Securing GitHub: Wiz Research uncovers Remote Code Execution in GitHub.com and GitHub Enterprise Server

A critical injection flaw in GitHub’s internal git infrastructure allowed any authenticated user to execute arbitrary code on backend servers—including full compromise of GitHub Enterprise Server and cross-tenant access on GitHub.com—with a single git push, highlighting the urgent need for immediate patching and the power of AI-driven vulnerability discovery.