1. GitHub API Rate Limit Bypass Exposed: Anonymous Users Could Spoof IPs, Bypass Daily Scan Quotas
A critical vulnerability in a GitHub-hosted API allowed anonymous users to spoof their IP addresses and completely bypass daily scan quotas, risking abuse of external services and uncontrolled costs. The flaw stemmed from a misconfigured proxy setup that trusted all incoming traffic, making it trivial for attackers to ...