Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-phf6-hm3h-x8qp
  • GitHub Actions/broadinstitute/cromwell
 Cromwell GitHub Actions Secrets exfiltration via `Issue_comment` 28 May
  • Fix available
  • Severity - 9.1 (Critical)
GHSA-m32f-fjw2-37v3
  • GitHub Actions/bullfrogsec/bullfrog
 Bullfrog's DNS over TCP bypasses domain filtering 15 May
  • Fix available
  • Severity - 6.2 (Medium)
GHSA-2487-9f55-2vg9
  • GitHub Actions/OZI-Project/publish
 OZI-Project/ozi-publish Code Injection vulnerability 12 May
  • Fix available
  • Severity - 6.3 (Medium)
GHSA-mxr3-8whj-j74r
  • GitHub Actions/step-security/harden-runner
 Harden-Runner allows evasion of 'disable-sudo' policy 22 Apr
  • Fix available
  • Severity - 6.0 (Medium)
GHSA-26wh-cc3r-w6pj
  • GitHub Actions/canonical/get-workflow-version-action
 canonical/get-workflow-version-action can leak a partial GITHUB_TOKEN in exception output 02 Apr
  • Fix available
  • Severity - 8.2 (High)
GHSA-qmg3-hpqr-gqvc
  • GitHub Actions/reviewdog/action-setup
 Multiple Reviewdog actions were compromised during a specific time period 19 Mar
  • No fix available
  • Severity - 8.6 (High)
GHSA-mrrh-fwg8-r2c3
  • GitHub Actions/tj-actions/changed-files
 tj-actions changed-files through 45.0.7 allows remote attackers to discover secrets by reading actions logs. 15 Mar
  • Fix available
  • Severity - 8.6 (High)
GHSA-5xr6-xhww-33m4
  • GitHub Actions/dawidd6/action-download-artifact
 Artifact poisoning vulnerability in action-download-artifact v5 and earlier 25 Nov 2024
  • Fix available
  • Severity - 8.7 (High)
GHSA-g85v-wf27-67xc
  • GitHub Actions/step-security/harden-runner
 Harden-Runner has a command injection weaknesses in `setup.ts` and `arc-runner.ts` 18 Nov 2024
  • Fix available
  • Severity - 2.7 (Low)
GHSA-cxww-7g56-2vh6
  • GitHub Actions/actions/download-artifact
 @actions/download-artifact has an Arbitrary File Write via artifact extraction 03 Sep 2024
  • Fix available
  • Severity - 8.6 (High)
GHSA-7x29-qqmq-v6qc
  • GitHub Actions/ultralytics/actions
 GitHub Actions Script Injection in `ultralytics/actions` 14 Aug 2024
  • Fix available
  • Severity - 7.8 (High)
GHSA-xj87-mqvh-88w2
  • GitHub Actions/fish-shop/syntax-check
 fish-shop/syntax-check Improper Neutralization of Delimiters 12 Aug 2024
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-7f32-hm4h-w77q
  • GitHub Actions/rlespinasse/github-slug-action
 github-slug-action use of `set-env` Runner commands which are processed via stdout 03 Feb 2024
  • Fix available
GHSA-ghm2-rq8q-wrhc
  • GitHub Actions/tj-actions/verify-changed-files
 Potential Actions command injection in output filenames (GHSL-2023-275) 02 Jan 2024
  • Fix available
  • Severity - 7.7 (High)
GHSA-mcph-m25j-8j63
  • GitHub Actions/tj-actions/changed-files
 tj-actions/changed-files has Potential Actions command injection in output filenames (GHSL-2023-271) 02 Jan 2024
  • Fix available
  • Severity - 7.3 (High)
GHSA-99jg-r3f4-rpxj
  • GitHub Actions/afichet/openexr-viewer
 memory overflow vulnerability in OpenEXR-viewer 12 Dec 2023
  • Fix available
  • Severity - 9.8 (Critical)
Load more...(1 page left)