Search results for: Search

In celebrating GitHub Security Lab’s one-year anniversary, we explained that we’re expanding our research focus. Why did we make this decision? The decision stemmed from our work with the Open…

Today, GitHub joined an amicus brief in NSO v. WhatsApp, opposing the expansion of foreign sovereign immunity to private cyber-surveillance companies that act on behalf of foreign governments. GitHub joined…

This is the second post in a series about how we built our new homepage. How our globe is built How we collect and use the data behind the globe…

2020 has been a year of change, with shifts to the way organizations of every size connect, collaborate, and build together. From our 2020 State of the Octoverse report to…

Learn about ghapi, a third-party Python library and CLI client for the GitHub API. It includes tab-completion, integrated documentation and automatic pagination of responses. ghapi automatically manages required headers, query strings, route parameters, post data, and much more.

Last year at GitHub Universe, we introduced the GitHub Security Lab, which is committed to contributing resources, tooling, bounties, and security research to secure the open source ecosystem. We know…

Git has a reputation for being confusing. Users stumble over terminology and phrasing that misguides their expectations. This is most apparent in commands that “rewrite history” such as git cherry-pick or git rebase. In my experience,…

The developer community remains the heart of GitHub, and we’re committed to respecting the privacy of developers using our product.

You can now include multiple words after the # in an issue, discussion, or pull request comment to further narrow your search. Not trying to reference anything? Dismiss issue and…

During the last year alone, over 56 million developers created more than 60 million new repos and made more than 1.9 billion contributions on GitHub. These developers are building the…

Aimed at developers, in this series we introduce and explore the memory unsafe attack surface of interpreted languages.

GitHub Universe is almost here. For more on what to expect from this year’s stream, we sat down with virtual host, Brian Douglas, for a quick Q&A on GitHub Actions,…

Learn about nbdev, a new literate programming environment for Python.

The Digital Millennium Copyright Act (DMCA) is a 22-year old United States law meant to strike a complicated balance between art, code, and speech on the net — impacting users…

This blog describes a security vulnerability in the infrastructure that supports Germany’s COVID-19 contact tracing efforts. The mobile (Android/iOS) apps are not affected by the vulnerability and do not collect and/or transmit any personal data other than the device’s IP address. The infrastructure takes active measures to disassociate true positives from client IP addresses.

The GitHub Archive Program announces its latest milestone: storing collections of the most popular and depended upon open source repositories in beautiful art cases featuring 3D-printed and AI-generated artwork in significant libraries around the world.

GitHub will recommend you unwatch repositories that you are no longer interacting with. You will see these recommendations when: You check your notifications on GitHub You search for notifications on…

Ubuntu 20.04 local privilege escalation using vulnerabilities in gdm3 and accountsservice (CVE-2020-16125, CVE-2020-16126, CVE-2020-16127)

Along with the release of version 7 of the npm CLI, we have updated the npm documentation site to add the documentation for the new release. In addition, we’ve made…

An introduction to our blog series on GitHub’s investments in technical excellence.

In this post I’ll give details about how to exploit CVE-2020-6449, a use-after-free (UAF) in the WebAudio module of Chrome that I discovered in March 2020. I’ll give an outline of the general strategy to exploit this type of UAF to achieve a sandboxed RCE in Chrome by a single click (and perhaps a 2 minute wait) on a malicious website.