Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-65rg-554r-9j5x
  • GitHub Actions/lycheeverse/lychee-action
 lychee link checking action affected by arbitrary code injection in composite action 2 days ago
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-x6gv-2rvh-qmp6
  • GitHub Actions/m00nl1ght-dev/steam-workshop-deploy
  • GitHub Actions/BoldestDungeon/steam-workshop-deploy
 m00nl1ght-dev/steam-workshop-deploy: Exposure of Version-Control Repository to an Unauthorized Control Sphere and Insufficiently Protected Credentials 13 Aug
  • Fix available
  • Severity - 10.0 (Critical)
GHSA-gq52-6phf-x2r6
  • GitHub Actions/tj-actions/branch-names
 tj-actions/branch-names has a Command Injection Vulnerability 25 Jul
  • Fix available
  • Severity - 9.1 (Critical)
GHSA-c5qx-p38x-qf5w
  • GitHub Actions/RageAgainstThePixel/setup-steamcmd
 RageAgainstThePixel/setup-steamcmd leaked authentication token in job output logs 21 Jul
  • Fix available
  • Severity - 8.7 (High)
GHSA-mj96-mh85-r574
  • GitHub Actions/buildalon/setup-steamcmd
 buildalon/setup-steamcmd leaked authentication token in job output logs 21 Jul
  • Fix available
  • Severity - 8.7 (High)
GHSA-phf6-hm3h-x8qp
  • GitHub Actions/broadinstitute/cromwell
 Cromwell GitHub Actions Secrets exfiltration via `Issue_comment` 28 May
  • Fix available
  • Severity - 9.1 (Critical)
GHSA-m32f-fjw2-37v3
  • GitHub Actions/bullfrogsec/bullfrog
 Bullfrog's DNS over TCP bypasses domain filtering 15 May
  • Fix available
  • Severity - 6.2 (Medium)
GHSA-2487-9f55-2vg9
  • GitHub Actions/OZI-Project/publish
 OZI-Project/ozi-publish Code Injection vulnerability 12 May
  • Fix available
  • Severity - 6.3 (Medium)
GHSA-mxr3-8whj-j74r
  • GitHub Actions/step-security/harden-runner
 Harden-Runner allows evasion of 'disable-sudo' policy 22 Apr
  • Fix available
  • Severity - 6.0 (Medium)
GHSA-26wh-cc3r-w6pj
  • GitHub Actions/canonical/get-workflow-version-action
 canonical/get-workflow-version-action can leak a partial GITHUB_TOKEN in exception output 02 Apr
  • Fix available
  • Severity - 8.2 (High)
GHSA-qmg3-hpqr-gqvc
  • GitHub Actions/reviewdog/action-setup
 Multiple Reviewdog actions were compromised during a specific time period 19 Mar
  • No fix available
  • Severity - 8.6 (High)
GHSA-mrrh-fwg8-r2c3
  • GitHub Actions/tj-actions/changed-files
 tj-actions changed-files through 45.0.7 allows remote attackers to discover secrets by reading actions logs. 15 Mar
  • Fix available
  • Severity - 8.6 (High)
GHSA-5xr6-xhww-33m4
  • GitHub Actions/dawidd6/action-download-artifact
 Artifact poisoning vulnerability in action-download-artifact v5 and earlier 25 Nov 2024
  • Fix available
  • Severity - 8.7 (High)
GHSA-g85v-wf27-67xc
  • GitHub Actions/step-security/harden-runner
 Harden-Runner has a command injection weaknesses in `setup.ts` and `arc-runner.ts` 18 Nov 2024
  • Fix available
  • Severity - 2.7 (Low)
GHSA-cxww-7g56-2vh6
  • GitHub Actions/actions/download-artifact
 @actions/download-artifact has an Arbitrary File Write via artifact extraction 03 Sep 2024
  • Fix available
  • Severity - 8.6 (High)
GHSA-7x29-qqmq-v6qc
  • GitHub Actions/ultralytics/actions
 GitHub Actions Script Injection in `ultralytics/actions` 14 Aug 2024
  • Fix available
  • Severity - 7.8 (High)
Load more...(2 pages left)