https://www.theregister.co.uk/2018/11/07/virtualbox_0day_github/

An infosec researcher has expressed his frustration with disclosure processes by going public with a zero-day in VirtualBox, Oracle's open-source hypervisor.

The vulnerability was published at GitHub by "MorteNoir1" accompanied by a demonstration video on Vimeo posted by Sergey Zelenyuk.