoo 360 Technology Co. Ltd. CVE-2020-0045
Jann Horn of Google Project Zero CVE-2019-13272
Joshua Steiner CVE-2020-0051
Justin Gerhardt CVE-2020-0062
Michael Specter CVE-2019-2264
Niky1235 (@jiych_guru) CVE-2020-0049
Oscar Shu of Google CVE-2020-0029
Paul Hu of Google CVE-2020-0036
Peter Park (peterpark) CVE-2019-14026, CVE-2019-14027, CVE-2019-14028
Qi Zhao (@JHyrathon) and Guang Gong (@oldfresher) of Alpha Lab, Qihoo 360 Technology Co. Ltd. CVE-2020-0050
Raul Siles, DinoSec CVE-2020-0083
Richard Neal of Google CVE-2020-0069
Ricky Wai of Google CVE-2020-0084
Sulthan Alaudeen (@parallel_beings) CVE-2019-14079
Tommy Chiu of Google CVE-2020-0063
Will Coster of Google CVE-2020-0053
Xuan Xing of Google CVE-2020-0037, CVE-2020-0038, CVE-2020-0039
Zinuo Han(weibo.com/ele7enxxh) of Alibaba Cloud Security Team CVE-2019-10592, CVE-2020-0046

February

Researchers CVEs
Alex Epifano (email) CVE-2020-0018
Colin Cross of Google CVE-2020-0027
jiayy CVE-2020-0005
Gopi Palaniappan of Google CVE-2020-0021
Guang Gong (@oldfresher) of Alpha Lab, Qihoo 360 Technology Co. Ltd. CVE-2019-10567
Güliz Seray Tuncay of Google, from the University of Illinois at Urbana-Champaign, (http://tuncay2.web.engr.illinois.edu) (Güliz Tuncay) (email) CVE-2019-2200
Jan Ruge of Secure Mobile Networking Lab CVE-2020-0022
Lance Jiang and Moony Li of TrendMicro Mobile Security Research Team working with Trend Micro´s Zero Day Initiative CVE-2019-14088
Maddie Stone of Google Project Zero CVE-2020-0030
Matthew Daley CVE-2020-0023
Ricky Wai of Google CVE-2020-0014
Yohei Yukawa of Google CVE-2020-0017

January

Researchers CVEs
Evgenii Stepanov of Google CVE-2019-10582, CVE-2019-10583, CVE-2020-0008
Jann Horn of Google Project Zero CVE-2019-17666, CVE-2020-0009
Michal Bednarski CVE-2020-0001
Mitch Phillips of Google CVE-2020-0002
Pengfei Ding (丁鹏飞) of Huawei Mobile Security Lab CVE-2019-10486, CVE-2019-10494, CVE-2019-10503
Rong Fan (@fanrong1992) and Simon Huang (@HuangShaomang) of IceSword Lab, Qihoo 360 Technology Co. Ltd. CVE-2020-0004
Steven Moreland of Google CVE-2020-0007
Xuan Xing of Google CVE-2020-0006

2019

Android 10 security notes

Researchers CVEs
Aditya Narkar, Joydeep Mitra, and Venkatesh-Prasad Ranganath as part of Ghera project at Kansas State University, USA CVE-2019-9463
Adrian Roos of Google CVE-2019-9280
Aman Pandey, Student of Maulana Azad National Institute of Technology Bhopal, M.P, India CVE-2019-9407
Andrea Possemato (@_pox_) of IDEMIA / EURECOM and Yanick Fratantonio ( @reyammer) of EURECOM CVE-2019-9292
Andrei Popescu of Google CVE-2019-9475
Baozeng Ding (@sploving) CVE-2019-10528
Baozheng Liu (@iromise) of Tsinghua University, research intern at Alpha Lab and Guang Gong (@oldfresher) of Alpha Lab, Qihoo 360 Technology Co. Ltd. CVE-2019-2088
Chi Zhang and Mingjian Zhou (周明建) (@Mingjian_Zhou) of C0RE Team CVE-2019-9237, CVE-2019-9241, CVE-2019-9363
Chirayu Desai of The Calyx Institute CVE-2019-9436
Chong Wang (王冲) (weibo.com/csddl) from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd. CVE-2019-2060, CVE-2019-2146, CVE-2019-2156, CVE-2019-2162, CVE-2019-9234, CVE-2019-9243, CVE-2019-9249, CVE-2019-9250, CVE-2019-9289, CVE-2019-9312, CVE-2019-9329, CVE-2019-9409
Chong Wang (王冲) (weibo.com/csddl) and Zhe Jin (金哲) from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd. CVE-2019-2140, CVE-2019-2141, CVE-2019-2147, CVE-2019-2159, CVE-2019-2163, CVE-2019-2166, CVE-2019-9251, CVE-2019-9287, CVE-2019-9293, CVE-2019-9318, CVE-2019-9332, CVE-2019-9334, CVE-2019-9355, CVE-2019-9356, CVE-2019-9359, CVE-2019-9366, CVE-2019-9368, CVE-2019-9462, CVE-2019-9383, CVE-2019-9406, CVE-2019-9415, CVE-2019-9416, CVE-2019-9427, CVE-2019-9432, CVE-2019-9434, CVE-2020-0236
Christopher Dombroski of Deja vu Security CVE-2019-9268
Christopher Tate of Google CVE-2019-9373
C0RE Team CVE-2018-11893, CVE-2019-2341
crixer CVE-2019-9444
Cusas @ L.O. Team CVE-2019-9346, CVE-2019-9348, CVE-2019-9349, CVE-2019-9352, CVE-2019-9379, CVE-2020-0088
D2.Y.P CVE-2019-2061, CVE-2019-2080, CVE-2019-2087, CVE-2019-2138, CVE-2019-2144, CVE-2019-2145, CVE-2019-2153, CVE-2019-2154, CVE-2019-2155, CVE-2019-2157, CVE-2019-2160, CVE-2019-2161, CVE-2019-2165, CVE-2019-2171, CVE-2019-2172, CVE-2019-9233, CVE-2019-9314, CVE-2019-9335, CVE-2019-9403, CVE-2019-9408
Dacheng Shao and Mingjian Zhou (周明建) (@Mingjian_Zhou) of C0RE Team CVE-2018-11929, CVE-2019-9445
Daxing Guo of Tencent Security Xuanwu Lab CVE-2019-10497
derrek (@derrekr6) CVE-2018-3573, CVE-2018-5861, CVE-2018-11985
Di Shen (@returnsme) of KeenLab (@keen_lab), Tencent CVE-2019-2298
Dokyung Song, Dipanjan Das, and Felicitas Hetzelt CVE-2018-11947
Dzmitry Lukyanenka CVE-2019-9440
Efthimios Alepis and Constantinos Patsakis, Department of Informatics, University of Piraeus, Greece CVE-2019-9323
Elphet and Guang Gong of Alpha Team, Qihoo 360 Technology Co. Ltd. CVE-2019-2063, CVE-2019-2064, CVE-2019-2065, CVE-2019-2066, CVE-2019-2067, CVE-2019-2068, CVE-2019-2069, CVE-2019-2070, CVE-2019-2071, CVE-2019-2072, CVE-2019-2073, CVE-2019-2074, CVE-2019-2075, CVE-2019-2076, CVE-2019-2077, CVE-2019-2078, CVE-2019-2079, CVE-2019-2086, CVE-2019-9288
En He (@heeeeen4x) of OPPO ZIWU Cyber Security Lab CVE-2019-9311
Evgenii Stepanov of Google CVE-2019-9350
Felix Kirchengast and Raphael Spreitzer of Graz University of Technology CVE-2019-9277
jiayy CVE-2018-11825, CVE-2018-13890, CVE-2019-2299, CVE-2019-2302, CVE-2019-2312, CVE-2019-2314, CVE-2019-2314, CVE-2019-9248, CVE-2019-9386, CVE-2019-9448, CVE-2019-9449, CVE-2019-9450, CVE-2019-9451, CVE-2019-9452, CVE-2019-10506
Gengjia Chen ( @chengjia4574 ) and pjf (weibo.com/jfpan) of IceSword Lab, Qihoo 360 Technology Co. Ltd. CVE-2017-14888, CVE-2018-11302, CVE-2019-10542
Greg Hartman of Google CVE-2019-9429
Gulshan Singh CVE-2019-2281
Hamzeh Zawawy of Google CVE-2019-9454
Hanxiang Wen and Mingjian Zhou (周明建) (@Mingjian_Zhou) of C0RE Team CVE-2019-9245
Hao Chen (@flankersky) and Guang Gong (@oldfresher) of Alpha Team, Qihoo 360 Technology Co. Ltd. CVE-2018-3574, CVE-2018-11939, CVE-2019-2263, CVE-2019-2277, CVE-2019-2345
Hao Liu and Jianqiang Zhao of IceSword Lab, Qihoo 360 CVE-2019-9375
heidada CVE-2019-2248
Hongli Han (@hexb1n) and Mingjian Zhou (周明建) (@Mingjian_Zhou) of C0RE Team CVE-2019-9347
Huinian Yang (杨卉年) (@vmth6) and Chong Wang (王冲) (weibo.com/csddl) of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. CVE-2019-2058
Ivan Lozano of Google CVE-2019-9420
Janis Danisevskis of Google CVE-2019-9253
Jeff Davidson of Google CVE-2019-9263, CVE-2018-9425
Jianjun Dai (@jioun_dai) and Guang Gong (@oldfresher) of 360 Alpha Team CVE-2019-9402, CVE-2019-9401, CVE-2019-9398, CVE-2019-9396, CVE-2019-9397, CVE-2019-9473
Jianqiang Zhao (@jianqiangzhao) and pjf (weibo.com/jfpan) of IceSword Lab, Qihoo 360 CVE-2018-11823, CVE-2018-11832, CVE-2018-11987, CVE-2018-11988, CVE-2019-2333, CVE-2019-9271, CVE-2019-9443, CVE-2019-9446, CVE-2019-9447, CVE-2019-9456, CVE-2019-10507
Julien Thomas (@Julien_Thomas) CVE-2019-9269
Kah Hin Lai of University of Minnesota CVE-2019-9380
kimyok of Tongdun Technology CVE-2019-9281
Kostya Serebryany of Google, using libFuzzer+AddressSanitizer CVE-2019-2108
Martijn Bogaard CVE-2019-2343
Martin Brabham of Google CVE-2019-9265
Masashi Honma, Hiroyuki Harada (@pirosap), and Hideaki Goto CVE-2019-9279
Mike Davis CVE-2019-9270
Mingjian Zhou (周明建) (@Mingjian_Zhou) of C0RE Team CVE-2019-2306
Mitch Phillips of Google CVE-2019-9370
Moony Li and Todd Han of TrendMicro Research working with Trend Micro´s Zero Day Initiative CVE-2019-9353
Nightwatch Cybersecurity Research CVE-2018-9489, CVE-2019-9581
Niky1235 (@jiych_guru) CVE-2019-9290, CVE-2019-9294, CVE-2019-9459
Paul Bandha CVE-2019-9453
Pedro Umbelino, Security Researcher at Checkmarx CVE-2019-9295
Pengfei Ding (丁鹏飞) of Huawei CVE-2019-2284, CVE-2019-9327, CVE-2019-9328, CVE-2019-9331, CVE-2019-9343, CVE-2019-9367, CVE-2019-9442, CVE-2019-9455, CVE-2019-9458, CVE-2019-10502
Pengfei Ding (丁鹏飞), Chenfu Bao (包沉浮), and Lenx Wei (韦韬) of Baidu X-Lab (百度安全实验室) CVE-2018-11818
Peter Pi of Tencent Blade Team CVE-2018-12006, CVE-2018-12011, CVE-2019-9275
Qi Zhao (@JHyrathon) and Guang Gong (@oldfresher) of Alpha Team, Qihoo 360 Technology Co. Ltd. CVE-2019-9358
Ray Essick of Google CVE-2019-9385
Raymond Wang CVE-2019-9381
Roman Kümmel aka .cCuMiNn. (www.soom.cz) CVE-2019-2089
Rong Fan (fanrong1992) and Simon Huang (@HuangShaomang) of IceSword Lab, Qihoo 360 CVE-2019-2139
Ryan Haining of Google CVE-2019-9266
Scott Bauer CVE-2019-9296
Sigmund Albert Gorski III, Benjamin Andow, and William Enck of North Carolina State University; Sunil Manandhar and Adwait Nadkarni of William & Mary CVE-2019-9351, CVE-2019-9377, CVE-2019-9438
Stephan Zeisberg of Security Research Labs CVE-2019-9418
Steven Moreland of Google CVE-2020-0086
William J. Tolley and Jedidiah R. Crandall, Breakpointing Bad CVE-2019-9461
Xiangyu Fan of Huawei Terminal Security Test Team CVE-2019-9426
Xuan Xing of Google CVE-2017-15844, CVE-2018-11943, CVE-2019-9238, CVE-2019-9239, CVE-2019-9240, CVE-2019-9244
Yang Dai CVE-2019-9273, CVE-2018-13912
Yang Dai and Xiao Huang CVE-2019-9276
YanFeng Wang and Mingjian Zhou (周明建) (@Mingjian_Zhou) of C0RE Team CVE-2019-2182
Yonggang Guo (@guoygang) of IceSword Lab, Qihoo 360 Technology Co. Ltd. CVE-2019-9441
Yongke Wang (王永科) (@Rudykewang) and Xiangqian Zhang (张向前) (@h3rb0x) of Tencent Security Xuanwu Lab CVE-2019-9284, CVE-2019-9285, CVE-2019-9286, CVE-2019-9291, CVE-2019-9309, CVE-2019-9326, CVE-2019-9330, CVE-2019-9341, CVE-2019-9342, CVE-2019-9354, CVE-2019-9413, CVE-2019-9417, CVE-2019-9419, CVE-2019-9422
Yue Zhang and Qinglin Liu CVE-2019-9274
Zhixin Li of NSFocus CVE-2019-2158
Zhou Lingling of Xuebao Team, Tencent Mobile Security Lab CVE-2018-11919, CVE-2018-11983, CVE-2018-11984, CVE-2018-13893
Zinuo Han (weibo.com/ele7enxxh) CVE-2018-11899, CVE-2019-2055, CVE-2019-2059, CVE-2019-2062, CVE-2019-2081, CVE-2019-2082, CVE-2019-2083, CVE-2019-2084, CVE-2019-2085, CVE-2019-2142, CVE-2019-2143, CVE-2019-2148, CVE-2019-2149, CVE-2019-2150, CVE-2019-2151, CVE-2019-2152, CVE-2019-2164, CVE-2019-2167, CVE-2019-2168, CVE-2019-2169, CVE-2019-2170, CVE-2019-9242, CVE-2019-9246, CVE-2019-9247, CVE-2019-9313, CVE-2019-9315, CVE-2019-9316, CVE-2019-9317, CVE-2019-9319, CVE-2019-9320, CVE-2019-9321, CVE-2019-9322, CVE-2019-9333, CVE-2019-9336, CVE-2019-9337, CVE-2019-9338, CVE-2019-9344, CVE-2019-9361, CVE-2019-9362, CVE-2019-9365, CVE-2019-9369, CVE-2019-9400, CVE-2019-9404, CVE-2019-9410, CVE-2019-9411, CVE-2019-9412, CVE-2019-9421, CVE-2019-9430, CVE-2019-9431, CVE-2019-9435, CVE-2019-9474

