As part of our 2025 Policy Trial, Project Zero will use this page to publicly track our Reporting Transparency effort. The trial commenced on July 29, 2025 for issues reported since June 1, 2025. We plan to update this page weekly with new information.

Our Vulnerability Disclosure FAQ provides more details behind our aims and goals of our policy.

Most recent update: 2025-09-23  

Project Zero Reference	Reported to	Product	Date Reported	90-day Deadline expires	Grace Period Requested?
PZ-445575206	Adobe	DNG-SDK	2025-09-17	2025-12-16	No
PZ-444346510	Samsung Mobile	Image Codecs	2025-09-11	2025-12-10	No
PZ-443793212	Samsung Mobile	Image Codecs	2025-09-08	2025-12-07	No
PZ-443741909	Samsung Mobile	Image Codecs	2025-09-08	2025-12-07	No
PZ-442425914	Meta	WhatsApp	2025-09-01	2025-11-30	No
PZ-442423708	Samsung Mobile	Image Codecs	2025-09-01	2025-11-30	No
PZ-438672763	Microsoft	Windows	2025-08-14	2025-11-12	No
PZ-437884633	Microsoft	Windows	2025-08-11	2025-11-09	No
PZ-437868751	Microsoft	Windows	2025-08-11	2025-11-09	No
PZ-437308710	Microsoft	Windows	2025-08-08	2025-11-06	No
PZ-437291456	Microsoft	Windows	2025-08-08	2025-11-06	No
PZ-437087426	Microsoft	Windows	2025-08-07	2025-11-05	No
PZ-435173090	Microsoft	Windows	2025-07-31	2025-10-28	No
PZ-432439660	Microsoft	Windows	2025-07-17	2025-10-15	No
PZ-432313668	Microsoft	Windows	2025-07-17	2025-10-15	No
PZ-426567975	Google	BigWave	2025-06-21	2025-09-19	No
PZ-426548270	Google	BigWave	2025-06-21	2025-09-19	No
PZ-425917200	Google	BigWave	2025-06-19	2025-09-17	No

Once a vulnerability report is marked as Fixed, Working as Intended (WAI) or Won't Fix, it will move into the table below. Note that the links to Fixed issues won't be publicly accessible until up to 30 days after a report is marked as Fixed.

Project Zero Reference	Reported to	Product	Date Reported	Date Fixed	Fix time (Days)	First Known User Device Protected
PZ-428075495	Dolby	Dolby Unified Decoder	2025-06-27	2025-09-18	83	2025-09-18
PZ-434269715	Google	Pixel	2025-06-25	N/A	N/A	N/A