GitHub | writeups.xyz

Title	Vulnerabilities	Programs	Authors
Attackers Can Bypass GitHub Required Reviewers to Submit Malicious Code	Broken Authorization Logic Flaw	GitHub	Noam Dotan
Command Injection in the GitHub Pages Build Pipeline	RCE OS Command Injection	GitHub	Joren Vrancken
[UNPATCHED] Cli: gh run download implementation allows overwriting git repository configuration upon artifacts downloading	RCE	GitHub	Vladimir Metnew (@Vladimir_metnew)
ATO without any interaction [aws cognito misconfiguration]	Account Takeover Lack of Rate Limiting	GitHub	Shreyaskoli (@SPY8OY)
Package Planting: Are You [Unknowingly] Maintaining Poisoned Packages?	Logic Flaw	GitHub	Yakir Kadkoda
NotGitBleed	Information Disclosure	GitHub	Aaron Devaney
New npm Flaws Let Attackers Better Target Packages for Account Takeover	Information Disclosure	GitHub	Yakir Kadkoda
Vulnerable GitHub Actions Workflows Part 1: Privilege Escalation Inside Your CI/CD Pipeline	Privilege Escalation CI/CD	GitHub	Noam Dotan
GitHub Cache Poisoning	Cache Poisoning Attack Logic Flaw	GitHub	Scribe Security (@ScribeSecurity)
Git honours embedded bare repos, and exploitation via core.fsmonitor in a directory's .git/config affects IDEs, shell prompts and Git pillagers	RCE	GitHub Microsoft JetBrains	Justin Steven (@Justinsteven)
Securing Developer Tools: Git Integrations	Local Privilege Escalation	Microsoft JetBrains GitHub	Sonar (@SonarSource)
Stealing a few more GitHub Actions secrets	Logic Flaw	GitHub	Teddy Katz (@Not_aardvark)
RCE in GitHub Desktop < 2.9.4	RCE	GitHub	Vladimir Metnew (@Vladimir_metnew)
My first report on HackerOne: A logic flaw in npm	Logic Flaw	GitHub	ElSec (@ElSec_)
"Zero-Days" Without Incident - Compromising Angular via Expired npm Publisher Email Domains	Supply Chain Attack	GitHub	Matthew Bryant (@IAmMandatory)
NPM might be executing malicious code in your CI without your knowledge	RCE	GitHub	Rotem Bar (@Rotembar)
Bounty Evaluation GitHub = $15,000 US Dollars \| Rate Limit	Bruteforce Email Verification Bypass Account Takeover	GitHub	Taniya Agarwal
Cache Poisoning at Scale	Web Cache Poisoning	GitHub GitLab HackerOne Shopify Cloudflare	Youstin (@IustinBB)
Insufficient Redirect URI validation: The risk of allowing to dynamically add arbitrary query parameters and fragments to the redirect_uri	OAuth Prototype Pollution	GitHub Microsoft StackExchange	Lauritz Holtmann (@_Lauritz_)
Bypassing required reviews using GitHub Actions	Privilege Escalation Logic Flaw	GitHub	Omer Gil (@Omer_gil)
GitHub Actions check-spelling community workflow - GITHUB_TOKEN leakage via advice.txt symlink	Logic Flaw Information Disclosure	GitHub	Justin Steven (@Justinsteven)
Detecting Jackson deserialization vulnerabilities with CodeQL	Insecure Deserialization	GitHub	Artem Smotrakov (@Artem_smotrakov)
Diving into Dependabot along with a bug in npm	SSRF RCE	GitHub	Tyage (@Tyage)
Supply Chain Attacks via GitHub.com Releases	Logic Flaw	GitHub	Nightwatch Cybersecurity (@Nightwatchcyber)
Breaking GitHub Private Pages for $35k	XSS CRLF Injection Web Cache Poisoning	GitHub	Robert Chen (@NotDeGhost) Philip

Page 2 of 3