Security Vulnerability in GitHub Codespaces Endangers Developer Tokens4. June 2026CybersecurityGitHub passed unscoped OAuth tokens to the VSCode browser instance, allowing attackers to access all private repositories of a developer via manipulated Jupyter Notebook extensions. Share on: