[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-70842":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":16,"subscribersCount":16,"size":16,"stars1d":17,"stars7d":18,"stars30d":19,"stars90d":16,"forks30d":16,"starsTrendScore":20,"compositeScore":21,"rankGlobal":10,"rankLanguage":10,"license":22,"archived":23,"fork":23,"defaultBranch":24,"hasWiki":23,"hasPages":25,"topics":26,"createdAt":10,"pushedAt":10,"updatedAt":32,"readmeContent":33,"aiSummary":34,"trendingCount":16,"starSnapshotCount":16,"syncStatus":35,"lastSyncTime":36,"discoverSource":37},70842,"oss-fuzz","google\u002Foss-fuzz","google","OSS-Fuzz - continuous fuzzing for open source software.","https:\u002F\u002Fgoogle.github.io\u002Foss-fuzz",null,"Shell",12326,2781,242,284,0,9,23,96,27,45,"Apache License 2.0",false,"master",true,[27,28,5,29,30,31],"fuzz-testing","fuzzing","security","stability","vulnerabilities","2026-06-12 02:02:44","# OSS-Fuzz: Continuous Fuzzing for Open Source Software\n\n[Fuzz testing] is a well-known technique for uncovering programming errors in\nsoftware. Many of these detectable errors, like [buffer overflow], can have\nserious security implications. Google has found [thousands] of security\nvulnerabilities and stability bugs by deploying [guided in-process fuzzing of\nChrome components], and we now want to share that service with the open source\ncommunity.\n\n[Fuzz testing]: https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FFuzz_testing\n[buffer overflow]: https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FBuffer_overflow\n[thousands]: https:\u002F\u002Fissues.chromium.org\u002Fissues?q=label:Stability-LibFuzzer%20-status:Duplicate,WontFix\n[guided in-process fuzzing of Chrome components]: https:\u002F\u002Fsecurity.googleblog.com\u002F2016\u002F08\u002Fguided-in-process-fuzzing-of-chrome.html\n\nIn cooperation with the [Core Infrastructure Initiative] and the [OpenSSF],\nOSS-Fuzz aims to make common open source software more secure and stable by\ncombining modern fuzzing techniques with scalable, distributed execution.\nProjects that do not qualify for OSS-Fuzz (e.g. closed source) can run their own\ninstances of [ClusterFuzz] or [ClusterFuzzLite].\n\n[Core Infrastructure Initiative]: https:\u002F\u002Fwww.coreinfrastructure.org\u002F\n[OpenSSF]: https:\u002F\u002Fwww.openssf.org\u002F\n\nWe support the [libFuzzer], [AFL++], and [Honggfuzz] fuzzing engines in\ncombination with [Sanitizers], as well as [ClusterFuzz], a distributed fuzzer\nexecution environment and reporting tool.\n\n[libFuzzer]: https:\u002F\u002Fllvm.org\u002Fdocs\u002FLibFuzzer.html\n[AFL++]: https:\u002F\u002Fgithub.com\u002FAFLplusplus\u002FAFLplusplus\n[Honggfuzz]: https:\u002F\u002Fgithub.com\u002Fgoogle\u002Fhonggfuzz\n[Sanitizers]: https:\u002F\u002Fgithub.com\u002Fgoogle\u002Fsanitizers\n[ClusterFuzz]: https:\u002F\u002Fgithub.com\u002Fgoogle\u002Fclusterfuzz\n[ClusterFuzzLite]: https:\u002F\u002Fgoogle.github.io\u002Fclusterfuzzlite\u002F\n\nCurrently, OSS-Fuzz supports C\u002FC++, Rust, Go, Python, Java\u002FJVM, JavaScript and Lua code. Other languages\nsupported by [LLVM] may work too. OSS-Fuzz supports fuzzing x86_64 and i386\nbuilds.