Skip Navigation

Anyone can Access Deleted and Private Repository Data on GitHub ◆ Truffle Security Co.

trufflesecurity.com Anyone can Access Deleted and Private Repository Data on GitHub ◆ Truffle Security Co.

You can access data from deleted forks, deleted repositories and even private repositories on GitHub. And it is available forever. This is known by GitHub, and intentionally designed that way.

Anyone can Access Deleted and Private Repository Data on GitHub ◆ Truffle Security Co.

tl;dr - If a project has been forked or is a fork, you can bruteforce short commit id to see commits from other projects. It doesn't matter if those projects were deleted or made private.

1
1 comments