| ArtiPACKED: Hacking Giants Through a Race Condition in GitHub Actions Artifacts |
|
|
|
| Anyone can Access Deleted and Private Repository Data on GitHub |
|
|
|
| Send()-ing Myself Belated Christmas Gifts - GitHub.com's Environment Variables & GHES Shell |
|
|
|
| One Supply Chain Attack to Rule Them All |
|
|
|
| npm search RCE? - Escape Sequence Injection |
|
|
|
| Forging signed commits on GitHub |
|
|
|
| OAuth 2.0 Redirect URI Validation Falls Short, Literally |
|
|
|
| Persistent Threat: New Exploit Puts Thousands of GitHub Repositories and Millions of Users at Risk |
|
|
|
| How Cross-Site Frame Counting Exposes Private Repositories On Github |
|
|
|
| Dependabot Confusion: Gaining Access to Private GitHub Repositories using Dependabot |
|
|
|
| Placeholder for Dayzzz: Abusing placeholders to extract customer informations |
|
|
|
| Stealing GitHub staff's access token via GitHub Actions |
|
|
|
| Subdomain Takeover: How a Misconfigured DNS Record Could Lead to a Huge Supply Chain Attack |
|
|
|
| Unauthorized access to Codespace secrets in GitHub |
|
|
|
| We Hacked GitHub for a Month: Here’s What We Found |
|
|
|
| The MarkdownTime Vulnerability: How to Avoid This DoS Attack on Business Critical Services |
|
|
|
| Leaking Secrets From GitHub Actions: Reading Files And Environment Variables, Intercepting Network/Process Communication, Dumping Memory |
|
|
|
| Bug Writeup: RCE via SSTI on Spring Boot Error Page with Akamai WAF Bypass |
|
|
|
| Hijacking GitHub Repositories by Deleting and Restoring Them |
|
|
|
| Novel Pipeline Vulnerability Discovered; Rust Found Vulnerable |
|
|
|
| Attacking The Software Supply Chain With A Simple Rename |
|
|
|
| From Self-Hosted GitHub Runner to Self-Hosted Backdoor |
|
|
|
| How I Got $10,000 From GitHub For Bypassing Filtration of HTML tags |
|
|
|
| Threat Alert: Private npm Packages Disclosed via Timing Attacks |
|
|
|
| How to hack Github Actions |
|
|
|
writeups.xyz
/
GitHub