You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What GitHub Actions topic or product is this about?
General
Discussion Details
Urgent Account Restoration Request — asrar‑mared
Introduction
I, asrar‑mared, an independent security researcher from Egypt, submit this formal request following the unexpected suspension of my GitHub account without prior notice or official explanation. This suspension has directly impacted my ability to continue critical contributions to the GitHub ecosystem, including the discovery of 119 critical vulnerabilities in a single NPM library and continuous work across GHSA, CVE, and advisory improvements.
I still have full access to all recovery methods, including my password, verified emails, SSH keys, and personal access tokens. I completed every documented recovery step, yet GitHub is not sending any official recovery email. This indicates a system‑level issue, not a missing‑credentials problem.
Timeline of Events
Discovered 119 critical vulnerabilities in an NPM library, including:
SQL Injection
XSS
Authentication Bypass
All classified as Critical, affecting millions of users.
Developed a 9‑stage automated remediation script, fully documented with video evidence.
Submitted multiple PRs that were auto‑approved and merged by GitHub’s automation system.
Encountered identity issues due to mismatched emails on my mobile device, causing commit attribution conflicts.
Paid for GitHub subscription via Google Play; payment was processed and invoiced, yet the account was suspended afterward.
Internal GitHub Evidence
My repositories contain full documented history of my security work, including 49+ resolved vulnerabilities, CVE mappings, remediation scripts, and advisory improvements:
Full access to all repositories, contributions, and historical data.
Official acknowledgment of the documented security contributions.
Assurance that no future suspension occurs without notice or appeal opportunity.
Escalation of my case to a human reviewer, as all recovery methods are available but the system refuses to send verification emails.
Conclusion
All evidence provided is verifiable through GitHub’s own infrastructure. I request an urgent human review and full restoration of my account within 24–48 hours.
asrar‑mared
Independent Security Researcher
Discoverer of 119 critical vulnerabilities
Developer of the 9‑stage automated remediation script
Additional Statement from the Researcher
I would like to clarify that I still have full access to all my recovery methods. I have my password, all my verified email addresses, my SSH keys, and my personal access tokens. I followed every documented recovery step exactly as required, yet GitHub is not sending any official recovery or verification email to my registered addresses. This confirms that the issue is not related to missing credentials or user error, but rather a system‑level problem affecting my account.
My account contains extensive and verifiable security work, including GHSA improvements, CVE contributions, automated remediation scripts, and a long history of vulnerability discovery and advisory enhancements. If required, I am fully prepared to provide a complete evidence file containing logs, timestamps, repository activity, and documentation of all security operations performed.
Given that all recovery requirements have been fulfilled and the system still refuses to send verification emails, I respectfully request that my case be escalated to the appropriate human review team. This situation directly affects ongoing security contributions and requires immediate attention.
Did I make a mistake when I found ten thousand people stuck because of security vulnerabilities and fixed them? Is it my fault that I contributed to the community without expecting anything in return? Does the security platform update I implemented benefit only me? I log in every day while being threatened by dozens of hackers—does that mean I should stop helping the community?
Compare the number of vulnerabilities I fixed in one month with the number of solutions I delivered—not just a single fix, but a complete system that I monitored for six months. Did I lose all of that, or is this discrimination?
If they had found that I did something that deserved my account being suspended, I would have sent them six files to upload to GitHub in 2026, all completely free of vulnerabilities. Six months of exhausting work from my phone, and then someone steps in to take all that effort away? I am not a child.
I am clarifying this because I am the one saying: if anything appears that violates my rights, I will publish the six files on the platform, all free of vulnerabilities.
I will also include all recorded evidence, including YouTube videos showing the full vulnerability discovery and remediation process step‑by‑step. All my work is fully documented, time‑stamped, and verifiable, and I am prepared to provide every link and proof publicly to ensure full transparency.
ActionsBuild, test, and automate your deployment pipeline with world-class CI/CDGeneralGeneral topics and discussions that don't fit into other categories, but are related to GitHubQuestionAsk and answer questions about GitHub features and usageWelcome 🎉Used to greet and highlight first-time discussion participants. Welcome to the community!
1 participant
Heading
Bold
Italic
Quote
Code
Link
Numbered list
Unordered list
Task list
Attach files
Mention
Reference
Menu
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
GitHub Community
Uh oh!
There was an error while loading. Please reload this page.