December

Researchers CVEs
Alexander Bakker CVE-2019-9465
Ashley Yeh of Google CVE-2019-2220
Evgenii Stepanov of Google CVE-2019-2226, CVE-2019-2227, CVE-2019-9468
Fenghao Xu and Kehuan Zhang of The Chinese University of Hong Kong CVE-2019-2225
Güliz Seray Tuncay from University of Illinois at Urbana-Champaign and Google CVE-2019-2221
Hao Liu and Jianqiang Zhao of IceSword Lab, Qihoo 360 CVE-2019-2217
Jianqiang Zhao (@jianqiangzhao) and pjf (weibo.com/jfpan) of IceSword Lab, Qihoo 360 CVE-2019-2304, CVE-2019-9470, CVE-2019-9471
Pratheesh P Narayanan (@Pratheesh_PPN) CVE-2019-2232
Lee Harrison and Hayawardh Vijayakumar, Samsung Knox Security CVE-2019-10513
Pengfei Ding (丁鹏飞) of Huawei CVE-2019-10557
Ricky Wai of Google CVE-2019-2218
Rubin Xu and Janis Danisevskis of Google CVE-2019-2231
Stephan Zeisberg of Security Research Labs CVE-2019-2228
Wei Wang of Google CVE-2019-9464
Peter Park (peterpark) CVE-2019-10536, CVE-2019-10537
Yu-Cheng Lin (林禹成) (@AndroBugs) CVE-2019-2229

November

Researchers CVEs
Austin Emmitt of NowSecure CVE-2019-2205
Bo Zhang of Tencent Blade Team CVE-2018-11266
Brandon Weeks of Google CVE-2019-2199
Chong Wang (王冲)(weibo.com/csddl) of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. CVE-2019-2209
Daniel Kachakil of IOActive CVE-2019-2196, CVE-2019-2198, CVE-2019-2211
derrek CVE-2019-2321
jiayy CVE-2019-2206
gzobqq@gmail.com CVE-2019-2213, CVE-2019-2214
Michal Bednarski CVE-2019-2192, CVE-2019-2195
Seyed Mohammadjavad Seyed Talebi (mjavad) CVE-2019-10520
Nagarjuna Kristam of Nvidia CVE-2019-2036
Nick Finco of Google CVE-2019-2210
Pengfei Ding (丁鹏飞) of Huawei CVE-2019-2310
Qi Zhao (赵奇) (@JHyrathon) and Guang Gong (@oldfresher) of Alpha Team, Qihoo 360 Technology Co. Ltd. CVE-2019-2207
Rong Fan (@fanrong1992) and Simon Huang (@HuangShaomang) of IceSword Lab, Qihoo 360 Technology Co. Ltd. CVE-2019-2201
Royce D. Williams (@TychoTithonus) CVE-2019-2233
Tom Craig of Loon CVE-2019-2197
Wei Liu (刘炜) and Yongke Wang (王永科) (@Rudykewang) of Tencent Security Xuanwu Lab (腾讯安全玄武实验室) CVE-2019-2204, CVE-2019-2208
Xuan Xing of Google CVE-2019-9467
Zinuo Han of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. CVE-2019-2202, CVE-2019-2203

October

Researchers CVEs
Dokyung Song (dokyungs@uci.edu) CVE-2018-11902
jiayy CVE-2019-2297, CVE-2019-10563, CVE-2019-10566
Hao Chen and Guang Gong of Alpha Team, Qihoo 360 Technology Co. Ltd CVE-2018-11934
Hui Peng (benquike@gmail.com) and Mathias Payer (mathias.payer@nebelwelt.net) CVE-2018-19824
Huinian Yang (杨卉年) (@vmth6) and Chong Wang (王冲) (weibo.com/csddl) of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. CVE-2019-2184
Joe0x20 (digforfree) CVE-2019-2247
Nightwatch Cybersecurity Research CVE-2019-2114
Maddie Stone of Google Project Zero CVE-2019-2215
Qi Zhao (@JHyrathon) and Guang Gong (@oldfresher) of Alpha Team, Qihoo 360 Technology Co. Ltd. CVE-2019-2187
Satheesh Dabbiru, Om Krishna(omkrishna10@gmail.com), Tito Rodi, Shane Oatman, Krishna Eedula, Dome Pongmongkol, and Brian Melton-Grace of Microsoft Corp. CVE-2019-2183
Sekshavali Dudekula of Google CVE-2019-2110
syssec@kaist CVE-2019-2289
Wen Guanxing of Pangu LAB CVE-2019-2318
Zinuo Han (weibo.com/ele7enxxh) of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. CVE-2019-2185, CVE-2019-2186

September

Researchers CVEs
Chi Fung Wong (@warenix) CVE-2019-2103
Chong Wang (王冲) (weibo.com/csddl) of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. CVE-2019-10505
Cyrille Chatras of Orange Labs CVE-2019-2174
derrek (@derrekr6) CVE-2018-6240
Dzmitry Lukyanenka CVE-2019-2124
gzobqq@gmail.com CVE-2019-2181
heidada CVE-2019-2258
Janis Danisevskis of Google CVE-2019-2115
Jann Horn of Google Project Zero CVE-2019-2177, CVE-2019-10529
Kostya Serebryany of Google, using libFuzzer+AddressSanitizer CVE-2019-2108
Lee Campbell of Google CVE-2019-2175
Mathieu Cunche, Célestin Matte, and Mathy Vanhoef CVE-2019-10504
Michał Bednarski (michalbednarski) CVE-2019-2123, CVE-2019-9254
Mitch Phillips of Google CVE-2019-2176
Niky1235 (@jiych_guru) CVE-2019-2179
Peter Pi of Tencent CVE-2019-2324, CVE-2019-2325
Qi Zhao (@JHyrathon) and Guang Gong (@oldfresher) of Alpha Team, Qihoo 360 Technology Co. Ltd. CVE-2019-2178
Stephan Zeisberg (stze) of Security Research Labs CVE-2019-2180
Xuan Xing of Google CVE-2017-17768

August

Researchers CVEs
Chao Dai and Cusas of L.O. Team CVE-2019-2129
Cláudio André (@clviper) CVE-2019-2120
Cusas of L.O. Team CVE-2019-2126
Evgenii Stepanov of Google CVE-2019-2128
Fernando Miguel CVE-2019-2122
Joshua Steiner CVE-2019-2125, CVE-2019-2137
Kah Hin Lai, Danyang Wang, Sheng Xun Ong, and Hao Lee Yu of University of Minnesota CVE-2019-2131
Michal Bednarski (michalbednarski) CVE-2019-2121
Mitch Phillips of Google CVE-2019-2127
Qi Zhao (@JHyrathon) and Guang Gong (@oldfresher) of Alpha Team, Qihoo 360 Technology Co. Ltd. CVE-2019-2135
Steven Moreland of Google CVE-2019-2136
Wei Liu (刘炜), Yongke Wang (王永科) (@Rudykewang) of Tencent Security Xuanwu Lab (腾讯安全玄武实验室) CVE-2019-2130
Xiling Gong of Tencent Blade Team CVE-2019-2252, CVE-2019-2279,CVE-2019-10538, CVE-2019-10539, CVE-2019-10540
Xuan Xing of Google CVE-2019-2133, CVE-2019-2134

July

Researchers CVEs
Alex Abfalter of Google CVE-2019-2111
Chong Wang (王冲) (weibo.com/csddl) of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. CVE-2019-2105
Cusas of L.O. Team CVE-2019-2113
Evgenii Stepanov of Google CVE-2019-2112
Hao Chen (@flankersky) CVE-2019-2346
Janis Danisevskis of Google CVE-2019-2119
Kostya Serebryany of Google, using libFuzzer and AddressSanitizer CVE-2019-2106, CVE-2019-2107
Pengfei Ding (丁鹏飞) of Huawei CVE-2019-2305
Peter Pi of Tencent CVE-2019-2326
Qi Zhao (@JHyrathon) and Guang Gong (@oldfresher) of Alpha Team, Qihoo 360 Technology Co. Ltd. CVE-2019-2118
Steven Moreland of Google CVE-2019-2104
Tao Sauvage of IOActive CVE-2019-2117
Xuan Xing of Google CVE-2019-2116

June

Researchers CVEs
Andrey Konovalov of Google CVE-2019-2101
Cusas of L.O. Team CVE-2019-2094
Dacheng Shao (email) and Mingjian Zhou (周明建) ( @Mingjian_Zhou) of C0RE Team CVE-2019-2096
Matt Beaver and Erik Peterson of Microsoft Corp. CVE-2019-2102
Qi Zhao (@JHyrathon) and Guang Gong (@oldfresher) of Alpha Team, Qihoo 360 Technology Co. Ltd. CVE-2019-2099
Wei Liu (刘炜), Yongke Wang (王永科) (@Rudykewang) of Tencent Security Xuanwu Lab (腾讯安全玄武实验室) CVE-2019-2097
Wyatt Riley of Google CVE-2018-9526
Xiling Gong of Tencent Blade Team CVE-2019-2287

May

Researchers CVEs
Chong Wang (weibo.com/csddl) of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. CVE-2019-2053
Cusas of L.O. Team CVE-2019-2044
derrek (@derrekr6) CVE-2018-6243, CVE-2018-13898, CVE-2018-13908
Evgenii Stepanov of Google CVE-2019-2049
Jann Horn of Google Project Zero CVE-2019-2054
Ji Zhang (@opc0nt7) and Mingjian Zhou (周明建) (@Mingjian_Zhou) of C0RE Team CVE-2019-2050
Joshua Steiner CVE-2019-2043
Pengfei Ding (丁鹏飞) of Huawei CVE-2018-11955
Wei Liu (刘炜) and Yongke Wang (王永科) (@Rudykewang) of Tencent Security Xuanwu Lab (腾讯安全玄武实验室) CVE-2019-2045, CVE-2019-2046, CVE-2019-2047, CVE-2019-2051, CVE-2019-2052
Wen Guanxing of Pangu LAB CVE-2018-13910
Xiling Gong of Tencent Blade Team CVE-2018-5912, CVE-2019-2256

