Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-pwf7-47c3-mfhx
  • GitHub Actions/j178/prek-action
 j178/prek-action vulnerable to arbitrary code injection in composite action 29 Sep
  • Fix available
  • Severity - 9.9 (Critical)
GHSA-5xq9-5g24-4g6f
  • GitHub Actions/SonarSource/sonarqube-scan-action
 Argument injection vulnerability in SonarQube Scan Action 26 Sep
  • Fix available
  • Severity - 7.7 (High)
GHSA-vxmw-7h4f-hqxh
  • GitHub Actions/pypa/gh-action-pypi-publish
 PyPI publish GitHub Action vulnerable to injectable expression expansions in action steps 04 Sep
  • Fix available
GHSA-f79p-9c5r-xg88
  • GitHub Actions/SonarSource/sonarqube-scan-action
 Command Injection via sonarqube-scan-action GitHub Action 02 Sep
  • Fix available
  • Severity - 7.8 (High)
GHSA-65rg-554r-9j5x
  • GitHub Actions/lycheeverse/lychee-action
 lychee link checking action affected by arbitrary code injection in composite action 28 Aug
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-x6gv-2rvh-qmp6
  • GitHub Actions/m00nl1ght-dev/steam-workshop-deploy
  • GitHub Actions/BoldestDungeon/steam-workshop-deploy
 m00nl1ght-dev/steam-workshop-deploy: Exposure of Version-Control Repository to an Unauthorized Control Sphere and Insufficiently Protected Credentials 13 Aug
  • Fix available
  • Severity - 10.0 (Critical)
GHSA-gq52-6phf-x2r6
  • GitHub Actions/tj-actions/branch-names
 tj-actions/branch-names has a Command Injection Vulnerability 25 Jul
  • Fix available
  • Severity - 9.1 (Critical)
GHSA-c5qx-p38x-qf5w
  • GitHub Actions/RageAgainstThePixel/setup-steamcmd
 RageAgainstThePixel/setup-steamcmd leaked authentication token in job output logs 21 Jul
  • Fix available
  • Severity - 8.7 (High)
GHSA-mj96-mh85-r574
  • GitHub Actions/buildalon/setup-steamcmd
 buildalon/setup-steamcmd leaked authentication token in job output logs 21 Jul
  • Fix available
  • Severity - 8.7 (High)
GHSA-phf6-hm3h-x8qp
  • GitHub Actions/broadinstitute/cromwell
 Cromwell GitHub Actions Secrets exfiltration via `Issue_comment` 28 May
  • Fix available
  • Severity - 9.1 (Critical)
GHSA-m32f-fjw2-37v3
  • GitHub Actions/bullfrogsec/bullfrog
 Bullfrog's DNS over TCP bypasses domain filtering 15 May
  • Fix available
  • Severity - 6.2 (Medium)
GHSA-2487-9f55-2vg9
  • GitHub Actions/OZI-Project/publish
 OZI-Project/ozi-publish Code Injection vulnerability 12 May
  • Fix available
  • Severity - 6.3 (Medium)
GHSA-mxr3-8whj-j74r
  • GitHub Actions/step-security/harden-runner
 Harden-Runner allows evasion of 'disable-sudo' policy 22 Apr
  • Fix available
  • Severity - 6.0 (Medium)
GHSA-26wh-cc3r-w6pj
  • GitHub Actions/canonical/get-workflow-version-action
 canonical/get-workflow-version-action can leak a partial GITHUB_TOKEN in exception output 02 Apr
  • Fix available
  • Severity - 8.2 (High)
GHSA-qmg3-hpqr-gqvc
  • GitHub Actions/reviewdog/action-setup
 Multiple Reviewdog actions were compromised during a specific time period 19 Mar
  • No fix available
  • Severity - 8.6 (High)
GHSA-mrrh-fwg8-r2c3
  • GitHub Actions/tj-actions/changed-files
 tj-actions changed-files through 45.0.7 allows remote attackers to discover secrets by reading actions logs. 15 Mar
  • Fix available
  • Severity - 8.6 (High)
Load more...(2 pages left)