bug-bounty406
xss281
google250
microsoft215
facebook191
apple138
rce124
malware101
bragging-post88
account-takeover87
exploit86
csrf73
cve70
authentication-bypass67
privilege-escalation60
access-control53
defi48
dos47
smart-contract47
phishing46
writeup45
ethereum44
open-source43
supply-chain42
ssrf42
cloudflare42
sql-injection41
browser40
web339
aws37
docker36
web-security35
ai-agents35
stored-xss34
input-validation34
api-security34
smart-contract-vulnerability33
react32
idor31
reverse-engineering31
information-disclosure31
burp-suite29
oauth29
denial-of-service29
node28
race-condition27
web-application25
clickjacking25
solidity25
cross-site-scripting25
0
8/10
vulnerability
A researcher discovered that GitHub Actions' use of abbreviated 7-character commit hashes in workflow configs could be exploited to cause global DoS by generating intentional commit hash collisions, which would cause tarball downloads to fail with 404 errors for anyone referencing the ambiguous shorthash. The vulnerability was fixed by updating the config wizard to generate full 40-character commit hashes instead.
denial-of-service
github-actions
commit-hash-collision
git-security
supply-chain-attack
hash-collision
ci-cd-security
software-supply-chain
GitHub Actions
actions/docker
76ff57a
76ff57aa21370794040cd0caafd84d8a7aa0927c