github_repo

asyncapi/generator

discovered 2026-07-14

Entry-point repository. Vulnerable workflow .github/workflows/manual-netlify-preview.yml (pull_request_target pwn request). Malicious PR #2155; malicious commit 3eab3ec9304aa26081358330491d3cfeb55cc245 pushed to the next branch at 06:58 UTC (unsigned, placeholder git author 'Your Name <[email protected]>'). Prior PoC #2078 / unmerged fix #2092.

Campaigns