On September 5, 2025, GitGuardian discovered GhostAction, a massive supply chain attack affecting 327 GitHub users across 817 ...

Fourteen companies unite get together to search, find, and fix security flaws in GitHub-hosted open source projects.

The GitHub OAuth attack exposed a security blind spot in the ever-growing web of permissions spanning developers, service ...

GitHub wants to help protect the open-source ecosystem with the announcement of the GitHub Security Lab. The lab is designed to bring together security researchers, maintainers and companies who ...

GitHub launched the Security Alerts feature to great success in November 2017 for JavaScript and Ruby projects and later expanded it to Python projects in July 2018.

GitHub is opening the GitHub Advisory Database to community submissions, some two years after it launched the database.

GitHub adds support for FIDO2 security keys for Git over SSH to fend off account hijacking and further its plan to stick a fork in the security bane of passwords.

Last night, GitHub automatically logged out many users and invalidated their sessions to protect user accounts against a potentially serious security vulnerability. Earlier this month GitHub had ...

GitHub Advanced Security will help automatically spot potential security problems in the world's biggest open source platform.

GitHub has announced a number of new features aimed to help developers secure their code, including the ability to create PRs for any dependencies needing an update to include security fixes ...