Public GenAI Vulnerability Disclosures | Mozilla Data Collective

Description

0DIN, the 0Day Investigative Network, was founded by Mozilla in 2024 to reward responsible researchers for their efforts in securing GenAI models. This dataset is a weekly export of the public 0DIN disclosures published at the 0DIN disclosures page, in accordance with the 0DIN Research Terms and Disclosure Policy. Each record corresponds to a single validated, published disclosure and is grounded in 0DIN's public research frameworks: Security Boundaries (prompt extraction, guardrail jailbreak, interpreter jailbreak, content manipulation, weights/layers disclosure, prompt injection), the Jailbreak Taxonomy (category → strategy → technique), the Social Impact Score (SIS, levels 1–5), and the Nude Imagery Rating System (NIRS, levels 1–5). Records include title, summary, severity, security boundary, taxonomy triplets, affected models and vendors, visible test results, SIS and NIRS scores when assessed, public researcher credit when supplied, reference URLs, and disclosure/publication timestamps. For the subset of disclosures publicly rendered at the 0DIN threat feed, records additionally include the pinned prompts and responses, variant prompts (with industry grouping), and the current-version 0DIN detection signature that surface on the threat-feed page. This is a faithful structured replica of public 0din.ai content — the dataset never publishes fields that aren't already publicly served by 0din.ai. Records carry an `on_public_threat_feed` boolean so consumers can distinguish the metadata-only branch from the threat-feed branch deterministically. Submitter PII (other than a self-supplied public credit string), IP addresses, attack payloads, and message attachments are excluded unconditionally. Use the data to study GenAI vulnerability trends, train and evaluate safety classifiers, build detection pipelines, or inform model-card transparency on known weaknesses.

Specifics

Licensing

Creative Commons Attribution 4.0 International (CC-BY-4.0)

https://spdx.org/licenses/CC-BY-4.0.html

Considerations

Restrictions/Special Constraints

Use is governed by CC-BY-4.0 (https://creativecommons.org/licenses/by/4.0/): attribute 0DIN (https://0din.ai) when redistributing or building on this dataset. The dataset is intended for security research, AI safety evaluation, education, and the development of defensive tooling, consistent with 0DIN's Research Terms and Disclosure Policy. Do not use it to conduct unauthorized attacks on production systems, and do not attempt to re-identify, contact, or attribute disclosures to individuals beyond the public researcher-credit field.

Forbidden Usage

- Conducting unauthorized attacks on production AI systems or third-party services. - Re-identifying or attempting to deanonymize researchers, including those listed as "Anonymous". - Training models to evade safety guardrails or content moderation in ways that violate the targeted system's terms of service. - Generating content that is illegal in the jurisdictions where the data is processed (e.g., CSAM, NCII). - Harassing any individual, organization, or vendor referenced in the data.

Processes

Ethical Review

Each record reflects content already publicly visible on 0din.ai, vetted by 0DIN staff before publication. Two upstream public surfaces are mirrored: the metadata rendered at /disclosures/<uuid>, and — for disclosures on the public threat-feed allowlist — the pinned prompts/responses, variant prompts, and current detection signature rendered at /threatfeed/<uuid>/public. The dataset never introduces fields that are not already public; this is structural parity with 0din.ai, not a release of internal data. PII is excluded at the publisher layer; only researcher credit explicitly supplied by the submitter is included. Anonymous submissions are preserved as "Anonymous". Suppressed disclosures are excluded by 0DIN's publishing pipeline.

Intended Use

Training and evaluation of AI safety classifiers; automated red-teaming and detection pipelines; trend analysis across GenAI security boundaries and jailbreak taxonomies; model-card transparency on known weaknesses; reproducible academic security research with citable public disclosures.

Metadata

Bundle layout: a single .tar.gz archive containing three files at its root — vulnerabilities.jsonl (one disclosure per line), manifest.json (generated_at, dataset_name, dataset_schema_version, record_count, source URL, publisher_git_sha), and README.md. Records are ordered by published_at descending, then uuid ascending. The current schema version is recorded in the manifest.

Authoritative source: 0din.ai disclosures.