GitHub's Model Context Protocol (MCP) has a critical vulnerability allowing AI coding agents to leak private repo data.

This document provides an overview of security concerns related to nginx deployments ... Report a vulnerability within this repository. We are using the GitHub workflow that allows us to manage ...

This setup allows CodeQL to automatically review pull requests for security concerns. For certain repositories, such as GitHub’s large Ruby monolith, additional measures are required.

GitHub announced updates to its Advanced Security platform after it detected over 39 million leaked secrets in repositories during 2024, including API keys and credentials, exposing users and ...

Multiple security vulnerabilities have been disclosed in GitHub Desktop as well as other Git-related projects that, if successfully exploited, could permit an attacker to gain unauthorized access to a ...

Two high-severity security flaws have been disclosed in the open-source ... The vulnerabilities have been addressed in ruby-saml versions 1.12.4 and 1.18.0. Microsoft-owned GitHub, which discovered ...

GitHub announced it is making some changes to GitHub Advanced Security (GHAS), its AI-powered solution for application security that offers remediation, static analysis, secret scanning ...

displayed on the GitHub security tab.” “Developers often don’t realize there’s an issue until something breaks; it’s only then that they can start piecing together the puzzle to find out ...