Share
## https://sploitus.com/exploit?id=A8578693-44FE-5CCB-946F-BF0F58E5EE5E
# neo-pocs

Containerized proof-of-concept packages for reviewed high and critical GitHub Security Advisories affecting high-impact open-source projects.

This repository is maintained as an append-only research artifact store. Each processed vulnerability lives in a year bucket and is named by CVE ID. If an advisory does not yet have a CVE, use the GHSA ID until the CVE is assigned, then rename the directory in a follow-up commit.

## Repository Index

Total PoC count: 0

| Year | CVE | Package | Severity | Summary |
| --- | --- | --- | --- | --- |
| - | - | - | - | No PoCs have been published yet. |

## Directory Contract

```text
20YY/
โ””โ”€โ”€ CVE-YYYY-NNNNN/
    โ”œโ”€โ”€ ANALYSIS.md
    โ”œโ”€โ”€ exploit.py or exploit.sh
    โ”œโ”€โ”€ README.md
    โ”œโ”€โ”€ .neo-state.json
    โ””โ”€โ”€ vulnerable-app/
        โ”œโ”€โ”€ docker-compose.yaml
        โ”œโ”€โ”€ Dockerfile
        โ””โ”€โ”€ README.md
```

Each PoC must provide a one-command `docker compose up -d` harness, exactly one exploit script, a per-CVE quickstart, and a technical analysis with patch and exploitation evidence.

## Operating Contract

The scheduled workflow polls GitHub Security Advisories every six hours and delegates qualified advisory processing to Neo. Completed PoCs are committed directly to the repository default branch. Validation runs on default-branch pushes that change `20*/CVE-*/**` paths.

See [AGENTS.md](AGENTS.md) for the methodology, persona handoffs, filtering gates, and stop conditions.