bug-bounty442
google354
xss342
microsoft283
facebook246
apple171
exploit163
rce160
malware102
account-takeover95
cve91
bragging-post83
csrf83
writeup79
browser77
privilege-escalation68
react60
authentication-bypass57
cloudflare54
dos53
node52
docker51
ssrf51
phishing49
aws48
access-control47
smart-contract45
oauth45
supply-chain44
ethereum43
web342
defi42
sql-injection41
lfi37
idor35
smart-contract-vulnerability32
vulnerability-disclosure32
race-condition31
web-application31
clickjacking31
info-disclosure31
reverse-engineering31
wordpress30
cloud29
information-disclosure29
burp-suite29
input-validation28
solidity27
web-security27
pentest26
0
8/10
vulnerability
Researcher discovered a critical DoS vulnerability in GitHub Actions by exploiting git commit hash collisions—abbreviated 7-character shorthashes can be maliciously collided with, causing tarball resolution failures that break all builds using that action. The researcher accidentally triggered a global outage while demonstrating the attack.
denial-of-service
github-actions
git-hash-collision
commit-hash
supply-chain-attack
infrastructure-attack
bug-bounty
ci-cd
GitHub Actions
Teddy Katz
actions/docker
76ff57a
76ff57a6c3d817840574a98950b0c7bc4e8a13a8
76ff57aa21370794040cd0caafd84d8a7aa0927c