Tagged articles

Verified badge

1 articles · Page 1 of 1
Black & White Path
Black & White Path
Jul 11, 2026 · Information Security

GitHub Verified Badge Malleable: Same Code Yields Multiple Valid Commit Hashes

Jacob Ginesin of Carnegie Mellon discovered that GitHub’s “Verified” badge can be forged through signature malleability, allowing an attacker to create a second commit with identical tree and timestamp but a different hash, breaking the assumption that commit hashes are immutable identifiers for many downstream systems.

GitHubVerified badgegit
0 likes · 8 min read
GitHub Verified Badge Malleable: Same Code Yields Multiple Valid Commit Hashes