April

Researchers CVEs
Andreas Burtzlaff CVE-2019-2037
C0RE Team CVE-2018-11937
Cody Schuffelen of Google CVE-2019-2030
Dokyung Song, Dipanjan Das, and Felicitas Hetzelt CVE-2018-11902
jiayy CVE-2018-5855
Gengjia Chen ( @chengjia4574 ) and pjf (weibo.com/jfpan) of IceSword Lab, Qihoo 360 Technology Co. Ltd. CVE-2018-11905
Hao Chen ( @flankersky) CVE-2018-11953
Hao Chen ( @flankersky) and Guang Gong (@oldfresher) of Alpha Team, Qihoo 360 Technology Co. Ltd. CVE-2018-11904
Hao Liu and Jianqiang Zhao of IceSword Lab, Qihoo 360 CVE-2019-2032
Mathieu Cunche, Célestin Matte, INSA-Lyon, Inria, and Mathy Vanhoef, imec-DistriNet, KU Leuven CVE-2018-11291
NCC Group CVE-2018-11976
Pengfei Ding (丁鹏飞) of Huawei CVE-2018-11940
Qi Zhao ( @JHyrathon) and Guang Gong (@oldfresher) of Alpha Team, Qihoo 360 Technology Co. Ltd. CVE-2019-2027, CVE-2019-2034
Roman Mihálik, Bratislava CVE-2019-2041
Scott Bauer ( email) CVE-2017-17772
Suresh Sivaraman of Ittiam CVE-2019-2028
Wenke Dou (email), Chi Zhang (email), and Mingjian Zhou (周明建) (@Mingjian_Zhou) of C0RE Team CVE-2019-2029, CVE-2019-2033
Xuan Xing of Google CVE-2019-2031, CVE-2019-2035, CVE-2019-2040
Zinuo Han (weibo.com/ele7enxxh) of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. CVE-2019-2038, CVE-2019-2039

March

Researchers CVEs
Adrian Tang of Columbia University (CLKSCREW paper) CVE-2017-8252
Dacheng Shao (email) and Mingjian Zhou (周明建) (@Mingjian_Zhou) of C0RE Team CVE-2019-2008
Hongli Han (@hexb1n) and Mingjian Zhou (周明建) (@Mingjian_Zhou) of C0RE Team CVE-2019-2025
Jann Horn of Google Project Zero CVE-2019-2023
Jianjun Dai ( @jioun_dai) and Guang Gong ( @oldfresher) of 360 Alpha Team CVE-2019-2009
Mark Brand of Google Project Zero CVE-2019-2011
Niky1235 ( @jiych_guru) CVE-2019-2019
Qi Zhao ( @JHyrathon) and Guang Gong ( @oldfresher) of Alpha Team, Qihoo 360 Technology Co. Ltd. CVE-2019-2017
Wangtao (neobyte) of Alibaba Orion Security Lab CVE-2019-2004
Xiangqian Zhang ( @h3rb0x), m4bln, and Huiming Liu of Tencent Security Xuanwu Lab CVE-2019-2003
Xuan Xing of Google CVE-2018-9563, CVE-2018-9564, CVE-2019-2012, CVE-2019-2013, CVE-2019-2014, CVE-2019-2015, CVE-2019-2022
Yong Wang (王勇) ( @ThomasKing2014) of Alibaba Security CVE-2019-2016
Yongke Wang (王永科) ( @Rudykewang) and Xiangqian Zhang (张向前) (@h3rb0x) of Tencent Security Xuanwu Lab CVE-2019-2010
Zach Riggle ( @ebeip90) of the Android Security Team CVE-2019-2007
Zinuo Han ( weibo.com/ele7enxxh) of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. CVE-2018-9561, CVE-2019-2020, CVE-2019-2021

February

Researchers CVEs
Andr. Ess CVE-2019-1994
Chong Wang (weibo.com/csddl) of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. CVE-2019-1993
derrek (@derrekr6) CVE-2018-11289, CVE-2018-11820, CVE-2018-11938, CVE-2018-11864
Dzmitry Lukyanenka CVE-2019-1995
Hongli Han (@hexb1n) and Mingjian Zhou (周明建) (@Mingjian_Zhou) of C0RE Team CVE-2018-6268, CVE-2018-6271
Jann Horn of Google Project Zero CVE-2019-1999, CVE-2019-2000
Leon Scroggins of Google CVE-2019-1986, CVE-2019-1987, CVE-2019-1988
Mingjian Zhou (周明建) (@Mingjian_Zhou) of C0RE Team CVE-2018-6267
Rich Cannings of Google CVE-2019-1997
Tencent Blade Team CVE-2018-5839
Xuan Xing of Google CVE-2018-11262, CVE-2018-11275
Yongke Wang (王永科) (@Rudykewang) and Xiangqian Zhang (张向前) (@h3rb0x) of Tencent Security Xuanwu Lab CVE-2019-1996
Zinuo Han (weibo.com/ele7enxxh) of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. CVE-2019-1991, CVE-2019-1992

January

Researchers CVEs
Chong Wang (weibo.com/csddl) of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. CVE-2018-9589
D2.Y.P of NON Team CVE-2018-9594
Dzmitry Lukyanenka CVE-2018-9587
Hanxiang Wen and Mingjian Zhou (周明建) (@Mingjian_Zhou) of C0RE Team CVE-2018-6241
Jann Horn of Google Project Zero CVE-2018-17182, CVE-2018-18281
Maddie Stone of Google CVE-2018-9586
Niky1235 (@jiych_guru) CVE-2018-9584
Ricky Wai of Google CVE-2018-9582
Yongke Wang (王永科) (@Rudykewang) and Xiangqian Zhang (张向前) (@h3rb0x) of Tencent Security Xuanwu Lab CVE-2018-9585, CVE-2018-9588
Zinuo Han (weibo.com/ele7enxxh) of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. CVE-2018-9583, CVE-2018-9590, CVE-2018-9591, CVE-2018-9592, CVE-2018-9593

2018

In 2018, the security acknowledgements are listed by month. In prior years, acknowledgements were listed together.

December

Researchers CVEs
Baozeng Ding (@sploving1) CVE-2017-18320
Daniel Micay (@DanielMicay) CVE-2018-9567
Hao Chen and Guang Gong of Alpha Team, Qihoo 360 Technology Co. Ltd. CVE-2018-9557
Joydeep Mitra and Venkatesh-Prasad Ranganath of Ghera project at Kansas State University, USA CVE-2018-9548
Mingjian Zhou (周明建) ( @Mingjian_Zhou) of C0RE Team CVE-2018-9547
Newroot (@newroot) CVE-2018-9560
Scott Bauer (@ScottyBauer1) CVE-2018-9555, CVE-2018-9558, CVE-2018-9566
Yong Wang (王勇) (@ThomasKing2014) of Alibaba Inc. CVE-2018-9568
Zinuo Han (weibo.com/ele7enxxh) of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. CVE-2018-9549, CVE-2018-9552, CVE-2018-9553, CVE-2018-9562

November

Researchers CVEs
Amar Menezes of MWR Labs CVE-2018-9524
Elphet and Gong Guang of Alpha Team, Qihoo 360 Technology Co. Ltd. CVE-2018-9569, CVE-2018-9570, CVE-2018-9573, CVE-2018-9576, CVE-2018-9577
En He (@heeeeen4x) and Bo Liu of MS509Team (www.ms509.com) CVE-2018-9457
Joshua Laney of Deja vu Security CVE-2018-9542
Michał Bednarski CVE-2018-9522, CVE-2018-9523
Niky1235 (@jiych_guru) CVE-2018-9347
Tamir Zahavi-Brunner (@tamir_zb) of Zimperium zLabs Team CVE-2018-9539
Xiaobo Xiang of IIE; Gong Guang of Alpha Team, Qihoo 360 Technology Co. Ltd. CVE-2018-9571, CVE-2018-9572, CVE-2018-9574, CVE-2018-9575
Yongke Wang (@Rudykewang) and Xiangqian Zhang (@h3rb0x) of Tencent Security Xuanwu Lab CVE-2018-9540, CVE-2018-9541
Zinuo Han(weibo.com/ele7enxxh) of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. CVE-2018-9527, CVE-2018-9544, CVE-2018-9545, CVE-2018-9578

October

Researchers CVEs
Abhishek Sidharthan (Amrita School of Engineering) and Pratheesh P Narayanan (Sree Narayana Gurukulam College of Engineering) CVE-2018-9452
Chong Wang (weibo.com/csddl) of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. CVE-2018-9503, CVE-2018-9505
Daniel Kachakil, Senior Security Consultant, IOActive CVE-2018-9493, CVE-2018-9546
Guang Gong of Alpha Team, Qihoo 360 Technology Co. Ltd. CVE-2018-9490
Jann Horn of Google Project Zero CVE-2018-9514, CVE-2018-9515
Jianjun Dai (@Jioun_dai) and Guang Gong (@oldfresher) of Alpha Team, Qihoo 360 Technology Co. Ltd CVE-2017-13283
Michał Bednarski CVE-2018-9492
Niky1235 (@jiych_guru) CVE-2018-9473
Pengfei Ding (丁鹏飞) of Huawei Mobile Security Lab (华为移动安全实验室) CVE-2018-9506, CVE-2018-9507
Raymond Wang CVE-2018-9501
Stephan Zeisberg of Security Research Labs CVE-2018-9497
Tamir Zahavi-Brunner (@tamir_zb) of Zimperium zLabs Team CVE-2018-9499
Yongke Wang (@Rudykewang) and Xiangqian Zhang (@h3rb0x) of Tencent Security Xuanwu Lab CVE-2018-9502, CVE-2018-9508, CVE-2018-9509, CVE-2018-9510
Zinuo Han (weibo.com/ele7enxxh) of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. CVE-2018-9476, CVE-2018-9498, CVE-2018-9504

September

Researchers CVEs
Baozeng Ding (@sploving1), Chengming Yang, and Yang Song of Alibaba Mobile Security Group CVE-2018-9517
Chong Wang (weibo.com/csddl) of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. CVE-2018-9480, CVE-2018-9481, CVE-2018-9482, CVE-2018-9485
Cusas of L.O. Team CVE-2018-9440, CVE-2018-9467
Daniel Kachakil, Senior Security Consultant, IOActive CVE-2018-9468
En He (@heeeeen4x) and Bo Liu of MS509Team (ms509.com) CVE-2018-9475
Hector Cuesta Garcia (@HectorCuesta) of Innotec System CVE-2018-9470
Hongli Han (@hexb1n) and Mingjian Zhou (周明建) (@Mingjian_Zhou) of C0RE Team CVE-2018-11261
Jann Horn of Google Project Zero CVE-2018-9488
Jianjun Dai (@jioun_dai) and Guang Gong (@oldfresher) of Alpha Team, Qihoo 360 Technology Co. Ltd. CVE-2018-9478, CVE-2018-9479
Jianqiang Zhao (@jianqiangzhao) and pjf (weibo.com/jfpan) of IceSword Lab, Qihoo 360 CVE-2018-9516
M3, Inc. CVE-2018-9469
Mingjian Zhou (周明建) (@Mingjian_Zhou) of C0RE Team CVE-2018-11816
Pengfei Ding (丁鹏飞) of Huawei Mobile Security Lab (华为移动安全实验室) CVE-2018-9519
Tamir Zahavi-Brunner (@tamir_zb) of Zimperium zLabs Team CVE-2018-9411
Zinuo Han (weibo.com/ele7enxxh) of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. CVE-2018-9471, CVE-2018-9474, CVE-2018-9483, CVE-2018-9484, CVE-2018-9486

August

Researchers CVEs
Chao Dai @ L.O. Team CVE-2018-9437
Chong Wang of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. CVE-2018-9436, CVE-2018-9448, CVE-2018-9454, CVE-2018-9455
Dinesh Venkatesan (@malwareresearch) of Symantec CVE-2017-13295
Dzmitry Lukyanenka CVE-2018-9459, CVE-2018-9461
En He (@heeeeen4x) and Bo Liu of MS509Team CVE-2017-13242, CVE-2018-9457
Francesco Pinci CVE-2018-9447
Jann Horn of Google Project Zero CVE-2018-9445
Joshua Steiner of Introne Apps CVE-2017-13322
Scott Bauer (@ScottyBauer1) CVE-2018-9441
Tencent Blade Team CVE-2017-18306, CVE-2017-18307
Tong Lin (segfault5514@gmail.com) and Mingjian Zhou (周明建) (@Mingjian_Zhou) of C0RE Team CVE-2018-9439
V.E.O (@VYSEa) of Mobile Security Research Team, Trend Micro CVE-2018-9444
Zinuo Han of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. CVE-2018-9435, CVE-2018-9446, CVE-2018-9449, CVE-2018-9450, CVE-2018-9451, CVE-2018-9453

