Cybersecurity Research Center (CyRC)

CyRC's mission is to advance the state of software security through research, innovation, and evangelism. CyRC leverages Black Duck’s expertise, technology, and resources to conduct high-quality primary and secondary software security research, and publishes its findings for the benefit of the broader security, developer, and DevSecOps communities.

Operating within the greater Black Duck mission of building trust in the software that powers our lives, CyRC helps increase awareness of issues by publishing research supporting strong cybersecurity practices.

CyRC leverages core expertise present in our global software security teams. Our expertise spans static code analysis, software composition analysis, dynamic analysisfuzzing, interactive application security testing, open source development, and production deployment. With software at the heart of modern life—from wearable devices, home automation, blockchain, mobile applications, and automotive technologies—access to actionable security information must flow at the pace of innovation.

Latest from CyRC

Download CyRC research reports

To help organizations develop secure, high-quality software, the CyRC team publishes research that supports strong cyber security practices. Check out some of the latest research.

Software Vulnerability Snapshot Report cover

Software Vulnerability Snapshot

Download the report
Open Source Security and Risk Analysis Report

Open Source Security and Risk Analysis Report

Download the report

Vulnerabilities discovered and disclosed by CyRC

  • CVE
  • BDSA
  • Product
  • Researcher
  • Tool
  • References
  • Notes
CVE-2023-32353 iTunes Zeeshan Shaikh Black Duck advisory
CVE-2023-25827 OpenTSDB Jamie Harris Black Duck advisory
CVE-2023-25826 OpenTSDB Jamie Harris Black Duck advisory
CVE-2023-25828 Pluck CMS Matthew Hogg Black Duck advisory
CVE-2023-23846 BDSA-2023-0197 Open5GS Tommi Maekilae
Qiang Li 		Defensics Black Duck advisory
CVE-2022-45477 Telepad Mohamed Alshehri Black Duck advisory
CVE-2022-45478 Telepad Mohamed Alshehri Black Duck advisory
CVE-2022-45479 PC Keyboard Mohamed Alshehri Black Duck advisory
CVE-2022-45480 PC Keyboard Mohamed Alshehri Black Duck advisory
CVE-2022-45481 Lazy Mouse Mohamed Alshehri Black Duck advisory
CVE-2022-45482 Lazy Mouse Mohamed Alshehri Black Duck advisory
CVE-2022-45483 Lazy Mouse Mohamed Alshehri Black Duck advisory
CCVE-2022-43945 BDSA-2022-3119 Linux kernel NFSD Aleksi Illikainen
Kari Hulkko 		Defensics Black Duck advisory
CVE-2022-39065 IKEA TRÅDFRI gateway Kari Hulkko
Tuomo Untinen 		Defensics Black Duck advisory
CVE-2022-39064 IKEA TRÅDFRI smart bulb Kari Hulkko
Tuomo Untinen 		Defensics Black Duck advisory
CVE-2022-39063 BDSA-2022-2568 Open5GS Qiang Li Defensics Black Duck advisory
CVE-2022-27535 Kaspersky VPN Secure Connection Zeeshan Shaikh Black Duck advisory
CVE-2022-30617 BDSA-2022-1351 Strapi David Johansson Black Duck advisory
CVE-2022-30618 BDSA-2022-1359 Strapi David Johansson Black Duck advisory
CVE-2022-24814 BDSA-2022-0959 Directus David Johansson Black Duck advisory
CVE-2021-43175 BDSA-2021-3657 GOautodial goAPI Scott Tolley Seeker Black Duck advisory
CVE-2021-43176 BDSA-2021-3656 GOautodial goAPI Scott Tolley Seeker Black Duck advisory
CVE-2021-33177 BDSA-2021-2845 Nagios XI Scott Tolley Seeker Black Duck advisory
CVE-2021-33179 BDSA-2021-2847 Nagios XI Scott Tolley Seeker Black Duck advisory
CVE-2021-33178 BDSA-2021-2846 Nagios XI Scott Tolley Seeker Black Duck advisory
CVE-2021-22116 BDSA-2021-1329 RabbitMQ Jonathan Knudsen Defensics Black Duck advisory
CVE-2021-33175 BDSA-2021-1608 EMQ X Jonathan Knudsen Defensics Black Duck advisory
