Skip to content

Open a private vulnerability report with REST API

You can now use the REST API to open a private vulnerability report on open-source repositories that have this feature enabled.

Learn more about the repository security advisories REST API

Fixed bug that allowed a hovercard URL to be used to display the name, description, and star count of any repository

On March 30, 2023, we fixed a bug that allowed a dependency graph hovercard URL to be used to retrieve the name, description, and star count of any repository on GitHub.com. The bug was introduced on March 28, 2023 and our investigation has found no evidence of exploitation. To exploit the bug, a specific header needed to be set when making a request to the URL and the numeric ID of a repository provided. The URL would then return the HTML content designed to be used for a hovercard UI element with the repository name, description, and star count in the response.

This bug was reported to GitHub via the GitHub Bug Bounty program.

See more

Organize Discussions Categories into Sections

Since the introduction of Category Sections to organize content in our own community, users have asked for similar features to organize their own Discussions. Today, we're introducing the ability for all maintainers to group their Discussion categories into sections. We think this will help users better organize content, and also find new content more easily.
Screenshot 2023-04-17 at 8 28 12 AM

The UI for this feature looks similar to the one in our own community, but users will now see a new UI when they edit a category. Users can not only create a new Category, but they can also create a new section from the "Manage Discussion Categories" page.
Screenshot 2023-04-17 at 8 30 22 AM

Editing a single category now also gives the user the option of adding it to an existing section.
Screenshot 2023-04-17 at 8 31 41 AM

For questions or feedback, please visit our community.

See more
View all changes