July

Researchers CVEs
Baozeng Ding (丁保增) (@sploving) of Pandora Lab, Ali Security CVE-2018-9422
Billy Lau of Android Security Research CVE-2018-9416
Cusas of L.O. Team CVE-2018-9412
En He (@heeeeen4x) and Bo Liu of MS509Team CVE-2018-9432, CVE-2018-9414
Guang Gong of Alpha Team, Qihoo 360 Technology Co. Ltd. CVE-2018-9433
Jann Horn of Google Project Zero CVE-2018-9434
Jianjun Dai (@Jioun_dai) and Guang Gong (@oldfresher) of Alpha Team, Qihoo 360 Technology Co. Ltd. CVE-2018-9418, CVE-2018-9419, CVE-2018-9413, CVE-2018-9365
Jianqiang Zhao (@jianqiangzhao) and pjf (weibo.com/jfpan) of IceSword Lab, Qihoo 360 CVE-2018-9417
Nathan Crandall (@natecray) of Tesla's Product Security Team CVE-2017-0606
niky1235 (jiych.guru@gmail.com, @jiych_guru) CVE-2018-9423
Pengfei Ding (丁鹏飞), Chenfu Bao (包沉浮), Lenx Wei (韦韬) of Baidu X-Lab (百度安全实验室) CVE-2017-15851
Scott Bauer (@ScottyBauer1) CVE-2018-9430
Tamir Zahavi-Brunner (@tamir_zb) of Zimperium zLabs Team CVE-2018-9411
Tencent Blade Team CVE-2018-9421, CVE-2018-9420
Yonggang Guo (@guoygang) of IceSword Lab, Qihoo 360 Technology Co. Ltd. CVE-2018-9415
Zinuo Han (weibo.com/ele7enxxh) of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. CVE-2018-9410, CVE-2018-9424, CVE-2018-9431

June

Researchers CVEs
Baozeng Ding (丁保增) (@sploving1) of Pandora Lab, Ali Security CVE-2018-5857, CVE-2018-9389
Daniel Kachakil of IOActive CVE-2018-9375
derrek (@derrekr6) CVE-2017-6290, CVE-2017-6292, CVE-2017-6294
Elphet and Gong Guang of Alpha Team, Qihoo 360 Technology Co. Ltd. CVE-2018-9348
Hao Chen and Guang Gong of Alpha Team, Qihoo 360 Technology Co. Ltd. CVE-2018-5899
Jianjun Dai (@Jioun_dai) and Guang Gong (@oldfresher) of Alpha Team, Qihoo 360 Technology Co. Ltd CVE-2018-9381, CVE-2018-9358,
CVE-2018-9359, CVE-2018-9360,
CVE-2018-9361, CVE-2018-9357,
CVE-2018-9356
joe0x20@gmail.com CVE-2018-5898
Jose Martinez CVE-2018-5146
Julien Thomas (@Julien_Thomas) of Protektoid.com CVE-2018-9374
Michał Bednarski CVE-2018-9339
Mingjian Zhou (周明建) (@Mingjian_Zhou) of C0RE Team CVE-2018-9344
Niky1235 (@jiych_guru) CVE-2017-13230, CVE-2018-9347
Pengfei Ding (丁鹏飞), Chenfu Bao (包沉浮), and Lenx Wei (韦韬)
of Baidu X-Lab (百度安全实验室)
CVE-2018-5832, CVE-2018-5896, CVE-2018-5897
Qing Dong of 360 Beaconlab CVE-2018-9386
Scott Bauer (@ScottyBauer1) CVE-2018-9388, CVE-2018-9355,
CVE-2018-9380
Stephan Zeisberg of Security Research Labs CVE-2018-9350, CVE-2018-9352,
CVE-2018-9353, CVE-2018-9341
Tencent Blade Team CVE-2018-9345, CVE-2018-9346
Yonggang Guo (@guoygang) of IceSword Lab, Qihoo 360 Technology Co. Ltd. CVE-2017-0564
Yuan-Tsung Lo of C0RE Team CVE-2017-13079, CVE-2017-13081
华为移动安全实验室的钱育波 CVE-2018-9363
Zinuo Han of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. CVE-2018-9340, CVE-2018-9338,
CVE-2018-9378

May

Researchers CVEs
Corinna Vinschen CVE-2018-5853
derrek (@derrekr6) CVE-2017-6293, CVE-2018-6246
Gengjia Chen ( @chengjia4574 ) and pjf of IceSword Lab, Qihoo 360 Technology Co. Ltd. CVE-2017-18153
Hanxiang Wen and Mingjian Zhou (周明建) (@Mingjian_Zhou) of C0RE Team CVE-2017-18154
Hongli Han (@HexB1n) and Mingjian Zhou (周明建) (@Mingjian_Zhou) of C0RE Team CVE-2018-6254
Joshua Steiner of Introne Apps CVE-2017-13322
Michał Bednarski CVE-2017-13310, CVE-2017-13311
Pengfei Ding (丁鹏飞), Chenfu Bao (包沉浮), and Lenx Wei (韦韬) of Baidu X-Lab (百度安全实验室) CVE-2017-15857, CVE-2018-5852
Zinuo Han of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd CVE-2017-13321, CVE-2017-13318, CVE-2017-13323, CVE-2017-13319, CVE-2017-13317

April

Researchers CVEs
Billy Lau of Google CVE-2017-13305
Chong Wang of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd CVE-2017-13287
Chong Wang and Zinuo Han of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd CVE-2017-13289, CVE-2017-13286
Cusas @ Huawei L.O. Team CVE-2017-13279
Daxing Guo of Tencent's Xuanwu Lab CVE-2017-13292, CVE-2017-13303
Dinesh Venkatesan (@malwareresearch) of Symantec CVE-2017-13295
Elphet and Gong Guang of Alpha Team, Qihoo 360 Technology Co. Ltd CVE-2017-13276
En He (@heeeeen4x) and Bo Liu of MS509Team CVE-2017-13294
Eric Leong (@ericwleong) CVE-2017-13301
Hao Chen and Guang Gong of Alpha Team, Qihoo 360 Technology Co. Ltd. CVE-2018-3596
Haosheng Wang (@gnehsoah) CVE-2017-13280
Jean-Baptiste Cayrou (@jbcayrou) CVE-2017-13284
Jianjun Dai (@Jioun_dai) and Guang Gong of Alpha Team, Qihoo 360 Technology Co. Ltd CVE-2017-13291, CVE-2017-13283, CVE-2017-13282, CVE-2017-13281, CVE-2017-13267
Patrick Delvenne (@wintzx) of Orange Labs CVE-2018-3584
Pengfei Ding (丁鹏飞), Chenfu Bao (包沉浮), Lenx Wei (韦韬) of Baidu X-Lab (百度安全实验室) CVE-2017-13306, CVE-2017-13290, CVE-2017-15837
Tencent Blade Team CVE-2017-15853
Vasily Vasiliev CVE-2017-13297
Weichao Sun of Alibaba Inc (@sunblate) CVE-2017-13277
Yang Dai and Yu Pan of Vulpecker Team, Qihoo 360 Technology Co. Ltd CVE-2017-13304
Yonggang Guo (@guoygang) of IceSword Lab, Qihoo 360 Technology Co. Ltd CVE-2017-8269, CVE-2017-13307, CVE-2018-5826
Zhongwen & Chao Dai @ Huawei L.O. Team CVE-2017-13274
Zinuo Han of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd CVE-2017-13288, CVE-2017-13298, CVE-2017-13296, CVE-2017-13299, CVE-2017-13275, CVE-2017-13285

March

Researchers CVEs
Billy Lau of Google CVE-2017-14879
Daniel Micay of Copperhead Security CVE-2017-13265
Dacheng Shao and Mingjian Zhou (周明建) CVE-2017-6288
Elphet and Gong Guang of Alpha Team, Qihoo 360 Technology Co. Ltd. CVE-2017-13254
Jake Corina of Shellphish Grill Team CVE-2018-3560
Jianjun Dai (@Jioun_dai) and Guang Gong of Alpha Team, Qihoo 360 Technology Co. Ltd. CVE-2017-13266, CVE-2017-13256, CVE-2017-13255
Julian Rauchberger CVE-2017-13258
Hongli Han (@hexb1n), Dacheng Shao, and Mingjian Zhou (周明建) (@Mingjian_Zhou) of C0RE Team CVE-2017-6287
Hongli Han (@HexB1n) and Mingjian Zhou (周明建)(@Mingjian_Zhou) of C0RE Team CVE-2017-6286, CVE-2017-6285,
CVE-2017-6281
Pengfei Ding (丁鹏飞), Chenfu Bao (包沉浮), Lenx Wei (韦韬) of Baidu X-Lab (百度安全实验室) CVE-2017-13262, CVE-2017-13261, CVE-2017-13260, CVE-2017-11029, CVE-2017-15814
Peter Pi of Tencent Security Platform Department CVE-2017-13269
Sang Shin Jung of Deja vu Security CVE-2017-13270
Tamir Zahavi-Brunner (@tamir_zb) of Zimperium zLabs Team CVE-2017-13253
Vasily Vasiliev CVE-2017-13249, CVE-2017-13248, CVE-2017-13264
Wish Wu (@wish_wu 吴潍浠 此彼) of Ant-financial Light-Year Security Lab CVE-2017-13259, CVE-2017-13272
Yaoguang Chen of Ant-financial Light-Year Security Lab (蚂蚁金服巴斯光年安全实验室) CVE-2017-13257, CVE-2017-13268
Yonggang Guo (@guoygang) of IceSword Lab, Qihoo 360 Technology Co. Ltd. CVE-2017-13271
ZhangBo of Tencent Security Platform Department CVE-2017-18069
Zinuo Han from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd. CVE-2017-13252, CVE-2017-13251, CVE-2018-3561

February

Researchers CVEs
Aaron Willey, autoprime (@utoprime), and Tyler Montgomery (@tylerfixer) of Team Codefire CVE-2017-13238
Cusas (华为公司的cusas) CVE-2017-13235
Elphet and Gong Guang of Alpha Team, Qihoo 360 Technology Co. Ltd. CVE-2017-13229
En He (@heeeeen4x) and Bo Liu of MS509Team CVE-2017-13242
Gal Beniamini of Google CVE-2017-13236
Hao Chen and Guang Gong of Alpha Team, Qihoo 360 Technology Co. Ltd. CVE-2017-13245
Hongli Han (@HexB1n), Dacheng Shao and Mingjian Zhou (@Mingjian_Zhou) of C0RE Team CVE-2017-6258
Hongli Han (@HexB1n), Mingjian Zhou (@Mingjian_Zhou) of C0RE Team CVE-2017-17767, CVE-2017-6279
Mingjian Zhou (周明建) (@Mingjian_Zhou) of C0RE Team CVE-2017-13241, CVE-2017-13231
Nightwatch Cybersecurity Research CVE-2017-13243
Niky1235 (@jiych_guru) CVE-2017-13230, CVE-2017-13234
Outware CVE-2017-13239
Qidan He (@flanker_hqd) of PDD Security Team CVE-2017-13246
Xiling Gong of Tencent Security Platform Department CVE-2017-15852
Yonggang Guo (@guoygang) of IceSword Lab, Qihoo 360 Technology Co. Ltd. CVE-2017-13273
ZhangBo of Tencent Security Platform Department CVE-2015-9016
Zinuo Han from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd. CVE-2017-13232

