Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Advisories

High

GSA_kwCzR0hTQS0yYzZtLTZncWgtNnFnM84AAvie

Docker Command Escaping in the GitHub Actions Runner
Ecosystems: actions
Packages: actions/runner
Source: GitHub Advisory Database
Published: 3 months ago

High

GSA_kwCzR0hTQS1mOXFqLTdnaDMtbWhqNM4AAvcr

run-terraform allows for RCE via terraform plan
Ecosystems: actions
Packages: kartverket/github-workflows
Source: GitHub Advisory Database
Published: 4 months ago

Critical

GSA_kwCzR0hTQS00eHF4LXBxcGotOWZxd84AAvMB

gajira-create GitHub action vulnerable to arbitrary code execution
Ecosystems: actions
Packages: atlassian/gajira-create
Source: GitHub Advisory Database
Published: 4 months ago

Moderate

GSA_kwCzR0hTQS02MzRwLTkzaDktOTJ2aM4AAu2Z

ghas-to-csv vulnerable to Improper Neutralization of Formula Elements in a CSV File
Ecosystems: actions
Packages: some-natalie/ghas-to-csv
Source: GitHub Advisory Database
Published: 5 months ago

Critical

GSA_kwCzR0hTQS1nODZnLWNobTgtN3IycM4AAtvI

check-spelling workflow vulnerable to token leakage via symlink attack
Ecosystems: actions
Packages: check-spelling/check-spelling
Source: GitHub Advisory Database
Published: 6 months ago

High

GSA_kwCzR0hTQS00bWd2LW01Y20tZjloN84AAobT

Vault GitHub Action did not correctly mask multi-line secrets in output
Ecosystems: actions
Packages: hashicorp/vault-action
Source: GitHub Advisory Database
Published: 9 months ago

Filter by Severity

Moderate 4,475 High 4,156 Critical 1,894 Low 621

Filter by Ecosystem

maven 3,466 npm 2,960 pypi 2,374 packagist 1,397 go 942 nuget 901 rubygems 640 cargo 575 hex 21 actions 6 pub 4

Filter by Package

kartverket/github-workflows 1 actions/runner 1 check-spelling/check-spelling 1 hashicorp/vault-action 1 some-natalie/ghas-to-csv 1 atlassian/gajira-create 1