Xavier René-Corail

Sr. Dir, Security Research. Open Source Security at GitHub. I lead the GitHub Security Lab, empowering open source maintainers and developers to ship secure software.

Posts by this author

Supply chain security

Our plan for a more secure npm supply chain

Addressing a surge in package registry attacks, GitHub is strengthening npm’s security with stricter authentication, granular tokens, and enhanced trusted publishing to restore trust in the open source ecosystem.

Xavier René-CorailSeptember 22, 2025

Vulnerability research
The GitHub Security Lab’s journey to disclosing 500 CVEs in open source projects
The GitHub Security Lab audits open source projects for security vulnerabilities and helps maintainers fix them. Recently, we passed the milestone of 500 CVEs disclosed. Let’s take a trip down memory lane with a review of some noteworthy CVEs!Xavier René-CorailSeptember 21, 2023
Learn more
Application security
How the community powers GitHub Advanced Security with CodeQL queries
The GitHub Security Lab’s CodeQL bounty program fuels GitHub Advanced Security with queries written by the open source community.Xavier René-CorailJanuary 5, 2022
Learn more