January

Researchers CVEs
Adong Zhang (张阿东), Chao Liu (刘超), and Jinguang Dong (董金光) CVE-2017-13215
Amar Menezes of MWR Labs CVE-2017-13212
Andy Tyler (@ticarpi) of e2e-assure CVE-2017-0846
Baozeng Ding (@sploving), Chengming Yang, and Yang Song of Pandora Lab, Ali Security CVE-2017-13222, CVE-2017-13220
Billy Lau of Google CVE-2017-14879
Cameron Gutman CVE-2017-13214
Chi Zhang and Mingjian Zhou (@Mingjian_Zhou) of C0RE Team CVE-2017-13178, CVE-2017-13179
Gal Beniamini of Google CVE-2017-13209
Haosheng Wang (@gnehsoah) CVE-2017-13198
Hongli Han (@HexB1n) and Mingjian Zhou (@Mingjian_Zhou) of C0RE Team CVE-2017-13183, CVE-2017-13180
Hongli Han (@HexB1n), Dacheng Shao, and Mingjian Zhou (@Mingjian_Zhou) of C0RE Team CVE-2017-13194
Max Moroz of Google CVE-2017-13224
Mingjian Zhou (周明建) (@Mingjian_Zhou) of C0RE Team CVE-2017-13184, CVE-2017-13201
Niky1235 (@jiych_guru) CVE-2017-0855, CVE-2017-13195, CVE-2017-13181
tintinweb CVE-2017-13208
Tongxin Li and Xinhui Han of Peking University; Luyi Xing, Nan Zhang, Xueqiang Wang, and XiaoFeng Wang of Indiana University Bloomington; Xiaolong Bai of Tsinghua University; and Kai Chen of IIE, Chinese Academy of Sciences CVE-2017-13176
V.E.O (@VYSEa) of Mobile Threat Response Team, Trend Micro CVE-2017-13196, CVE-2017-13186
Wolfu (付敬贵) of Tencent Security Platform Department CVE-2017-13219, CVE-2017-13207
Xuan Xing of Google CVE-2017-13217
Yangkang (@dnpushme) of Qihoo360 Qex Team CVE-2017-13200
Yongke Wang (@Rudykewang) and Yuebin Sun of Tencent's Xuanwu Lab CVE-2017-13202
Yuan-Tsung Lo of C0RE Team CVE-2017-13213, CVE-2017-13221
Yu Pan and Yang Dai of Vulpecker Team, Qihoo 360 Technology Co. Ltd. CVE-2017-0869
Zinuo Han of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. CVE-2017-13206, CVE-2017-13188, CVE-2017-13185

