bug-bounty413
xss288
google253
microsoft217
facebook182
apple140
rce125
exploit98
malware97
bragging-post85
account-takeover74
csrf74
cve72
authentication-bypass65
privilege-escalation58
access-control53
defi48
writeup47
smart-contract47
browser46
phishing46
dos46
supply-chain44
cloudflare44
ethereum44
open-source43
ssrf42
sql-injection40
web340
docker36
oauth35
ai-agents35
api-security34
aws34
web-security34
react33
smart-contract-vulnerability33
idor32
input-validation32
reverse-engineering31
node30
information-disclosure30
denial-of-service29
burp-suite29
race-condition29
stored-xss29
clickjacking27
solidity25
sqli25
web-application24
0
8/10
vulnerability
A researcher discovered that GitHub Actions' use of abbreviated 7-character commit hashes in workflow configs could be exploited to cause global DoS by generating intentional commit hash collisions, which would cause tarball downloads to fail with 404 errors for anyone referencing the ambiguous shorthash. The vulnerability was fixed by updating the config wizard to generate full 40-character commit hashes instead.
denial-of-service
github-actions
commit-hash-collision
git-security
supply-chain-attack
hash-collision
ci-cd-security
software-supply-chain
GitHub Actions
actions/docker
76ff57a
76ff57aa21370794040cd0caafd84d8a7aa0927c