CVE-2021-33176 BDSA-2021-1609 VerneMQ Jonathan Knudsen Defensics Black Duck advisory
CVE-2021-3430 BDSA-2021-1716 Zephyr Project Matias Karhumaa Defensics Black Duck advisory
CVE-2021-3431 BDSA-2021-1718 Zephyr Project Matias Karhumaa Defensics Black Duck advisory
CVE-2021-3432 BDSA-2021-1727 Zephyr Project Matias Karhumaa Defensics Black Duck advisory
CVE-2021-3433 BDSA-2021-1734 Zephyr Project Matias Karhumaa Defensics Black Duck advisory
CVE-2021-3434 BDSA-2021-1737 Zephyr Project Matias Karhumaa Defensics Black Duck advisory
CVE-2021-3435 BDSA-2021-1757 Zephyr Project Matias Karhumaa Defensics Black Duck advisory
CVE-2021-3454 BDSA-2021-1761 Zephyr Project Matias Karhumaa Defensics Black Duck advisory
CVE-2021-3455 BDSA-2021-1762 Zephyr Project Matias Karhumaa Defensics Black Duck advisory
CVE-2020-7958 OnePlus 7 Georgi Boiko
Artem Gonchar
Andrew Lee-Thorp 		Defensics Black Duck advisory
CVE-2020-28052 BDSA-2020-3371 BouncyCastle Tero Rontti
Matti Varanka 		Defensics Black Duck advisory
CVE-2020-27223 BDSA-2020-4221 Jetty Tero Rontti
Matti Varanka 		Defensics Black Duck advisory
Jetty advisory
CVE-2019-18989 BDSA-2020-2548 Mediatek MT7620N chipset Kari Hulkko
Tuomo Untinen 		Defensics Black Duck advisory
CVE-2019-18990 BDSA-2020-2549 Realtek RTL8812AR chipset Kari Hulkko
Tuomo Untinen 		Defensics Black Duck advisory
CVE-2019-18991 BDSA-2020-2550 Atheros (Qualcomm) AR9132 chipset Kari Hulkko
Tuomo Untinen 		Defensics Black Duck advisory
CVE-2018-18907 D-Link DIR-850L Tuomo Untinen Defensics D-Link advisory
Black Duck advisory
FI-NCSC advisory
CVE-2017-2420 Apple macOS Matias Karhumaa
Marko Laakso
Pekka Oikarainen 		Defensics Apple advisory
CVE-2017-7645 BDSA-2017-1139 Linux kernel NFS Tuomas Haanpaa
Matti Kamunen 		Defensics RedHat advisory
Debian advisory
CVE-2017-7895 BDSA-2017-0353 Linux kernel NFS Ari Kauppi Defensics RedHat advisory
Debian advisory
CVE-2017-8797 BDSA-2017-0246 Linux kernel NFS Defensics RedHat advisory
CVE-2016-7596 Apple macOS Matias Karhumaa
Marko Laakso
Pekka Oikarainen 		Defensics Apple advisory
CVE-2015-1182 PolarSSL Defensics PolarSSL advisory
CVE-2015-5370 Samba Jouni Knuutinen Defensics Samba advisory
CVE-2014-8275 BDSA-2021-1608 OpenSSL Antti Karjalainen
Tuomo Untinen 		Defensics OpenSSL advisory
CVE-2014-5139 BDSA-2021-1608 OpenSSL Riku Hietamäki
Joonas Kuorilehto 		Defensics OpenSSL advisory
CVE-2014-4911 PolarSSL Defensics PolarSSL security advisory
CVE-2014-5139 OpenSSL Riku Hietamäki
Joonas Kuorilehto 		Defensics FICORA advisory
CVE-2014-3466 GnuTLS Joonas Kuorilehto Defensics GnuTLS advisory
Radare blog
CVE-2014-3859 GnuTLS Defensics ISC advisory
SCIP advisory
CVE-2014-0160 BDSA-2014-0028 OpenSSL Riku Hietamäki
Matti Kamunen
Antti Karjalainen 		Defensics heartbleed.com
NCSC-FI advisory 		Heartbleed
CVE-2014-0101 Linux kernel Defensics RedHat advisory
RedHat issue
CVE-2014-1316 Apple OS X Defensics Apple advisory
CVE-2014-1266 Apple iOS Defensics Apple advisory
Black Duck advisory
iMore article 		"goto fail"
CVE-2013-3748 Oracle Joonas Kuorilehto Defensics Oracle advisory
CVE-2013-5140 Apple iOS Joonas Kuorilehto Defensics Black Duck advisory
CVE-2012-3570 BDSA-2021-3657 ISC DHCP Defensics CERT-FI advisory
ISC advisory
CVE-2012-3571 BDSA-2021-3656 ISC DHCP Defensics ISC advisory
CVE-2012-2388 strongSwan Defensics CERT-FI advisory
CVE-2012-2333 OpenSSL Defensics CERT-FI advisory
CVE-2012-0256 BDSA-2021-1609 Apache Traffic Server Defensics CERT-FI advisory
CVE-2012-0259 ImageMagick Aleksis Kauppinen
Joonas Kuorilehto
Tuomas Parttimaa
Lasse Ylivainio 		Defensics CERT-FI advisory
CVE-2012-0260 ImageMagick Aleksis Kauppinen
Joonas Kuorilehto
Tuomas Parttimaa
Lasse Ylivainio 		Defensics CERT-FI advisory
CVE-2012-1798 ImageMagick Aleksis Kauppinen
Joonas Kuorilehto
