github should really give me the banhammer. i'd have their platform cleaned up in no time
I once again feel vindicated in believing that there’s a perfect negative relationship between companies being serious security vendors and having names like CYBER SHADOW GLOCK
oh look, more ReDoS CVE spam created without even waiting for the maintainer to confirm it:
https://github.com/advisories/GHSA-5239-wwwm-4pmq
CVE-2026-4539 - GitHub Advisory Database
Pygments has Regular Expression Denial of Service (ReDoS) due to Inefficient Regex for GUID Matching
I put together a more detailed AI contribution policy for zizmor:
https://github.com/zizmorcore/.github/blob/main/AI_POLICY.md
.github/AI_POLICY.md at main · zizmorcore/.github
Community Health Files / org-global configs. Contribute to zizmorcore/.github development by creating an account on GitHub.
specifically: I almost never actually want to validate objects against a schema, I almost always want to take a schema and transform it (e.g. by unrolling all external references). but very few libraries seem to support doing that in a way that lets me extract the result back out into a new schema
I don't understand why this is, but >99% of my interactions with JSON Schema involve wanting to do things that literally zero parsers/resolvers of JSON schema documents want me to do
this hackerbot-claw thing is a good reminder: attackers (and beg bounty spammers) are using zizmor for offensive research, so you should be using it for defense!
https://docs.zizmor.sh/
Welcome to zizmor's documentation! - zizmor
Static analysis for GitHub Actions
I would personally not be happy if this was the quality of my shipped product.
Seth Larson
