🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

🎉 You can now enable code scanning in your GitHub Actions workflow files! ✅ By opting-in to this feature, you can enhance the security of repositories using GitHub Actions. github.blog/changelog/2024…

A new free tier of GitHub Copilot in Visual Studio Code. ✅ 2,000 code completions per month 💬 50 chat messages per month 💫 Models like Claude 3.5 Sonnet or GPT-4o ♥️ More fun for you Check it out today! Oh yeah, and we passed 150M developers on GitHub 💅 github.blog/news-insights/…

GHSL-2024-072_GHSL-2024-074: Stored Cross-Site Scripting (XSS), Arbitrary File Upload, and Arbitrary File Read/Write via Path Traversal in Reposilite - CVE-2024-36115, CVE-2024-36116, CVE-2024-36117 securitylab.github.com/advisories/GHS…

GHSL-2024-075_GHSL-2024-076: Stored Cross-Site Scripting (XSS) and Remote Code Execution (RCE) via Velocity Template Evaluation in Sonatype Nexus 2 securitylab.github.com/advisories/GHS…

GHSL-2024-091_GHSL-2024-092: DNS rebinding attacks against Home-gallery - CVE-2024-53275, CVE-2024-53276 securitylab.github.com/advisories/GHS…

🎉 Excited to announce the launch of CodeQL Community Packs for Security teams and researchers! 🚀 Supercharge your code analysis with new Query, Model, and Library packs, to find more vulnerabilities, accelerate codebases audit, and secure code effortlessly.

GHSL-2024-173: Environment Variable injection in a Feign GitHub Actions workflow securitylab.github.com/advisories/GHS…

Ever wanted to learn fuzzing?!?! 🐛 Me and some other folks at Psi Beta Rho recently ran a project where we taught folks about the basics of fuzzing with Honggfuzz. 👀 Some fun activities inspired by the Fuzzing101 repo from the folks at GitHub Security Lab! 🤗 github.com/pbrucla/fuzzin…

GHSL-2024-303: Code execution in trusted context via a GitHub Action of Tribler securitylab.github.com/advisories/GHS…

How to secure your GitHub Actions workflows with CodeQL. Dive into this actionable supply chain security research from Alvaro Muñoz 🇺🇦 . This work resulted in dozens of high impact supply chain findings and, most importantly, added CodeQL support for your GitHub workflows!

GHSL-2024-254: Poisoned Pipeline Execution (PPE) in Amplification leading to potential acccount takeover securitylab.github.com/advisories/GHS…

GHSL-2024-327: Poisoned Pipeline Execution (PPE) in Microsoft FluentUI securitylab.github.com/advisories/GHS…

Last year, I committed to uncovering critical vulnerabilities in Maven repositories. Now it’s time to share the findings: RCE in Sonatype Nexus, Cache Poisoning in JFrog Artifactory, and more! Read it all below 🧵

GHSL-2024-273: ReDoS in remove_html_tags of Gradio securitylab.github.com/advisories/GHS…

GHSL-2024-296: Deserialization of untrusted data in Kykms securitylab.github.com/advisories/GHS…

GHSL-2024-323: Denial of Service (DoS) in snapcraft securitylab.github.com/advisories/GHS…