Yeah nah. While the particular law is incredibly vague nonsense, if the purpose of the tool is security research or to harden your infrastructure against the impact of the vulnerability (as opposed to preparation of an actual crime) it would not be illegal to publish this in Germany.
Could you go into this a bit, is there caselaw you're relying on? AIUI (and I've not being following closely) Germany's equivalent to CFAA (in USA, or CMA in UK) makes the provision of 'hacker' tools capable of being used for intrusion to be a crime. Honestly, I thought it was an absolute liability law (that you can't work around by proving you had no ill intent)?
IANAL but the few cases I'm aware off have all been thrown out. The hacker tool provision in question starts out from a position of intent [0] (which was part of why a high profile case where a journalist sued themselves was thrown out). I'm honestly not aware of a case where this was successfully applied in court since it's inception in 2007. I might have missed some smaller stuff over the years but as long as you're not actively advertising your make-pretend "dual use" malware exclusively on the dark net you'd likely be fine. Germany's supreme court has relatively early on argued on a pretty strict interpretation of the paragraph (according to various publications related to [1] back around 2010).
There have apparently been a few search warrants that referenced it but otherwise it's pretty much the toothless tiger you'd expect from a country that relies on potentially "dual use" software the paragraph would likely apply to in wider interpretations (or at least seems to be in constant talks with spyware manufacturers for their own executive branches).
edit: Okay, apparently I've missed a few [3] where it was actually applied. Maybe don't spy on people using keyloggers, but I'm sure other laws cover that part as well.
From what I know there are also other countries that do the same.
So now GitHub would have to implement region availability not to get into trouble with German law.
Let alone this is so fresh that preventing script kiddies from downloading a tool is perfectly valid move.