A vulnerability in VS Code's issue management function and a lack of authentication checks enabled the researcher to obtain push access, and write to the repository.

GitHub's secret scanning alerts are available on all public repositories, and its push protection is now offered for custom secret patterns.

Learn how to unlock GPT-5 in VS Code using GitHub Copilot Pro. Here are the steps and how to bypass usage limits using your API key.

"With push protection, GitHub will check for high-confidence secrets as developers push code and block the push if a secret is identified," GitHub said.