2017

Researcher CVEs
ADlab of Venustech CVE-2017-0630
Alexander Potapenko of Google Dynamic Tools team CVE-2017-0537
Alexandru Blanda CVE-2017-0390
Amir Cohen of Ben Gurion University Cyber Lab CVE-2017-0650
Ao Wang (@ArayzSegment) of Pangu Team CVE-2017-0691, CVE-2017-0700
Aravind Machiry of Shellphish Grill Team, University of California, Santa Barbara CVE-2017-0865
Dr. Asaf Shabtai of Ben Gurion University Cyber Lab CVE-2017-0650
Baozeng Ding (@sploving1) of Alibaba Mobile Security Group CVE-2017-0463, CVE-2017-0506, CVE-2017-0711, CVE-2017-0741, CVE-2017-0742, CVE-2017-0751, CVE-2017-0796, CVE-2017-0798, CVE-2017-0800, CVE-2017-0827, CVE-2017-0843, CVE-2017-0864, CVE-2017-9703, CVE-2017-9708, CVE-2017-11000, CVE-2017-11059, CVE-2017-13170
Ben Actis (@Ben_RA) CVE-2016-8461
Ben Seri of Armis, Inc. CVE-2017-0781, CVE-2017-0782, CVE-2017-0783, CVE-2017-0785
Billy Lau of Android Security CVE-2017-0335, CVE-2017-0336, CVE-2017-0338, CVE-2017-0460, CVE-2017-8263, CVE-2017-9682, CVE-2017-13162
Bo Liu of MS509Team CVE-2017-0490, CVE-2017-0601, CVE-2017-0639, CVE-2017-0645, CVE-2017-0784, CVE-2017-11042
Chao Yang of Alibaba Mobile Security Group CVE-2016-10280, CVE-2016-10281, CVE-2017-0565
Chenfu Bao (包沉浮) of Baidu X-Lab (百度安全实验室) CVE-2016-8417, CVE-2016-10236, CVE-2017-0728, CVE-2017-0738, CVE-2017-0766, CVE-2017-0794, CVE-2017-9681, CVE-2017-9684, CVE-2017-9693, CVE-2017-9694, CVE-2017-9696, CVE-2017-9702, CVE-2017-9715, CVE-2017-9717, CVE-2017-9720, CVE-2017-11001, CVE-2017-10999, CVE-2017-11057, CVE-2017-11060, CVE-2017-11061, CVE-2017-11064, CVE-2017-11089, CVE-2017-11090
Chengming Yang of Alibaba Mobile Security Group CVE-2016-10280, CVE-2016-10281, CVE-2017-0463, CVE-2017-0506, CVE-2017-0565, CVE-2017-0711, CVE-2017-0741, CVE-2017-0742, CVE-2017-0751, CVE-2017-0796, CVE-2017-0798, CVE-2017-0800, CVE-2017-0827, CVE-2017-0843, CVE-2017-0864, CVE-2017-9708, CVE-2017-11000, CVE-2017-11059, CVE-2017-13170
Chenxiong Qian of Georgia Tech CVE-2017-0860
Chi Zhang of C0RE Team CVE-2017-0666, CVE-2017-0681, CVE-2017-0684, CVE-2017-0765, CVE-2017-0836, CVE-2017-0857, CVE-2017-0880, CVE-2017-13166
Chiachih Wu (@chiachih_wu) of C0RE Team CVE-2016-8425, CVE-2016-8426, CVE-2016-8430, CVE-2016-8431, CVE-2016-8432, CVE-2016-8449, CVE-2016-8435, CVE-2016-8480, CVE-2016-8481, CVE-2016-8482, CVE-2017-0383, CVE-2017-0384, CVE-2017-0385, CVE-2017-0398, CVE-2017-0400, CVE-2017-0401, CVE-2017-0402, CVE-2017-0428, CVE-2017-0429, CVE-2017-0435, CVE-2017-0436, CVE-2017-0444, CVE-2017-0448
Chong Wang of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. CVE-2017-0758
Cong Zheng (@shellcong) of Palo Alto Networks CVE-2017-0752
Constantinos Patsakis of University of Piraeus CVE-2017-0807
Cusas (华为公司的cusas) CVE-2017-0870
Dacheng Shao of C0RE Team CVE-2017-0483, CVE-2017-0739, CVE-2017-0769, CVE-2017-0801
Daniel Dakhno CVE-2017-0420
Daniel Micay of Copperhead Security CVE-2017-0397, CVE-2017-0405, CVE-2017-0410, CVE-2017-0826, CVE-2017-13160
Daxing Guo (@freener0) of Xuanwu Lab, Tencent CVE-2017-0386, CVE-2017-0553, CVE-2017-0585, CVE-2017-0706
derrek (@derrekr6) CVE-2016-8413, CVE-2016-8477, CVE-2017-0392, CVE-2017-0521, CVE-2017-0531, CVE-2017-0576, CVE-2017-8260
Di Shen (@returnsme) of KeenLab (@keen_lab), Tencent CVE-2016-8412, CVE-2016-8427, CVE-2016-8444, CVE-2016-10287, CVE-2017-0334, CVE-2017-0403, CVE-2017-0427, CVE-2017-0456, CVE-2017-0457, CVE-2017-0525, CVE-2017-8265
donfos (Aravind Machiry) of Shellphish Grill Team, UC Santa Barbara CVE-2016-5349, CVE-2016-8448, CVE-2016-8470, CVE-2016-8471, CVE-2016-8472
Dzmitry Lukyanenka CVE-2017-0414, CVE-2017-0703, CVE-2017-0808, CVE-2017-13157, CVE-2017-13158, CVE-2017-13159
Ecular Xu (徐健) of Trend Micro CVE-2017-0599, CVE-2017-0635, CVE-2017-0641, CVE-2017-0643, CVE-2017-0859
Efthimios Alepis of University of Piraeus CVE-2017-0807
Elphet of Alpha Team, Qihoo 360 Technology Co. Ltd. CVE-2017-0692, CVE-2017-0694, CVE-2017-0771, CVE-2017-0774, CVE-2017-0775
En He (@heeeeen4x) of MS509Team CVE-2017-0394, CVE-2017-0490, CVE-2017-0601, CVE-2017-0639, CVE-2017-0645, CVE-2017-0784, CVE-2017-11042
Eric Lafortune of GuardSquare CVE-2017-13156
Ethan Yonker of Team Win Recovery Project CVE-2017-0493
Fang Chen of Sony Mobile Communications Inc. CVE-2017-0481
Frank Liberato of Chrome CVE-2017-0409
Gal Beniamini of Project Zero CVE-2017-0411, CVE-2017-0412, CVE-2017-0561, CVE-2017-0569 CVE-2017-0570, CVE-2017-0571, CVE-2017-0572
jiayy CVE-2016-8464, CVE-2016-10285, CVE-2016-10288, CVE-2016-10290, CVE-2016-10294, CVE-2016-10295, CVE-2016-10296, CVE-2017-0329, CVE-2017-0332, CVE-2017-0432, CVE-2017-0434, CVE-2017-0446, CVE-2017-0447, CVE-2017-0500, CVE-2017-0501, CVE-2017-0502, CVE-2017-0503, CVE-2017-0509, CVE-2017-0524, CVE-2017-0529, CVE-2017-0536, CVE-2017-0566, CVE-2017-0573, CVE-2017-0581, CVE-2017-0616, CVE-2017-0617, CVE-2017-0624, CVE-2017-0649, CVE-2017-0744, CVE-2017-6426, CVE-2017-8243, CVE-2017-8244, CVE-2017-8266, CVE-2017-8270, CVE-2017-9691, CVE-2017-10997
Godzheng (郑文选 @VirtualSeekers) of Tencent PC Manager CVE-2017-0602, CVE-2017-0646
Google WebM Team CVE-2017-0393
Gregory Vishnepolsky of Armis, Inc. CVE-2017-0781, CVE-2017-0782, CVE-2017-0783, CVE-2017-0785
Guang Gong (龚广) (@oldfresher) of Alpha Team, Qihoo 360 Technology Co. Ltd. CVE-2016-8415, CVE-2016-8419, CVE-2016-8420, CVE-2016-8421, CVE-2016-8454, CVE-2016-8455, CVE-2016-8456, CVE-2016-8457, CVE-2016-8465, CVE-2016-8476, CVE-2016-10283, CVE-2017-0387, CVE-2017-0415, CVE-2017-0437, CVE-2017-0438, CVE-2017-0439, CVE-2017-0441, CVE-2017-0442, CVE-2017-0443, CVE-2017-0453, CVE-2017-0454, CVE-2017-0461, CVE-2017-0464, CVE-2017-0547, CVE-2017-0567, CVE-2017-0574, CVE-2017-0575, CVE-2017-0577, CVE-2017-0580, CVE-2017-0584, CVE-2017-0692, CVE-2017-0694, CVE-2017-0727, CVE-2017-0748, CVE-2017-0771, CVE-2017-0774, CVE-2017-0775, CVE-2017-0786, CVE-2017-0787, CVE-2017-0788, CVE-2017-0789, CVE-2017-0790, CVE-2017-0791, CVE-2017-0792, CVE-2017-0825, CVE-2017-6424, CVE-2017-14904
Guangdong Bai of Singapore Institute of Technology (SIT) CVE-2017-0496
Güliz Seray Tuncay of the University of Illinois at Urbana-Champaign CVE-2017-0593
Guo Haoran of King Team CVE-2017-13172
Hanxiang Wen of C0RE Team CVE-2017-0400, CVE-2017-0418, CVE-2017-0479, CVE-2017-0480, CVE-2017-0665, CVE-2017-0681, CVE-2017-0737, CVE-2017-14904
Hao Chen of Alpha Team, Qihoo 360 Technology Co. Ltd. CVE-2016-8415, CVE-2016-8419, CVE-2016-8420, CVE-2016-8421, CVE-2016-8454, CVE-2016-8455, CVE-2016-8456, CVE-2016-8457, CVE-2016-8465, CVE-2016-8476, CVE-2016-10283, CVE-2017-0437, CVE-2017-0438, CVE-2017-0439, CVE-2017-0441, CVE-2017-0442, CVE-2017-0443, CVE-2017-0453, CVE-2017-0454, CVE-2017-0461, CVE-2017-0464, CVE-2017-0567, CVE-2017-0574, CVE-2017-0575, CVE-2017-0577, CVE-2017-0580, CVE-2017-0584, CVE-2017-0748, CVE-2017-0786, CVE-2017-0787, CVE-2017-0788, CVE-2017-0789, CVE-2017-0790, CVE-2017-0791, CVE-2017-0792, CVE-2017-0825, CVE-2017-6424
Hao Qin of Security Research Lab, Cheetah Mobile CVE-2017-11056
Hiroki Yamamoto of Sony Mobile Communications Inc. CVE-2017-0481
Hongli Han (@HexB1n) of C0RE Team CVE-2017-0384, CVE-2017-0385, CVE-2017-0731, CVE-2017-0739, CVE-2017-13154, CVE-2017-6276
hujianfei of Qihoo360 Qex Team CVE-2017-0753
Ian Foster (@lanrat) CVE-2017-0554
Jack Tang of Trend Micro Inc. CVE-2017-0579, CVE-2017-9706
Jake Corina of Shellphish Grill Team CVE-2017-0636, CVE-2017-0802
Jason Gu of Trend Micro CVE-2017-0780
Jeff Sharkey of Google CVE-2017-0421, CVE-2017-0423
Jeff Trim CVE-2017-0422
Jeremy Huang (@bittorrent3389) of King Team CVE-2017-13172
Jianjun Dai (@Jioun_dai) of Qihoo 360 Skyeye Labs CVE-2017-0478, CVE-2017-0541, CVE-2017-0559
Jianqiang Zhao (@jianqiangzhao) of IceSword Lab, Qihoo 360 CVE-2016-5346, CVE-2016-8416, CVE-2016-8475, CVE-2016-8478, CVE-2017-0445, CVE-2017-0458, CVE-2017-0459, CVE-2017-0518, CVE-2017-0519, CVE-2017-0533, CVE-2017-0534, CVE-2017-0862, CVE-2017-6425, CVE-2017-8233, CVE-2017-8261, CVE-2017-8268, CVE-2017-9718, CVE-2017-1000380
Joey Brand of Census Consulting Inc. CVE-2017-0698
Jon Sawyer (@jcase) CVE-2016-8461, CVE-2016-8462
Jose Martinez CVE-2017-0841
Juhu Nie of Xiaomi Inc. CVE-2016-10276
Jun Cheng of Alibaba Inc. CVE-2017-0404
Justin Paupore of Google CVE-2017-0831
Kevin Deus of Google CVE-2017-11052, CVE-2017-11054, CVE-2017-11055, CVE-2017-11062
Lenx Wei (韦韬) of Baidu X-Lab (百度安全实验室) CVE-2016-8417, CVE-2016-10236, CVE-2017-0728, CVE-2017-0738, CVE-2017-0766, CVE-2017-0794 CVE-2017-9681, CVE-2017-9684, CVE-2017-9693, CVE-2017-9694, CVE-2017-9696, CVE-2017-9702, CVE-2017-9715, CVE-2017-9717, CVE-2017-9720, CVE-2017-10999, CVE-2017-11001, CVE-2017-11057, CVE-2017-11060, CVE-2017-11061, CVE-2017-11064, CVE-2017-11089, CVE-2017-11090
Liyadong of Qex Team, Qihoo 360 CVE-2017-0647
Lorenzo Nicolodi CVE-2017-13165
Lubo Zhang of C0RE Team CVE-2016-8479, CVE-2017-0564, CVE-2017-7368
ma.la of LINE Corporation CVE-2016-5552
Makoto Onuki of Google CVE-2017-0491
Marco Bartoli (@wsxarcher) CVE-2017-0712
Mark Salyzyn of Google CVE-2017-0558
Max Spector of Google CVE-2017-0416
Michael Goberman of IBM Security X-Force CVE-2016-8467
Michal Bednarski CVE-2017-0598, CVE-2017-0806, CVE-2017-0871
Mike Anderson (@manderbot) of Tesla Motors Product Security Team CVE-2017-0327, CVE-2017-0328
Mingjian Zhou (@Mingjian_Zhou) of C0RE Team CVE-2017-0383, CVE-2017-0417, CVE-2017-0418, CVE-2017-0425, CVE-2017-0450, CVE-2017-0479, CVE-2017-0480, CVE-2017-0483, CVE-2017-0665, CVE-2017-0666, CVE-2017-0681, CVE-2017-0684, CVE-2017-0731, CVE-2017-0737, CVE-2017-0739, CVE-2017-0765, CVE-2017-0768, CVE-2017-0769, CVE-2017-0779, CVE-2017-0801, CVE-2017-0812, CVE-2017-0815, CVE-2017-0816, CVE-2017-0836, CVE-2017-0837, CVE-2017-0840, CVE-2017-0857, CVE-2017-8080, CVE-2017-6276, CVE-2017-13152, CVE-2017-13154, CVE-2017-13166, CVE-2017-13169, CVE-2017-14904
Monk Avel CVE-2017-0396, CVE-2017-0399
Nan Li of Xiaomi Inc. CVE-2016-10276
Nathan Crandall (@natecray) CVE-2017-0535
Nathan Crandall (@natecray) of Tesla Motors Product Security Team CVE-2017-0306, CVE-2017-0327, CVE-2017-0328, CVE-2017-0331, CVE-2017-0606, CVE-2017-8242, CVE-2017-9679
Nick Stephens of Shellphish Grill Team CVE-2017-0636, CVE-2017-0802
Nikolay Elenkov of LINE Corporation CVE-2016-5552
Niky1235 (@jiych_guru) CVE-2017-0603, CVE-2017-0670, CVE-2017-0697, CVE-2017-0726, CVE-2017-0818
Ning You of Alibaba Mobile Security Group CVE-2016-10280, CVE-2016-10281, CVE-2017-0463, CVE-2017-0565
Nitay Artenstein of Exodus Intelligence CVE-2017-9417
Omer Shwartz of Ben Gurion University Cyber Lab CVE-2017-0650
Peide Zhang of Vulpecker Team, Qihoo 360 Technology Co. Ltd. CVE-2017-0618, CVE-2017-0625
Peng Xiao of Alibaba Mobile Security Group CVE-2016-10280, CVE-2016-10281, CVE-2017-0463, CVE-2017-0506, CVE-2017-0565, CVE-2017-0842
Pengfei Ding (丁鹏飞) of Baidu X-Lab (百度安全实验室) CVE-2016-8417, CVE-2016-10236, CVE-2017-0728, CVE-2017-0738, CVE-2017-0766, CVE-2017-0794, CVE-2017-9681, CVE-2017-9684, CVE-2017-9693, CVE-2017-9694, CVE-2017-9696, CVE-2017-9702, CVE-2017-9715, CVE-2017-9717, CVE-2017-9720, CVE-2017-11001, CVE-2017-10999, CVE-2017-11057, CVE-2017-11060, CVE-2017-11061, CVE-2017-11064, CVE-2017-11089, CVE-2017-11090
Peter Pi of Tencent Security Platform Department CVE-2017-11046, CVE-2017-11091
Peter Pi (@heisecode) of Trend Micro CVE-2016-8424, CVE-2016-8428, CVE-2016-8429, CVE-2016-8460, CVE-2016-8469, CVE-2016-8473, CVE-2016-8474
pjf of IceSword Lab, Qihoo 360 Technology Co. Ltd. CVE-2016-5346, CVE-2016-8416, CVE-2016-8464, CVE-2016-8475, CVE-2016-8478, CVE-2016-10285, CVE-2016-10288, CVE-2016-10290, CVE-2016-10294, CVE-2016-10295, CVE-2016-10296, CVE-2017-0329, CVE-2017-0332, CVE-2017-0432, CVE-2017-0434, CVE-2017-0445, CVE-2017-0446, CVE-2017-0447, CVE-2017-0458, CVE-2017-0459, CVE-2017-0500, CVE-2017-0501, CVE-2017-0502, CVE-2017-0503, CVE-2017-0509, CVE-2017-0518, CVE-2017-0519, CVE-2017-0524, CVE-2017-0529, CVE-2017-0533, CVE-2017-0534, CVE-2017-0536, CVE-2017-0566, CVE-2017-0573, CVE-2017-0581, CVE-2017-0616, CVE-2017-0617, CVE-2017-0624, CVE-2017-0649, CVE-2017-0744, CVE-2017-0862, CVE-2017-6425, CVE-2017-6426, CVE-2017-8233, CVE-2017-8243, CVE-2017-8244, CVE-2017-8261, CVE-2017-8266, CVE-2017-8268, CVE-2017-8270, CVE-2017-9691, CVE-2017-9718, CVE-2017-10997, CVE-2017-1000380
Qidan He (何淇丹) (@flanker_hqd) of KeenLab, Tencent (腾讯科恩实验室) CVE-2017-0325, CVE-2017-0337, CVE-2017-0382, CVE-2017-0427, CVE-2017-0476, CVE-2017-0544, CVE-2017-0861, CVE-2017-0866, CVE-2017-13167, CVE-2017-13324, CVE-2017-15868
Qing Zhang of Qihoo 360 CVE-2017-0496
Qiwu Huang of Xiaomi Inc. CVE-2016-10276
Quhe of Ant-financial Light-Year Security Lab (蚂蚁金服巴斯光年安全实验室) CVE-2017-0522
Roee Hay (@roeehay) of Aleph Research, HCL Technologies CVE-2016-10277, CVE-2017-0563, CVE-2017-0582, CVE-2017-0648, CVE-2017-0829, CVE-2017-13174
Roee Hay of IBM Security X-Force Research CVE-2016-8467, CVE-2017-0510
Sagi Kedmi of IBM Security X-Force Research CVE-2017-0433, CVE-2017-0510
Sahara of Secure Communications in DarkMatter CVE-2017-0528
salls (@chris_salls) of Shellphish Grill Team, UC Santa Barbara CVE-2017-0505, CVE-2017-13168
Scott Bauer (@ScottyBauer1) CVE-2016-10274, CVE-2017-0339, CVE-2017-0405, CVE-2017-0504, CVE-2017-0516, CVE-2017-0521, CVE-2017-0562, CVE-2017-0576, CVE-2017-0705, CVE-2017-0740, CVE-2017-8259, CVE-2017-8260, CVE-2017-9680, CVE-2017-11053, CVE-2017-13160
Sean Beaupre (@firewaterdevs) CVE-2016-8461, CVE-2016-8462, CVE-2017-0455
Seven Shen (@lingtongshen) of Trend Micro Mobile Threat Research Team CVE-2016-8418, CVE-2016-8466, CVE-2016-10231, CVE-2017-0449, CVE-2017-0452, CVE-2017-0578, CVE-2017-0586, CVE-2017-0724, CVE-2017-0772, CVE-2017-0780, CVE-2017-6247, CVE-2017-6248, CVE-2017-6249, CVE-2017-7369
Shinichi Matsumoto of Fujitsu CVE-2017-0498
Simon Chung of Georgia Tech CVE-2017-0860
Stéphane Marques of ByteRev CVE-2017-0489
Stephen Morrow CVE-2017-0389
Svetoslav Ganov of Google CVE-2017-0492
Tim Becker CVE-2017-0546
Timothy Becker of CSS Inc. CVE-2017-0667, CVE-2017-0732, CVE-2017-0805
Tong Lin of C0RE Team CVE-2016-8425, CVE-2016-8426, CVE-2016-8449, CVE-2016-8479, CVE-2016-8481, CVE-2016-10291, CVE-2017-0333, CVE-2017-0428, CVE-2017-0435, CVE-2017-0436, CVE-2017-10661
Uma Sankar Pradhan (@umasankar_iitd) CVE-2017-0560
Valerio Costamagna (@vaio_co) CVE-2017-0712
Vasily Vasiliev CVE-2017-0589, CVE-2017-0637, CVE-2017-0638, CVE-2017-0642, CVE-2017-0675, CVE-2017-0676, CVE-2017-0682, CVE-2017-0683, CVE-2017-0696, CVE-2017-0699, CVE-2017-0701, CVE-2017-0702, CVE-2017-0716, CVE-2017-0757
V.E.O (@VYSEa) of Mobile Threat Research Team, Trend Micro CVE-2017-0381, CVE-2017-0424, CVE-2017-0466, CVE-2017-0467, CVE-2017-0468, CVE-2017-0469, CVE-2017-0470, CVE-2017-0471, CVE-2017-0472, CVE-2017-0473, CVE-2017-0482, CVE-2017-0484, CVE-2017-0485, CVE-2017-0486, CVE-2017-0487, CVE-2017-0494, CVE-2017-0495, CVE-2017-0538, CVE-2017-0539, CVE-2017-0540, CVE-2017-0555, CVE-2017-0556, CVE-2017-0557, CVE-2017-0587, CVE-2017-0590, CVE-2017-0600, CVE-2017-0640, CVE-2017-0674, CVE-2017-0677, CVE-2017-0679, CVE-2017-0680, CVE-2017-0685, CVE-2017-0686, CVE-2017-0689, CVE-2017-0693, CVE-2017-0695, CVE-2017-0713, CVE-2017-0715, CVE-2017-0750, CVE-2017-10662, CVE-2017-10663
wanchouchou of Ant-financial Light-Year Security Lab (蚂蚁金服巴斯光年安全实验室) CVE-2017-0522
Weichao Sun (@sunblate) of Alibaba Inc. CVE-2017-0391, CVE-2017-0407, CVE-2017-0549, CVE-2017-0759
Wenjun Hu of Palo Alto Networks CVE-2017-0752
Wenke Lee of Georgia Tech CVE-2017-0860
Wenke Dou of C0RE Team CVE-2017-0384, CVE-2017-0385, CVE-2017-0398, CVE-2017-0400, CVE-2017-0401, CVE-2017-0402, CVE-2017-0417, CVE-2017-0418, CVE-2017-0450, CVE-2017-0483, CVE-2017-0768, CVE-2017-0779, CVE-2017-0812, CVE-2017-0815, CVE-2017-0816
Wenlin Yang (@wenlin_yang) of Alpha Team, Qihoo 360 Technology Co. Ltd. CVE-2017-0577, CVE-2017-0580
Wish Wu (@wish_wu) (吴潍浠 此彼) of Ant-financial Light-Year Security Lab CVE-2017-0408, CVE-2017-0477, CVE-2017-11063, CVE-2017-11092
Wolfu (付敬贵) of Tencent Security Platform Department CVE-2017-0863, CVE-2017-11050, CVE-2017-11051, CVE-2017-11067, CVE-2017-11073, CVE-2017-11093
Xiangqian Zhang of Alibaba Mobile Security Group CVE-2017-0796, CVE-2017-0827
Xiao Zhang of Palo Alto Networks CVE-2017-0752
Xiaodong Wang of C0RE Team CVE-2017-0429, CVE-2017-0448
Xiling Gong of Tencent Security Platform Department CVE-2017-0597, CVE-2017-0708, CVE-2017-8236, CVE-2017-9690
Xingyuan Lin of 360 Marvel Team CVE-2017-0627, CVE-2017-13163
Xuxian Jiang of C0RE Team CVE-2016-8425, CVE-2016-8426, CVE-2016-8430, CVE-2016-8431, CVE-2016-8432, CVE-2016-8449, CVE-2016-8435, CVE-2016-8479, CVE-2016-8480, CVE-2016-8481, CVE-2016-8482, CVE-2016-10291, CVE-2017-0326, CVE-2017-0333, CVE-2017-0383, CVE-2017-0384, CVE-2017-0385, CVE-2017-0398, CVE-2017-0400, CVE-2017-0401, CVE-2017-0402, CVE-2017-0417, CVE-2017-0418, CVE-2017-0425, CVE-2017-0428, CVE-2017-0429, CVE-2017-0435, CVE-2017-0436, CVE-2017-0444, CVE-2017-0448, CVE-2017-0450, CVE-2017-0479, CVE-2017-0480, CVE-2017-0483, CVE-2017-0526, CVE-2017-0527, CVE-2017-0651, CVE-2017-0665, CVE-2017-0666, CVE-2017-0681, CVE-2017-0684, CVE-2017-0709, CVE-2017-0731, CVE-2017-0737, CVE-2017-0739, CVE-2017-0765, CVE-2017-0768, CVE-2017-0769, CVE-2017-0779, CVE-2017-0801, CVE-2017-7368, CVE-2017-8264, CVE-2017-10661
XTN CVE-2017-13165
Yan Zhou of Eagleye team, SCC, Huawei CVE-2017-9678
Yanfeng Wang of C0RE Team CVE-2016-8430, CVE-2016-8482
Yang Cheng of Xiaomi Inc. CVE-2016-10276
Yang Dai of Vulpecker Team, Qihoo 360 Technology Co. Ltd CVE-2017-0795, CVE-2017-0799, CVE-2017-0804, CVE-2017-0803, CVE-2017-6262, CVE-2017-6263, CVE-2017-6280
Yang Song of Alibaba Mobile Security Group CVE-2016-10280, CVE-2016-10281, CVE-2017-0463, CVE-2017-0506, CVE-2017-0565, CVE-2017-0711, CVE-2017-0741, CVE-2017-0742, CVE-2017-0751, CVE-2017-0796, CVE-2017-0798, CVE-2017-0800, CVE-2017-0827, CVE-2017-0842, CVE-2017-0843, CVE-2017-0864, CVE-2017-11000, CVE-2017-11059, CVE-2017-9703, CVE-2017-9708, CVE-2017-13170
Yanick Fratantonio (UC Santa Barbara, Shellphish Grill Team, EURECOM) CVE-2017-0860
Yangkang (@dnpushme) of Qex Team, Qihoo 360 CVE-2017-0647, CVE-2017-0690, CVE-2017-0753
Yao Jun of C0RE Team CVE-2016-8431, CVE-2016-8432, CVE-2016-8435, CVE-2016-8480
Yaoguang Chen of Ant-financial Light-Year Security Lab (蚂蚁金服巴斯光年安全实验室) CVE-2017-13171
Yong Wang (王勇) (@ThomasKing2014) of Alibaba Inc. CVE-2017-0404, CVE-2017-0588, CVE-2017-0842, CVE-2017-13164, CVE-2017-9708, CVE-2017-13170
Yonggang Guo (@guoygang) of IceSword Lab, Qihoo 360 Technology Co. Ltd. CVE-2016-10289, CVE-2017-0465, CVE-2017-0564, CVE-2017-0746, CVE-2017-0749, CVE-2017-7370, CVE-2017-8267, CVE-2017-8269, CVE-2017-8271, CVE-2017-8272, CVE-2017-11048, CVE-2017-12146
Yongke Wang of Tencent's Xuanwu Lab CVE-2017-0729, CVE-2017-0767, CVE-2017-0839, CVE-2017-0848
Dr. Yossi Oren of Ben Gurion University Cyber Lab CVE-2017-0650
Yu Pan of Vulpecker Team, Qihoo 360 Technology Co. Ltd CVE-2016-10282, CVE-2017-0517, CVE-2017-0532, CVE-2017-0615, CVE-2017-0618, CVE-2017-0625, CVE-2017-0795, CVE-2017-0799, CVE-2017-0804, CVE-2017-0803, CVE-2017-6262, CVE-2017-6263, CVE-2017-6280
Yuan-Tsung Lo of C0RE Team CVE-2016-8425, CVE-2016-8426, CVE-2016-8430, CVE-2016-8431, CVE-2016-8432, CVE-2016-8435, CVE-2016-8449, CVE-2016-8479, CVE-2016-8480, CVE-2016-8481, CVE-2016-8482, CVE-2016-10291, CVE-2017-0326, CVE-2017-0333, CVE-2017-0428, CVE-2017-0429, CVE-2017-0435, CVE-2017-0436, CVE-2017-0444, CVE-2017-0448, CVE-2017-0526, CVE-2017-0527, CVE-2017-6264, CVE-2017-6274, CVE-2017-6275, CVE-2017-0651, CVE-2017-0709, CVE-2017-0824, CVE-2017-7368, CVE-2017-8264, CVE-2017-10661, CVE-2017-14903
Yuebin Sun of Tencent's Xuanwu Lab CVE-2017-0767, CVE-2017-0839, CVE-2017-0848
Yuqi Lu (@nikos233) of C0RE Team CVE-2017-0383, CVE-2017-0401, CVE-2017-0417, CVE-2017-0425, CVE-2017-0483
Yuxiang Li (@Xbalien29) of Tencent Security Platform Department CVE-2017-0395, CVE-2017-0669, CVE-2017-0704
Zach Riggle (@ebeip90) of the Android Security Team CVE-2017-0710
Zhanpeng Zhao (行之) (@0xr0ot) of Security Research Lab, Cheetah Mobile CVE-2016-8451
Zhe Jin (金哲) of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd. CVE-2017-0758, CVE-2017-0760
Zhen Zhou (@henices) of NSFocus CVE-2017-0406
Zhi Xu of Palo Alto Networks CVE-2017-0752
Zhixin Li of NSFocus CVE-2017-0406
Zinuo Han from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd. CVE-2017-0475, CVE-2017-0497, CVE-2017-0548, CVE-2017-0678, CVE-2017-0691, CVE-2017-0700, CVE-2017-0714, CVE-2017-0718, CVE-2017-0719, CVE-2017-0720, CVE-2017-0722, CVE-2017-0725, CVE-2017-0745, CVE-2017-0760, CVE-2017-0761, CVE-2017-0764, CVE-2017-0776, CVE-2017-0777, CVE-2017-0778, CVE-2017-0813, CVE-2017-0814, CVE-2017-0820, CVE-2017-0823, CVE-2017-0850, CVE-2017-0858, CVE-2017-0879
Zubin Mithra of Google CVE-2017-0462, CVE-2017-8241

