When a build server injects a Github access token into a container to run a package manager, this should be deleted straight after it is used. Version control access tokens are often present on production infrastructure, allowing an attacker to clone all repositories in the Github org.
PHP Object Instantiation attacks are an appsec issue in PHP applications. They rely on meta-programming used to instantiate classes from user-defined classnames.
Object Injection in PHP. Object Injection vulnerability is security issue with PHP applications using the unserialize() function. In the worst case, it can lead to remote code execution.