Search results for: Security
Extend your dependency information in the GitHub Dependency Graph with new GitHub Actions
New Actions from Anchore, NowSecure, SBT, and Trivy are now available to create a more comprehensive GitHub Dependency Graph.
The Chromium super (inline cache) type confusion
In this post I’ll exploit CVE-2022-1134, a type confusion in Chrome that I reported in March 2022, which allows remote code execution (RCE) in the renderer sandbox of Chrome by a single visit to a malicious site. I’ll also look at some past vulnerabilities of this type and some implementation details of inline cache in V8, the JavaScript engine of Chrome.
Dependabot alerts: Dependency scope filter via GraphQL API
Dependabot alerts: Dependency scope filter via GraphQL API
GitHub Advisory Database now includes Erlang and Elixir advisories
GitHub Advisory Database now includes Erlang and Elixir advisories
GitHub Advisory Database now supports Erlang and Elixir packages!
We’re excited to announce that the GitHub Advisory Database now includes curated security advisories on Erlang, Elixir, and more.
Dependabot alerts: Filter alerts by the scope of the dependency (runtime and development)
Dependabot alerts: Filter alerts by the scope of the dependency (runtime and development)
Secret scanning’s REST API endpoints now support cursor-based pagination
Secret scanning’s REST API endpoints now support cursor-based pagination
View code scanning alerts across your enterprise (Public Beta)
View code scanning alerts across your enterprise (Public Beta)
What’s new in Codespaces for Organizations
We’re releasing exciting functionalities that will enable organizations to confidently manage and scale with Codespaces.
GitHub enables the development of functional safety applications by adding support for coding standards AUTOSAR C++ and CERT C++
GitHub is excited to announce the release of CodeQL queries that implement the standards CERT C++ and AUTOSAR C++. These queries can aid developers looking to demonstrate ISO 26262 Part 6 process compliance.
Removing support for connecting to GitHub Enterprise Server 3.0 from GitHub Mobile
Removing support for connecting to GitHub Enterprise Server 3.0 from GitHub Mobile
New Octokit.js release with support for 91 new APIs
New Octokit.js release with support for 91 new APIs
Creating a more comprehensive dependency graph with build time detection
Expand the completeness of your dependency graph by using the dependency submission API, which will create more comprehensive alerts on supply chain vulnerabilities
Dependency graph has a REST API for submitting dependencies detected at build time
Dependency graph has a REST API for submitting dependencies detected at build time
Secret scanning push protection bypasses are now shown in the audit log and API
Secret scanning push protection bypasses are now shown in the audit log and API
Secret scanning: Dry runs for custom patterns on edits
Secret scanning: Dry runs for custom patterns on edits
The Android kernel mitigations obstacle race
In this post I’ll exploit CVE-2022-22057, a use-after-free in the Qualcomm gpu kernel driver, to gain root and disable SELinux from the untrusted app sandbox on a Samsung Z flip 3. I’ll look at various mitigations that are implemented on modern Android devices and how they affect the exploit.
GitHub now publishes malware advisories in the GitHub Advisory Database
To combat the prevalence of malware in the open source ecosystem, GitHub now publishes malware occurrences in the GitHub Advisory Database. These advisories power Dependabot alerts and remain forever free and usable by the community.
The world's largest developer platform
GitHub
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
