GitHub 'Verified' Commits Can Be Rewritten Into New Hashes Without Breaking Signatures
A vulnerability has been discovered in GitHub's commit verification process, allowing unsigned commits to be rewritten with new hashes while retaining valid signatures, which undermines the uniqueness