Skip to content

GitHub.dev: Vulnerability Enabled OAuth Token Theft for All Repositories

The bottom line: A vulnerability on GitHub.dev enabled attackers to steal OAuth tokens and compromise all of a user’s repositories.

A security vulnerability on GitHub.dev, the browser-based VS Code instance, allowed attackers to exfiltrate OAuth tokens from users and thus execute unrestricted access to all their repositories.

GitHub.dev is a browser-based instance of VS Code that enables direct access to repositories without having to configure development environments locally. A security vulnerability in this service allowed attackers to exfiltrate the OAuth authentication tokens of users.

With the stolen tokens, attackers could access all of a user’s repositories without restriction – regardless of their permission level. This enabled various attack vectors: code could be manipulated, secrets extracted, or malware injected into the development process. The vulnerability thus affected not only the individual user but also all organizations and projects to which that user had access.

According to the Heise report, GitHub is already warning of the security vulnerability, but concrete technical details about exploitation or the exact weakness are not disclosed. This underscores the critical nature of the finding, as premature disclosure would increase the risk for systems not yet patched. CISOs should verify whether their developers use GitHub.dev and – until GitHub confirms a fix – review usage policies or implement restrictions.


Source: www.heise.de · Published 5 June 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.6.5.

Share on: