bug-bounty437
google355
xss346
microsoft282
facebook246
apple172
exploit163
rce160
malware102
account-takeover95
cve91
csrf83
writeup79
bragging-post79
browser77
privilege-escalation68
react60
authentication-bypass57
cloudflare54
dos53
node52
ssrf51
docker51
phishing49
aws48
access-control47
oauth45
smart-contract45
supply-chain44
ethereum43
defi42
web342
sql-injection41
lfi37
idor34
smart-contract-vulnerability32
web-application31
info-disclosure31
clickjacking31
race-condition31
reverse-engineering31
wordpress30
vulnerability-disclosure30
cloud29
information-disclosure28
burp-suite28
solidity27
web-security27
pentest26
ctf26
0
8/10
vulnerability
GitHub Desktop on macOS allowed remote code execution via a crafted x-github-client:// URI with a malicious filepath parameter that bypassed repository directory restrictions and enabled execution of arbitrary application bundles. The vulnerability exploited Electron's shell.openExternal() function converting file paths to file:// URLs, allowing attackers to execute malicious OSX apps cloned from attacker-controlled repositories.
rce
remote-code-execution
uri-scheme-handling
path-traversal
electron
macos
osx
github-desktop
arbitrary-file-open
social-engineering
application-bundle-execution
GitHub Desktop
0xacb
HackerOne
H1-702
GitHub
Electron
CVE (unreferenced but likely assigned)
zhuowei