devtake.dev
AI Security Open Source Hardware Apple Policy
Product

GitHub Actions

RSS
3 articles First covered Apr 18, 2026, latest Apr 29, 2026
Open-source illustration showing a stylized icon for collaborative software development.
Open Source·

Mitchell Hashimoto is pulling Ghostty off GitHub. The reason is daily outages.

Ghostty's creator has tracked GitHub outages every workday for months. After 18 years on the platform, he's moving the project. A read-only mirror stays.

GitHub branding image used by Wiz Research in their CVE-2026-3854 writeup.
Security·

Wiz found an RCE in GitHub's git-push pipeline. The patch shipped in six hours.

CVE-2026-3854 is a CVSS 8.7 RCE in GitHub's git-push pipeline. github.com fixed it within hours. 88% of Enterprise Server installs were still vulnerable at disclosure.

Trivy logo, the open-source vulnerability scanner from Aqua Security
Security·

Trivy got hijacked: 75 of 76 version tags rewrote to drop a CI secret-stealer

Attackers force-pushed 75 of 76 trivy-action tags to a malicious commit. Pinning by tag turned a trusted scanner into an infostealer for CI pipelines.