YARA

SIEM & Threat Detection

A pattern‑matching tool for identifying and classifying malware based on textual or binary rules

Track releases GitHub Website

C Latest v4.5.5 · 7mo ago Security brief →

Features

Create string/regex based rules to detect malware families
Supports wildcards, case‑insensitive matching, and boolean logic in conditions
Works across Windows, Linux, and macOS via CLI or Python integration

Recent releases

View all 1 releases →

v4.5.5 Security relevant 7mo

⚠ Upgrade required

YR_RE_SCAN_LIMIT has been reverted to 4096. If your environment was relying on a higher limit introduced in a prior release, regex-heavy rules may now truncate scans earlier than expected. Validate rule behavior after upgrading.

Breaking changes

YR_RE_SCAN_LIMIT reverted to 4096 — any workflows or rules that relied on the previously increased limit may behave differently or fail to match as expected.

Security fixes

Heap overflow when loading hand-crafted compiled rules (CVE not assigned in changelog, reported by Momoko Shiraishi, #2178)

Notable features

Windows: --no-follow-symlinks option now implemented (6e11b5a)

View release on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Releases

View all →

Releases per month

Cadence 0.0 / wk

Last release 216d

Tracked 1

Security

Full profile →

Security score 6.1/10

OpenSSF 4.0/10

Open CVEs 0

SBOM SECURITY.md Active maintainer

Community

GitHub stars 9,644

Forks 1,568

Open issues 174

Open PRs 20

Stars/wk velocity 0.0

HN peak 132

About

Stars

9,644

Forks

1,568

Languages

C Yacc C++

View on GitHub Homepage Documentation

Install & Platforms

Platforms

linux macos windows