-
Why are you starting this discussion?
Question
What GitHub Actions topic or product is this about?
General
Discussion Details
Urgent Account Restoration Request — asrar‑mared
Introduction
I, asrar‑mared, an independent security researcher from Egypt, submit this formal request following the unexpected suspension of my GitHub account without prior notice or official explanation. This suspension has directly impacted my ability to continue critical contributions to the GitHub ecosystem, including the discovery of 119 critical vulnerabilities in a single NPM library and continuous work across GHSA, CVE, and advisory improvements.
I still have full access to all recovery methods, including my password, verified emails, SSH keys, and personal access tokens. I completed every documented recovery step, yet GitHub is not sending any official recovery email. This indicates a system‑level issue, not a missing‑credentials problem.
Timeline of Events
All classified as Critical, affecting millions of users.
Writing objects: 100% (380198/380198), 120.56 MiB | 47.05 MiB/s Resolving deltas: 100% (114572/114572) Bypassed rule violations for refs/heads/masterImpact of the Suspension
Evidence Section
Video Evidence
YouTube: https://youtu.be/hInB4o06HCM?si=oCSMk0FlbZMFSZcJ (youtu.be in Bing)
http://vt.tiktok.com/ZSmWCSJfq
Image Evidence
Five screenshots documenting:
Internal GitHub Evidence
My repositories contain full documented history of my security work, including 49+ resolved vulnerabilities, CVE mappings, remediation scripts, and advisory improvements:
These repositories remain publicly visible and verifiable even while my account is suspended.
Automated Security Actions (System Activity IDs)
GitHub’s internal logs confirm automated security operations triggered on my repositories:
GHSA Contributions (Selection)
CVE Contributions
Formal Request
I respectfully request:
Conclusion
All evidence provided is verifiable through GitHub’s own infrastructure. I request an urgent human review and full restoration of my account within 24–48 hours.
asrar‑mared
Independent Security Researcher
Discoverer of 119 critical vulnerabilities
Developer of the 9‑stage automated remediation script
Additional Statement from the Researcher
I would like to clarify that I still have full access to all my recovery methods. I have my password, all my verified email addresses, my SSH keys, and my personal access tokens. I followed every documented recovery step exactly as required, yet GitHub is not sending any official recovery or verification email to my registered addresses. This confirms that the issue is not related to missing credentials or user error, but rather a system‑level problem affecting my account.
My account contains extensive and verifiable security work, including GHSA improvements, CVE contributions, automated remediation scripts, and a long history of vulnerability discovery and advisory enhancements. If required, I am fully prepared to provide a complete evidence file containing logs, timestamps, repository activity, and documentation of all security operations performed.
Given that all recovery requirements have been fulfilled and the system still refuses to send verification emails, I respectfully request that my case be escalated to the appropriate human review team. This situation directly affects ongoing security contributions and requires immediate attention.
Did I make a mistake when I found ten thousand people stuck because of security vulnerabilities and fixed them? Is it my fault that I contributed to the community without expecting anything in return? Does the security platform update I implemented benefit only me? I log in every day while being threatened by dozens of hackers—does that mean I should stop helping the community?
Compare the number of vulnerabilities I fixed in one month with the number of solutions I delivered—not just a single fix, but a complete system that I monitored for six months. Did I lose all of that, or is this discrimination?
If they had found that I did something that deserved my account being suspended, I would have sent them six files to upload to GitHub in 2026, all completely free of vulnerabilities. Six months of exhausting work from my phone, and then someone steps in to take all that effort away? I am not a child.
I am clarifying this because I am the one saying: if anything appears that violates my rights, I will publish the six files on the platform, all free of vulnerabilities.
I will also include all recorded evidence, including YouTube videos showing the full vulnerability discovery and remediation process step‑by‑step. All my work is fully documented, time‑stamped, and verifiable, and I am prepared to provide every link and proof publicly to ensure full transparency.
https://youtu.be/hInB4o06HCM?si=82-wvVwmpxzUqYWg
https://youtube.com/shorts/vicrJxOpGhM?si=mW_wCRR_no7EfgEZ
https://youtube.com/shorts/8I37BZP6_uI?si=iPFiaX4uTTQQSd3C
Urgent__Account_Restoration_Request___asrar-mared__Security_Contributions_ (1).pdf
Beta Was this translation helpful? Give feedback.
All reactions