Anonymous GitHub user publishes a trove of claimed zero-day exploit PoCs affecting major open source and security tools

An anonymous GitHub account has released a repository containing dozens of claimed exploit proofs of concept for projects including 7-Zip, Docker, FFmpeg, Firefox, Ghidra, ImageMagick, OpenVPN, VLC, and others. The repository’s note says the dump was incomplete when published, suggesting some findings may be unreliable while others could represent undisclosed vulnerabilities.

Mass public drops of alleged zero-days compress the window for vendors to verify, patch, and coordinate disclosure, while giving defenders and attackers access to the same technical clues. Even if some claims are weak, the breadth of affected software highlights the growing risk of uncoordinated disclosure across widely used open source and infrastructure tools.