Additional contributions

We would also like to acknowledge the contributions of the following individuals to Android security:

2016

Abhishek Arya of Google Chrome Security Team

Adam Donenfeld et al. of Check Point Software Technologies Ltd.

Adam Powell of Google

Alex Chapman of Context Information Security

Altaf Shaik of Security in Telecommunications

Andre Teixeira Rizzo

Andrea Biondo

Andrei Kapishnikov of Google

Andy Tyler (@ticarpi) of e2e-assure

Anestis Bechtsoudis (@anestisb) of CENSUS S.A.

Ao Wang (@ArayzSegment) of PKAV, Silence Information Technology

Askyshang of Security Platform Department, Tencent

Baozeng Ding of Alibaba Mobile Security Group

Ben Hawkes of Google Project Zero

Billy Lau of Android Security

Brad Ebinger of Google Telecom Team

Broadgate Team

Chad Brubaker of Android Security

Chao Yang of Alibaba Mobile Security Group

Chenfu Bao (包沉浮) of Baidu X-Lab

Chengming Yang of Alibaba Mobile Security Group

Chi Zhang of C0RE Team

Chiachih Wu (@chiachih_wu) of C0RE Team from Qihoo 360

Christian Seel

Christopher Tate of Google

Constantinos Patsakis of University of Piraeus

Cory Pruce of Carnegie Mellon University

Cristiano Giuffrida of Vrije Universiteit Amsterdam

Daniel Micay of Copperhead Security

David Benjamin of Google

David Riley of the Google Pixel C Team

Dawei Peng (Vinc3nt4H) of Alibaba Mobile Security Team

Di Shen (@returnsme) of KeenLab (@keen_lab), Tencent

Dianne Hackborn of Google

Dmitry Vyukov of Google Dynamic Tools team

Dominik Schürmann of Institute for Operating Systems and Computer Networks, TU Braunschweig

Dongdong She of UC Riverside

Dongkwan Kim (dkay@kaist.ac.kr) of System Security Lab, KAIST

dosomder

dragonltx of Alibaba mobile security team

DS

Dzmitry Lukyanenka (www.linkedin.com/in/dzima)

Ecular Xu (徐健) of Trend Micro

Efthimios Alepis of University of Piraeus

En He (@heeeeen4x) of MS509Team

Gal Beniamini (@laginimaineb, http://bits-please.blogspot.com)

jiayy

Gengming Liu (刘耕铭) (@dmxcsnsbh) of KeenLab, Tencent

George Piskas of École polytechnique fédérale de Lausanne

Giovanni Vigna of University of California, Santa Barbara

Greg Kaiser of Google Android Team

Guang Gong (龚广) (@oldfresher) of Qihoo 360 Technology Co. Ltd.

Hang Zhang of UC Riverside

Hanxiang Wen of C0RE Team

Hao Chen of Vulpecker Team, Qihoo 360 Technology Co. Ltd.

Hao Qin of Security Research Lab, Cheetah Mobile

Herbert Bos of Vrije Universiteit Amsterdam

Hongil Kim (hongilk@kaist.ac.kr) of System Security Lab, KAIST

Imre Rad of Search-Lab Ltd.