\n\n[LLVM]: https:\u002F\u002Fllvm.org\n\n## Overview\n![OSS-Fuzz process diagram](docs\u002Fimages\u002Fprocess.png)\n\n## Documentation\nRead our [detailed documentation] to learn how to use OSS-Fuzz.\n\n[detailed documentation]: https:\u002F\u002Fgoogle.github.io\u002Foss-fuzz\n\n## Trophies\nAs of May 2025, OSS-Fuzz has helped identify and fix over 13,000 vulnerabilities and 50,000 bugs across [1,000] projects.\n\n[1,000]: https:\u002F\u002Fgithub.com\u002Fgoogle\u002Foss-fuzz\u002Ftree\u002Fmaster\u002Fprojects\n\n## Blog posts\n* 2024-11-20 - [Leveling Up Fuzzing: Finding more vulnerabilities with AI]\n* 2023-08-16 - [AI-Powered Fuzzing: Breaking the Bug Hunting Barrier]\n* 2023-02-01 - [Taking the next step: OSS-Fuzz in 2023]\n* 2022-09-08 - [Fuzzing beyond memory corruption: Finding broader classes of vulnerabilities automatically]\n* 2021-12-16 - [Improving OSS-Fuzz and Jazzer to catch Log4Shell]\n* 2021-03-10 - [Fuzzing Java in OSS-Fuzz]\n* 2020-12-07 - [Improving open source security during the Google summer internship program]\n* 2020-10-09 - [Fuzzing internships for Open Source Software]\n* 2018-11-06 - [A New Chapter for OSS-Fuzz]\n* 2017-05-08 - [OSS-Fuzz: Five months later, and rewarding projects]\n* 2016-12-01 - [Announcing OSS-Fuzz: Continuous fuzzing for open source software]\n\n[Leveling Up Fuzzing: Finding more vulnerabilities with AI]: https:\u002F\u002Fsecurity.googleblog.com\u002F2024\u002F11\u002Fleveling-up-fuzzing-finding-more.html\n[AI-Powered Fuzzing: Breaking the Bug Hunting Barrier]: https:\u002F\u002Fsecurity.googleblog.com\u002F2023\u002F08\u002Fai-powered-fuzzing-breaking-bug-hunting.html\n[Announcing OSS-Fuzz: Continuous fuzzing for open source software]: https:\u002F\u002Fopensource.googleblog.com\u002F2016\u002F12\u002Fannouncing-oss-fuzz-continuous-fuzzing.html\n[OSS-Fuzz: Five months later, and rewarding projects]: https:\u002F\u002Fopensource.googleblog.com\u002F2017\u002F05\u002Foss-fuzz-five-months-later-and.html\n[A New Chapter for OSS-Fuzz]: https:\u002F\u002Fsecurity.googleblog.com\u002F2018\u002F11\u002Fa-new-chapter-for-oss-fuzz.html\n[Fuzzing internships for Open Source Software]: https:\u002F\u002Fsecurity.googleblog.com\u002F2020\u002F10\u002Ffuzzing-internships-for-open-source.html\n[Improving open source security during the Google summer internship program]: https:\u002F\u002Fsecurity.googleblog.com\u002F2020\u002F12\u002Fimproving-open-source-security-during.html\n[Fuzzing Java in OSS-Fuzz]: https:\u002F\u002Fsecurity.googleblog.com\u002F2021\u002F03\u002Ffuzzing-java-in-oss-fuzz.html\n[Improving OSS-Fuzz and Jazzer to catch Log4Shell]: https:\u002F\u002Fsecurity.googleblog.com\u002F2021\u002F12\u002Fimproving-oss-fuzz-and-jazzer-to-catch.html\n[Fuzzing beyond memory corruption: Finding broader classes of vulnerabilities automatically]: https:\u002F\u002Fsecurity.googleblog.com\u002F2022\u002F09\u002Ffuzzing-beyond-memory-corruption.html\n[Taking the next step: OSS-Fuzz in 2023]: https:\u002F\u002Fsecurity.googleblog.com\u002F2023\u002F02\u002Ftaking-next-step-oss-fuzz-in-2023.html\n","OSS-Fuzz 是一个为开源软件提供持续模糊测试的项目。它利用现代模糊测试技术，结合可扩展的分布式执行环境，帮助发现并修复软件中的安全漏洞和稳定性问题。该项目支持多种编程语言（如 C\u002FC++、Rust、Go、Python 等）以及不同的模糊测试引擎（如 libFuzzer、AFL++ 和 Honggfuzz），并通过 Sanitizers 提高检测精度。OSS-Fuzz 适用于希望增强其代码安全性和稳定性的开源项目，特别是在需要长期维护和频繁更新的应用场景中。",2,"2026-06-11 03:34:30","high_star"]