Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
actions Security Advisories
Loading...
Critical
Ecosystems: actions
Packages: atlassian/gajira-create
Source: GitHub Advisory Database
Published: 8 months ago
GSA_kwCzR0hTQS00eHF4LXBxcGotOWZxd84AAvMB
gajira-create GitHub action vulnerable to arbitrary code executionEcosystems: actions
Packages: atlassian/gajira-create
Source: GitHub Advisory Database
Published: 8 months ago
Moderate
Ecosystems: actions
Packages: some-natalie/ghas-to-csv
Source: GitHub Advisory Database
Published: 9 months ago
GSA_kwCzR0hTQS02MzRwLTkzaDktOTJ2aM4AAu2Z
ghas-to-csv vulnerable to Improper Neutralization of Formula Elements in a CSV FileEcosystems: actions
Packages: some-natalie/ghas-to-csv
Source: GitHub Advisory Database
Published: 9 months ago
High
Ecosystems: actions
Packages: embano1/wip
Source: GitHub Advisory Database
Published: about 1 month ago
GSA_kwCzR0hTQS1yZzNxLXByZjgtcXhtcM4AAy86
Arbitrary command injection in embano1/wipEcosystems: actions
Packages: embano1/wip
Source: GitHub Advisory Database
Published: about 1 month ago
High
Ecosystems: actions
Packages: gradle/gradle-build-action
Source: GitHub Advisory Database
Published: about 1 month ago
GSA_kwCzR0hTQS1oM3FyLTM5ajktNHI1ds4AAzCh
Data written to GitHub Actions Cache may expose secretsEcosystems: actions
Packages: gradle/gradle-build-action
Source: GitHub Advisory Database
Published: about 1 month ago
Critical
Ecosystems: actions
Packages: check-spelling/check-spelling
Source: GitHub Advisory Database
Published: 10 months ago
GSA_kwCzR0hTQS1nODZnLWNobTgtN3IycM4AAtvI
check-spelling workflow vulnerable to token leakage via symlink attackEcosystems: actions
Packages: check-spelling/check-spelling
Source: GitHub Advisory Database
Published: 10 months ago
High
Ecosystems: actions
Packages: hashicorp/vault-action
Source: GitHub Advisory Database
Published: about 1 year ago
GSA_kwCzR0hTQS00bWd2LW01Y20tZjloN84AAobT
Vault GitHub Action did not correctly mask multi-line secrets in outputEcosystems: actions
Packages: hashicorp/vault-action
Source: GitHub Advisory Database
Published: about 1 year ago
High
Ecosystems: actions
Packages: actions/runner
Source: GitHub Advisory Database
Published: 8 months ago
GSA_kwCzR0hTQS0yYzZtLTZncWgtNnFnM84AAvie
Docker Command Escaping in the GitHub Actions RunnerEcosystems: actions
Packages: actions/runner
Source: GitHub Advisory Database
Published: 8 months ago
High
Ecosystems: actions
Packages: kartverket/github-workflows
Source: GitHub Advisory Database
Published: 8 months ago
GSA_kwCzR0hTQS1mOXFqLTdnaDMtbWhqNM4AAvcr
run-terraform allows for RCE via terraform planEcosystems: actions
Packages: kartverket/github-workflows
Source: GitHub Advisory Database
Published: 8 months ago
Low
Ecosystems: actions
Packages: Azure/setup-kubectl
Source: GitHub Advisory Database
Published: 3 months ago
GSA_kwCzR0hTQS1wNzU2LXJmeGgteDYzaM4AAx-a
Azure/setup-kubectl: Escalation of privilege vulnerability for v3 and lowerEcosystems: actions
Packages: Azure/setup-kubectl
Source: GitHub Advisory Database
Published: 3 months ago
High
Ecosystems: actions
Packages: rlespinasse/github-slug-action
Source: GitHub Advisory Database
Published: 3 months ago
GSA_kwCzR0hTQS02cTRtLTc0NzYtOTMyd84AAyEx
github-slug-action vulnerable to arbitrary code executionEcosystems: actions
Packages: rlespinasse/github-slug-action
Source: GitHub Advisory Database
Published: 3 months ago
Filter by Severity
Filter by Ecosystem