Search results for: REST API

In this post, I’ll exploit CVE-2024-5830, a type confusion in Chrome that allows remote code execution (RCE) in the renderer sandbox of Chrome by a single visit to a malicious site.

Explore how AI coding tools like GitHub Copilot can accelerate your journey to learn new programming languages.

The enum field indicating a ‘detached’ status will be deprecated from the ‘Get repositories associated with a code security configuration’ endpoint. The endpoint itself will remain. We will replace the…

GitHub Staff Engineer Sarah Vessels discusses her philosophy of code review, what separates good code review from bad, her strategy for finding and reviewing code, and how to get the most from reviews of her own code.

In this blog post, we’ll explain how we discovered three critical vulnerabilities in Kafka UI and how they can be exploited.

An interview with economic researchers who are applying causal inference techniques to analyze the effect of generative AI tools on software development activity.

Organization owners can now grant a user or team access to all of the repositories in their org with a single click. Five new pre-defined roles have been added to…

Drag-and-drop is a highly interactive and visual interface. We often use drag-and-drop to perform tasks like uploading files, reordering browser bookmarks, or even moving a card in solitaire.

Can an attacker execute arbitrary commands on a remote server just by sending JSON? Yes, if the running code contains unsafe deserialization vulnerabilities. But how is that possible? In this blog post, we’ll describe how unsafe deserialization vulnerabilities work and how you can detect them in Ruby projects.

Let’s take a look at 10 key moments from the first decade of the GitHub Security Bug Bounty program.

EDIT: Monday December 2nd, 2024 GitHub Enterprise Server Timeline changing sunset to GHES 3.17 as the final version instead of 3.16. Starting today, we will begin work towards the sunset…

GitHub Actions has recently made changes to the available macOS runner images and the GitHub meta API. Below is a summary of the changes and possible impact to your use…

We’ve updated how we calculate Last Activity to give you better clarity and are pausing access to the Team endpoint in the Metrics API. Updating the Last Activity calculation Ahead…

Learn how to use CodeQL for security research and improve your security research workflow.

We’ve dramatically increased 2FA adoption on GitHub as part of our responsibility to make the software ecosystem more secure. Read on to learn how we secured millions of developers and why we’re urging more organizations to join us in these efforts.

Starting today, developers using GitHub Enterprise Cloud (GHEC) and Free, Pro, and Teams accounts can enable their repositories and/or organizations to run Dependabot updates as an Actions workflow. With this…

This Earth Day, we discuss how tech and open source are helping two organizations combat the effects of a changing climate.

Ten years of our global developer event! Celebrate with us by picking up in-person tickets today. It’s bound to be our best one yet.

In March, we experienced two incidents that resulted in degraded performance across GitHub services.

This blog post is an in-depth walkthrough on how we perform security research leveraging GitHub features, including code scanning, CodeQL, and Codespaces.

It’s been a little over a month since GitHub Copilot Enterprise became generally available. Check out what’s new below! Enhanced contextual understanding and more relevant suggestions in GitHub.com Copilot Chat…