A cautionary tale of how a developer tool limit case could derail cybersecurity protections if not for quick thinking, public ...

With Security Campaigns, security managers can draft security campaigns to refine the scope of the vulnerability resolutions before the work goes live. They can create GitHub issues, which can be ...

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community. Issues are used to track todos, bugs, feature requests, and more.

The compromised commit contained base64-encoded instructions to download Python code which would then scan the memory of the GitHub Runner for credentials. The issue is tracked as CVE-2025-30066.

An unidentified group of threat actors orchestrated a sophisticated supply chain cyberattack on members of the Top.gg GitHub organization ... supply chain security issues have arisen recently ...

This is an intentional design by GitHub, not a flaw. The implications of this design raise significant security concerns, especially for sensitive information. Proton Penguin has created a useful ...

Repo confusion works just like dependency confusion in package managers ... points out two additional problems. "One's a tradeoff of privacy versus security: GitHub's not looking at repos ...

Endor Labs, a startup that builds tools to scan AI-generated code for vulnerabilities, has raised $93 million in a Series B ...

GitHub has a problem with inauthentic "stars" used to artificially inflate the popularity of scam and malware distribution repositories, helping them reach more unsuspecting users. Stars are ...