A vulnerability in VS Code's issue management function and a lack of authentication checks enabled the researcher to obtain push access, and write to the repository.

GitHub's secret scanning alerts are available on all public repositories, and its push protection is now offered for custom secret patterns.