Tuomas Parttimaa
Lasse Ylivainio 		Defensics CERT-FI advisory
CVE-2012-0247 ImageMagick Aleksis Kauppinen
Joonas Kuorilehto 		Defensics CERT-FI advisory
CVE-2012-0248 ImageMagick Aleksis Kauppinen
Joonas Kuorilehto 		Defensics CERT-FI advisory
CVE-2011-3334 bluez Tommi Mäkilä
Jukka Taimisto 		Defensics CERT-FI advisory
CVE-2011-3323 Quagga BGP and OSPF Riku Hietamäki
Jukka Taimisto
Tuomo Untinen 		Defensics CERT-FI advisory
CVE-2011-3324 Quagga BGP and OSPF Riku Hietamäki
Jukka Taimisto
Tuomo Untinen 		Defensics CERT-FI advisory
CVE-2011-3325 Quagga BGP and OSPF Riku Hietamäki
Jukka Taimisto
Tuomo Untinen 		Defensics CERT-FI advisory
CVE-2011-3326 Quagga BGP and OSPF Riku Hietamäki
Jukka Taimisto
Tuomo Untinen 		Defensics CERT-FI advisory
CVE-2011-3327 Quagga BGP and OSPF Riku Hietamäki
Jukka Taimisto
Tuomo Untinen 		Defensics CERT-FI advisory
CVE-2010-2948 Quagga BGP and OSPF Riku Hietamäki
Jukka Taimisto
Tuomo Untinen 		Defensics CERT-FI advisory
Quagga 0.99.17 release note
CVE-2010-2949 Quagga BGP and OSPF Riku Hietamäki
Jukka Taimisto
Tuomo Untinen 		Defensics CERT-FI advisory
Quagga 0.99.17 release note
CVE-2010-2552 Microsoft SMB Riku Hietamäki
Joshua Morin 		Defensics Microsoft advisory
Microsoft security summary
CVE-2010-0211 OpenLDAP Ilkka Mattila
Tuomas Salomäki 		Defensics CERT-FI advisory
CVE-2010-0212 OpenLDAP Ilkka Mattila
Tuomas Salomäki 		Defensics CERT-FI advisory
CVE-2010-1173 Linux Kernel SCTP Jukka Taimisto
Olli Jarva 		Defensics CERT-FI advisory
CVE-2010-0101 Lexmark printers Defensics Lexmark advisory
Lexmark advisory (2) 		CVE-2004-0079 (Regression)
CVE-2010-0020 Microsoft SMB Joshua Morin Defensics Microsoft advisory
CVE-2010-0006 Linux Kernel Olli Jarva
Tuomo Untinen 		Defensics CERT-FI advisory CVE-2007-4567 (Regression)
CVE-2009-3720 libexpat Defensics CERT-FI Advisory Affected (at least):
Python Expat,
Xerces C++,
Libxml2, Sun Java,
Xerces Java,
OpenJDK,
Apple, Google,
OpenOffice,
Sun StarOffice,
Sun StarSuite,
Oracle, VMware,
etc.
CVE-2009-1885 Apache Xerces C++ Defensics CERT-FI Advisory Affected (at least):
Python Expat,
Xerces C++,
Libxml2, Sun Java,
Xerces Java,
OpenJDK,
Apple, Google,
OpenOffice,
Sun StarOffice,
Sun StarSuite,
Oracle, VMware,
etc.
CVE-2009-2414 libxml2 Affected (at least):
Python Expat,
Xerces C++,
Libxml2, Sun Java,
Xerces Java,
OpenJDK,
Apple, Google,
OpenOffice,
Sun StarOffice,
Sun StarSuite,
Oracle, VMware,
etc.
CVE-2009-2416 libxml2 Affected (at least):
Python Expat,
Xerces C++,
Libxml2, Sun Java,
Xerces Java,
OpenJDK,
Apple, Google,
OpenOffice,
Sun StarOffice,
Sun StarSuite,
Oracle, VMware,
etc.
CVE-2009-2625 Apache Xerces2 Java Affected (at least):
Python Expat,
Xerces C++,
Libxml2, Sun Java,
Xerces Java,
OpenJDK,
Apple, Google,
OpenOffice,
Sun StarOffice,
Sun StarSuite,
Oracle, VMware,
etc.
CVE-2009-2621 Squid Defensics Squid advisory
CVE-2009-2622 Squid Defensics Squid advisory
CVE-2009-0478 Squid Defensics Squid advisory
CVE-2008-0891 OpenSSL Defensics CERT-FI advisory
OpenSSL advisory
CVE-2008-1948 GnuTLS Ossi Herrala
Jukka Taimisto 		Defensics CERT-FI advisory
GnuTLS update
GnuTLS second update
CVE-2008-1949 GnuTLS Ossi Herrala
Jukka Taimisto 		Defensics CERT-FI advisory
GnuTLS update
GnuTLS second update
CVE-2008-1950 GnuTLS Ossi Herrala
Jukka Taimisto 		Defensics CERT-FI advisory
GnuTLS update
GnuTLS second update
CVE-2008-2464 NetBSD Defensics CERT-FI advisory
NetBSD advisory
CVE-2008-4038 Microsoft SMB Defensics Microsoft advisory
OpenGGSN Defensics VTT advisory Bug#446219
CVE-2005-1211 Microsoft image libraries Defensics Microsoft advisory
CVE-2004-0081 OpenSSL Defensics Red Hat advisory
CVE-2004-0786 Apache Defensics Red Hat advisory
©2025 Black Duck Software, Inc. All Rights Reserved