As part of our 2025 Policy Trial, Project Zero will use this page to publicly track our Reporting Transparency effort. The trial commenced on July 29, 2025 for issues reported since June 1, 2025. We plan to update this page weekly with new information.
Our Vulnerability Disclosure FAQ provides more details behind our aims and goals of our policy.
2025 Reporting Transparency is available here. We will continue to update it as vulnerabilities are fixed.
Most recent update: January 28, 2026
| Project Zero Reference | Reported to | Product | Date Reported | 90-day Deadline expires |
|---|---|---|---|---|
| PZ-478212931 | Adobe | DNG SDK | 2026-JAN-23 | 2026-APR-23 |
| PZ-477557327 | Adobe | DNG SDK | 2026-JAN-21 | 2026-APR-21 |
| PZ-474310986 | V8 | 2026-JAN-08 | 2026-APR-08 | |
| PZ-474035846 | V8 | 2026-JAN-07 | 2026-APR-07 |
Once a vulnerability report is marked as Fixed, Working as Intended (WAI) or Won’t Fix, it will move into the table below. Note that the links to Fixed issues won’t be publicly accessible until up to 30 days after a report is marked as Fixed.
| Project Zero Reference | Reported to | Product | Date Reported | Date Fixed | Fix time (Days) | First Known User Device Protected |
|---|---|---|---|---|---|---|
If the deadline for a vulnerability expires without the vulnerability being fixed, it will move into the table below until it is fixed.
| Project Zero Reference | Reported to | Product | Date Reported |
|---|---|---|---|