Between July 21, 2021 and August 13, 2021 we received reports through one of our private security bug bounty programs from researchers regarding vulnerabilities in tar and @npmcli/arborist.

The benefits of multifactor authentication are widely documented, and there are a number of options for using 2FA on GitHub.

One month ago, we started a discussion with the community about proposed revisions to clarify GitHub’s policies on security research, malware, and exploits with the goal to enable, welcome, and encourage dual-use security research and

April 30, 2021 update: Thank you to everyone who’s weighed in on the discussion so far. I’ve commented in the pull request to clarify a few points based on initial feedback. Keep the comments coming.

Why did I get logged out of GitHub.com? On the evening of March 8, we invalidated all authenticated sessions on GitHub.com created prior to 12:03 UTC on March 8 out of an abundance of caution

The world runs on software, and a large portion of it, especially the open source software that’s part of everything we experience, is built by millions of developers on GitHub every day. GitHub is heavily