## https://sploitus.com/exploit?id=A8578693-44FE-5CCB-946F-BF0F58E5EE5E
# neo-pocs
Containerized proof-of-concept packages for reviewed high and critical GitHub Security Advisories affecting high-impact open-source projects.
This repository is maintained as an append-only research artifact store. Each processed vulnerability lives in a year bucket and is named by CVE ID. If an advisory does not yet have a CVE, use the GHSA ID until the CVE is assigned, then rename the directory in a follow-up commit.
## Repository Index
Total PoC count: 0
| Year | CVE | Package | Severity | Summary |
| --- | --- | --- | --- | --- |
| - | - | - | - | No PoCs have been published yet. |
## Directory Contract
```text
20YY/
โโโ CVE-YYYY-NNNNN/
โโโ ANALYSIS.md
โโโ exploit.py or exploit.sh
โโโ README.md
โโโ .neo-state.json
โโโ vulnerable-app/
โโโ docker-compose.yaml
โโโ Dockerfile
โโโ README.md
```
Each PoC must provide a one-command `docker compose up -d` harness, exactly one exploit script, a per-CVE quickstart, and a technical analysis with patch and exploitation evidence.
## Operating Contract
The scheduled workflow polls GitHub Security Advisories every six hours and delegates qualified advisory processing to Neo. Completed PoCs are committed directly to the repository default branch. Validation runs on default-branch pushes that change `20*/CVE-*/**` paths.
See [AGENTS.md](AGENTS.md) for the methodology, persona handoffs, filtering gates, and stop conditions.