Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-26wh-cc3r-w6pj
  • GitHub Actions/canonical/get-workflow-version-action
 canonical/get-workflow-version-action can leak a partial GITHUB_TOKEN in exception output 02 Apr
  • Fix available
  • Severity - 8.2 (High)
GHSA-qmg3-hpqr-gqvc
  • GitHub Actions/reviewdog/action-setup
 Multiple Reviewdog actions were compromised during a specific time period 19 Mar
  • No fix available
  • Severity - 8.6 (High)
GHSA-mrrh-fwg8-r2c3
  • GitHub Actions/tj-actions/changed-files
 tj-actions changed-files through 45.0.7 allows remote attackers to discover secrets by reading actions logs. 15 Mar
  • Fix available
  • Severity - 8.6 (High)
GHSA-5xr6-xhww-33m4
  • GitHub Actions/dawidd6/action-download-artifact
 Artifact poisoning vulnerability in action-download-artifact v5 and earlier 25 Nov 2024
  • Fix available
  • Severity - 8.7 (High)
GHSA-g85v-wf27-67xc
  • GitHub Actions/step-security/harden-runner
 Harden-Runner has a command injection weaknesses in `setup.ts` and `arc-runner.ts` 18 Nov 2024
  • Fix available
  • Severity - 2.7 (Low)
GHSA-cxww-7g56-2vh6
  • GitHub Actions/actions/download-artifact
 @actions/download-artifact has an Arbitrary File Write via artifact extraction 03 Sep 2024
  • Fix available
  • Severity - 8.6 (High)
GHSA-7x29-qqmq-v6qc
  • GitHub Actions/ultralytics/actions
 GitHub Actions Script Injection in `ultralytics/actions` 14 Aug 2024
  • Fix available
  • Severity - 7.8 (High)
GHSA-xj87-mqvh-88w2
  • GitHub Actions/fish-shop/syntax-check
 fish-shop/syntax-check Improper Neutralization of Delimiters 12 Aug 2024
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-7f32-hm4h-w77q
  • GitHub Actions/rlespinasse/github-slug-action
 github-slug-action use of `set-env` Runner commands which are processed via stdout 03 Feb 2024
  • Fix available
GHSA-ghm2-rq8q-wrhc
  • GitHub Actions/tj-actions/verify-changed-files
 Potential Actions command injection in output filenames (GHSL-2023-275) 02 Jan 2024
  • Fix available
  • Severity - 7.7 (High)
GHSA-mcph-m25j-8j63
  • GitHub Actions/tj-actions/changed-files
 tj-actions/changed-files has Potential Actions command injection in output filenames (GHSL-2023-271) 02 Jan 2024
  • Fix available
  • Severity - 7.3 (High)
GHSA-99jg-r3f4-rpxj
  • GitHub Actions/afichet/openexr-viewer
 memory overflow vulnerability in OpenEXR-viewer 12 Dec 2023
  • Fix available
  • Severity - 9.8 (Critical)
GHSA-8v8w-v8xg-79rf
  • GitHub Actions/tj-actions/branch-names
 tj-actions/branch-names's Improper Sanitization of Branch Name Leads to Arbitrary Code Injection 05 Dec 2023
  • Fix available
  • Severity - 9.3 (Critical)
GHSA-hw6r-g8gj-2987
  • GitHub Actions/https://github.com/pytorch/pytorch/.github/actions/filter-test-configs
 Actions expression injection in `filter-test-configs` (`GHSL-2023-181`) 30 Aug 2023
  • No fix available
GHSA-h3qr-39j9-4r5v
  • GitHub Actions/gradle/gradle-build-action
 Data written to GitHub Actions Cache may expose secrets 01 May 2023
  • Fix available
  • Severity - 7.6 (High)
GHSA-rg3q-prf8-qxmp
  • GitHub Actions/embano1/wip
 Arbitrary command injection in embano1/wip 24 Apr 2023
  • Fix available
  • Severity - 8.8 (High)
Load more...(1 page left)