Iwo Banas

Jake Valletta of Mandiant, a FireEye company

James Forshaw of Google Project Zero

Jann Horn (https://thejh.net)

Jason Rogena

Jeremy C. Joslin of Google

jfang of KEEN lab, Tencent (@K33nTeam)

Jianqiang Zhao (@jianqiangzhao) of IceSword Lab, Qihoo 360

Joshua Drake (@jduck)

Jouni Malinen PGP id EFC895FA

Kai Lu (@K3vinLuSec) of Fortinet's FortiGuard Labs

Kandala Shivaram reddy

Kaveh Razavi of Vrije Universiteit Amsterdam

Kenny Root of Google

Lee Campbell of Google

Lubo Zhang of C0RE Team

Maciej Szawłowski of the Google Security Team

Madhu Priya Murugan of CISPA, Saarland University

Makoto Onuki of Google

Marco Grassi (@marcograss) of KeenLab (@keen_lab), Tencent

Marco Nelissen of Google

Mark Brand of Google Project Zero

Mark Renouf of Google

Martin Barbella of Google Chrome Security Team

Martina Lindorfer of University of California, Santa Barbara

Max Spector of Google

MengLuo Gou (@idhyt3r) of Bottle Tech

Michał Bednarski ( github.com/michalbednarski)

Mike Maarse

Min Chong of Android Security

Mingjian Zhou (@Mingjian_Zhou) of C0RE Team, Qihoo 360

Miriam Gershenson of Google

Nancy Wang of Vertu Corporation LTD

Nasim Zamir

Nathan Crandall (@natecray) of Tesla Motors Product Security Team

Nico Golde (@iamnion) of Qualcomm Product Security Initiative

Nightwatch Cybersecurity Research (@nightwatchcyber)

Ning You of Alibaba Mobile Security Group

Oleksiy Vyalov of Google

Oliver Chang of Google Chrome Security Team

Paul Stone of Context Information Security

Peng Xiao of Alibaba Mobile Security Group

Pengfei Ding (丁鹏飞) of Baidu X-Lab

Peter Pi (@heisecode) of Trend Micro

pjf of IceSword Lab, Qihoo 360

Quan Nguyen of Google Information Security Engineer Team

Qianwei Hu (rayxcp@gmail.com) of WooYun TangLab

Qidan He (@Flanker_hqd) of KeenLab (@keen_lab), Tencent

Richard Shupak

Ricky Wai of Google

Robin Lee of Google

Roee Hay, IBM Security X-Force Researcher

Roeland Krak

Romain Trouvé of MWR Labs

Ronald L. Loor Vargas (@loor_rlv) of TEAM Lv51

Sagi Kedmi, IBM Security X-Force Researcher

Samuel Tan of Google

Santos Cordon of Google Telecom Team

Scott Bauer (@ScottyBauer1)

Sen Nie (@nforest_) of KEEN lab, Tencent (@K33nTeam)

Sergey Bobrov (@Black2Fan) of Kaspersky Lab

Seven Shen (@lingtongshen) of Trend Micro (www.trendmicro.com)

Sharvil Nanavati of Google

Shinjo Park (@ad_ili_rai) of Security in Telecommunications

Stuart Henderson

Su Mon Kywe of Singapore Management University

Tao (Lenx) Wei (韦韬) of Baidu X-Lab

Thom Does

Tieyan Li of Huawei

Tim Strazzere (@timstrazz) of SentinelOne / RedNaga

Tom Craig of Google X

Tom Rootjunky

Tong Lin of C0RE Team

Tongxin Li of Peking University

trotmaster (@trotmaster99)

Vasily Vasilev

Victor Chang of Google

Victor van der Veen of Vrije Universiteit Amsterdam

Vignesh Venkatasubramanian of Google

Vishwath Mohan of Android Security

Wei Wei (@Danny__Wei) of Xuanwu LAB, Tencent

Weichao Sun (@sunblate) of Alibaba Inc

Wen Niu (@NWMonster) of KeenLab (@keen_lab), Tencent

Wenke Dou of C0RE Team

Wenlin Yang of Alpha Team, Qihoo 360 Technology Co. Ltd.

William Roberts ( william.c.roberts@intel.com)

Wish Wu (@wish_wu) (吴潍浠) of Mobile Threat Response Team, Trend Micro Inc.

Xiaodong Wang of C0RE Team

Xiaofeng Wang of Indiana University Bloomington

Xiling Gong of Tencent Security Platform Department

Xingyu He (何星宇) (@Spid3r_) of Alibaba Inc

Xinhui Han of Peking University

Xuxian Jiang of C0RE Team, Qihoo 360

Yabin Cui from Android Bionic Team

Yacong Gu of TCA Lab, Institute of Software, Chinese Academy of Sciences

Yakov Shafranovich of Nightwatch Cybersecurity

Yang Dong of Alibaba Mobile Security Group

Yang Song of Alibaba Mobile Security Group

Yanick Fratantonio of University of California, Santa Barbara

Yao Jun of C0RE Team

Yeonjoon Lee of Indiana University Bloomington

Yi Zhang of Alibaba Mobile Security Group

Yingjiu Li of Singapore Management University

Yong Shi of Eagleye team, SCC, Huawei

Yong Wang (王勇) (@ThomasKing2014) of Alibaba Inc.

Yongke Wang (@Rudykewang) of Xuanwu LAB, Tencent

Yongzheng Wu of Huawei

Yuan-Tsung Lo (computernik@gmail.com) of C0RE Team

Yulong Zhang of Baidu X-Lab

Yuru Shao of University of Michigan Ann Arbor

Yuxiang Li (@Xbalien29) of Tencent Security Platform Department

Zach Riggle (@ebeip90) of the Android Security Team

Zhanpeng Zhao (行之) (@0xr0ot) of Security Research Lab, Cheetah Mobile

Zhe Jin (金哲) of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd.

Zhiyun Qian of UC Riverside

Zinuo Han of PKAV, Silence Information Technology

Zubin Mithra of Google

2015

Abhishek Arya, Google Chrome Security Team

Alex Copot

Alex Eubanks

Alexandru Blanda

Arne Swinnen (www.arneswinnen.net)

Artem Chaykin

Ben Hawkes

Brennan Lautner

Chiachih Wu of C0RE Team from Qihoo 360

Darmstadt (siegfried.rasthofer@gmail.com)

Daniel Micay (daniel.micay@copperhead.co) at Copperhead Security

Dongkwan Kim of System Security Lab, KAIST (dkay@kaist.ac.kr)

dragonltx of Alibaba Mobile Security Team

Gal Beniamini ( http://bits-please.blogspot.com)

Guang Gong (龚广) (@oldfresher, higongguang@gmail.com) of Qihoo 360 Technology Co.Ltd

Hongil Kim of System Security Lab, KAIST (hongilk@kaist.ac.kr)

Ian Beer of Google Project Zero

Iván Arce (@4Dgifts) of Programa STIC at Fundación Dr. Manuel Sadosky, Buenos Aires Argentina

Jack Tang of Trend Micro (@jacktang310)

jgor of The University of Texas at Austin (@indiecom)

Joaquín Rinaudo (@xeroxnir) of Programa STIC at Fundación Dr. Manuel Sadosky, Buenos Aires Argentina

Jordan Gruskovnjak of Exodus Intelligence (@jgrusko)

Joshua Drake of Zimperium

Lei Wu of C0RE Team from Qihoo 360

Marco Grassi (@marcograss) of KeenTeam (@K33nTeam)

Mark Carter (@hanpingchinese) of EmberMitre Ltd

Martin Barbella, Google Chrome Security Team

Michael Peck of The MITRE Corporation (mpeck@mitre.org)

Michał Bednarski ( https://github.com/michalbednarski)

Michael Roland of JR-Center u'smile at University of Applied Scienses, Upper Austria/Hagenberg

Natalie Silvanovich of Google Project Zero

Oliver Chang, Google Chrome Security Team

Peter Pi of Trend Micro

Ping Li of Qihoo 360 Technology Co. Ltd

Qidan He (@flanker_hqd) from KeenTeam (@K33nTeam, http://k33nteam.org/)

Roee Hay and Or Peles

Seven Shen of Trend Micro

Siegfried Rasthofer of Secure Software Engineering Group, EC SPRIDE Technische Universität

Stephan Huber of Testlab Mobile Security, F raunhofer SIT (Stephan.Huber@sit.fraunhofer.de)

Steven Vittitoe of Google Project Zero

Tony Beltramelli (@Tbeltramelli) of tonybeltramelli.com

Tzu-Yin (Nina) Tai

Wangtao(neobyte) of Baidu X-Team

Wen Xu (@antlr7) from KeenTeam (@K33nTeam, http://k33nteam.org/)

William Roberts ( william.c.roberts@intel.com)

Wish Wu of Trend Micro Inc. (@wish_wu)

Xuxian Jiang of C0RE Team from Qihoo 360

Yajin Zhou of C0RE Team from Qihoo 360

2014

Aaron Mangel of Banno (amangel@gmail.com)

Alex Park (@saintlinu)

Alexandru Gheorghita

Andrey Labunets of Facebook

Ange Albertini (@angealbertini)

Axelle Apvrille of Fortinet, FortiGuards Labs

Dan Amodio of Aspect Security (@DanAmodio)

David Murdoch

Henry Hoggard of MWR Labs (@HenryHoggard)

Imre Rad of Search-Lab Ltd.

Jann Horn Green Droid Patch Symbol

Jeff Forristal of Bluebox Security

Joseph Redfern of MWR Labs
(@JosephRedfern)

Kunal Patel of Samsung KNOX Security Team (kunal.patel1@samsung.com)

Luander Michel Ribeiro (@luanderock)

Luyi Xing of Indiana University Bloomington (xingluyi@gmail.com)

Marc Blanchou (@marcblanchou)

Mathew Solnik (@msolnik)

Michał Bednarski

Raimondas Sasnauskas of University of Utah

Robert Craig of Trusted Systems Research Group, US National Security Agency Patch Symbol

Samsung Mobile

Scotty Bauer of University of Utah (sbauer@eng.utah.edu)

Sebastian Brenza

Siegfried Rasthofer of Secure Software Engineering Group, EC SPRIDE Technische Universität Darmstadt (siegfried.rasthofer@gmail.com)

Sony Mobile

Stephan Huber of Testlab Mobile Security, Fraunhofer SIT (Stephan.Huber@sit.fraunhofer.de)

Stephen Smalley of Trusted Systems Research Group, US National Security Agency Patch Symbol

Steven Arzt of Secure Software Engineering Group, EC SPRIDE Technische Universität Darmstadt (Steven.Arzt@ec-spride.de)

Subodh Iyengar of Facebook

Tongxin Li of Peking University (litongxin1991@gmail.com)

Tony Trummer of The Men in the Middle
(@SecBro1)

Tushar Dalvi (@tushardalvi)

Valera Neronov

Wang Tao of Baidu X-Team (wintao@gmail.com)

Wang Yu of Baidu X-Team (@xi4oyu)

Will Shackleton of Facebook

William Roberts (bill.c.roberts@gmail.com) Patch Symbol

Xiaofeng Wang of Indiana University Bloomington (xw7@indiana.edu)

Xiaoyong Zhou of Indiana University Bloomington
(@xzhou, zhou.xiaoyong@gmail.com)

Xinhui Han of Peking University (hanxinhui@pku.edu.cn)

Yeonjoon Lee of Indiana University Bloomington (luc2yj@gmail.com)

Yu-Cheng Lin 林禹成 (@AndroBugs)

Zhang Dong Hui of Baidu X-Team (shineastdh)

2013

Ivaylo Marinkov of eCommera (ivo@tsarstva.bg)

Jon Sawyer of Applied Cybersecurity LLC (jon@cunninglogic.com)

Joshua J. Drake of Accuvant LABS (@jduck) Patch Rewards Symbol

Kan Yuan

Lucas Yang (amadoh4ck) of RaonSecurity (amadoh4ck@gmail.com)

Luyi Xing of Indiana University Bloomington (xingluyi@gmail.com)

Mike Ryan of iSEC Partners
(@mpeg4codec, mikeryan@isecpartners.com )

Muhammad Naveed of University of Illinois at Urbana-Champaign
(naveed2@illinois.edu)

Qualcomm Product Security Initiative

Roee Hay (@roeehay, roeehay@gmail.com)

Robert Craig of Trusted Systems Research Group, US National Security Agency Patch Symbol

Ruben Santamarta of IOActive (@reversemode)

Stephen Smalley of Trusted Systems Research Group, US National Security Agency Patch Symbol

William Roberts (bill.c.roberts@gmail.com) Patch Symbol

Xiaorui Pan of Indiana University Bloomington (eagle200467@gmail.com)

XiaoFeng Wang of Indiana University Bloomington (xw7@indiana.edu)

2012

David Weinstein (@insitusec) of viaForensics

Jann Horn

Ravishankar Borgaonkari (@raviborgaonkar) of TU Berlin

Robert Craig of Trusted Systems Research Group, US National Security Agency Patch Symbol

Roee Hay (@roeehay, roeehay@gmail.com)

Stephen Smalley of Trusted Systems Research Group, US National Security Agency Patch Symbol

William Roberts (bill.c.roberts@gmail.com) Patch Symbol

2011

Collin Mulliner of MUlliNER.ORG (@collinrm)

2009

Charlie Miller (@0xcharlie)

Collin Mulliner of MUlliNER.ORG (@collinrm)