Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
actions Security Advisories
Browse all Security Advisories for actions
Loading...
Low
Ecosystems: actions
Packages: step-security/harden-runner
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 days ago
GSA_kwCzR0hTQS1nODV2LXdmMjctNjd4Y84ABBec
Harden-Runner has a command injection weaknesses in `setup.ts` and `arc-runner.ts`Ecosystems: actions
Packages: step-security/harden-runner
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 days ago
High
Ecosystems: actions
Packages: actions/download-artifact
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
GSA_kwCzR0hTQS1jeHd3LTdnNTYtMnZoNs4AA_QJ
@actions/download-artifact has an Arbitrary File Write via artifact extractionEcosystems: actions
Packages: actions/download-artifact
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
High
Ecosystems: actions
Packages: ultralytics/actions
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
GSA_kwCzR0hTQS03eDI5LXFxbXEtdjZxY84AA-q-
GitHub Actions Script Injection in `ultralytics/actions`Ecosystems: actions
Packages: ultralytics/actions
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Moderate
Ecosystems: actions
Packages: fish-shop/syntax-check
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
GSA_kwCzR0hTQS14ajg3LW1xdmgtODh3Ms4AA-jK
fish-shop/syntax-check Improper Neutralization of DelimitersEcosystems: actions
Packages: fish-shop/syntax-check
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Moderate
Ecosystems: actions
Packages: rlespinasse/github-slug-action
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
GSA_kwCzR0hTQS03ZjMyLWhtNGgtdzc3cc4AA5Cs
github-slug-action use of `set-env` Runner commands which are processed via stdoutEcosystems: actions
Packages: rlespinasse/github-slug-action
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
High
Ecosystems: actions
Packages: tj-actions/verify-changed-files
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
GSA_kwCzR0hTQS1naG0yLXJxOHEtd3JoY84AA4Jn
Potential Actions command injection in output filenames (GHSL-2023-275)Ecosystems: actions
Packages: tj-actions/verify-changed-files
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
High
Ecosystems: actions
Packages: tj-actions/changed-files
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
GSA_kwCzR0hTQS1tY3BoLW0yNWotOGo2M84AA4Jm
tj-actions/changed-files has Potential Actions command injection in output filenames (GHSL-2023-271)Ecosystems: actions
Packages: tj-actions/changed-files
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Critical
Ecosystems: actions
Packages: afichet/openexr-viewer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
GSA_kwCzR0hTQS05OWpnLXIzZjQtcnB4as4AA3ss
memory overflow vulnerability in OpenEXR-viewerEcosystems: actions
Packages: afichet/openexr-viewer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Critical
Ecosystems: actions
Packages: tj-actions/branch-names
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 months ago
GSA_kwCzR0hTQS04djh3LXY4eGctNzlyZs4AA3lB
tj-actions/branch-names's Improper Sanitization of Branch Name Leads to Arbitrary Code InjectionEcosystems: actions
Packages: tj-actions/branch-names
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 months ago
Moderate
Ecosystems: actions
Packages: https://github.com/pytorch/pytorch/.github/actions/filter-test-configs
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
GSA_kwCzR0hTQS1odzZyLWc4Z2otMjk4N84AA1lL
Actions expression injection in `filter-test-configs` (`GHSL-2023-181`)Ecosystems: actions
Packages: https://github.com/pytorch/pytorch/.github/actions/filter-test-configs
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
Ecosystems: actions
Packages: gradle/gradle-build-action
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
GSA_kwCzR0hTQS1oM3FyLTM5ajktNHI1ds4AAzCh
Data written to GitHub Actions Cache may expose secretsEcosystems: actions
Packages: gradle/gradle-build-action
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
Ecosystems: actions
Packages: embano1/wip
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
GSA_kwCzR0hTQS1yZzNxLXByZjgtcXhtcM4AAy86
Arbitrary command injection in embano1/wipEcosystems: actions
Packages: embano1/wip
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
Ecosystems: actions
Packages: rlespinasse/github-slug-action
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
GSA_kwCzR0hTQS02cTRtLTc0NzYtOTMyd84AAyEx
github-slug-action vulnerable to arbitrary code executionEcosystems: actions
Packages: rlespinasse/github-slug-action
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Low
Ecosystems: actions
Packages: Azure/setup-kubectl
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
GSA_kwCzR0hTQS1wNzU2LXJmeGgteDYzaM4AAx-a
Azure/setup-kubectl: Escalation of privilege vulnerability for v3 and lowerEcosystems: actions
Packages: Azure/setup-kubectl
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
Ecosystems: actions
Packages: actions/runner
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
GSA_kwCzR0hTQS0yYzZtLTZncWgtNnFnM84AAvie
Docker Command Escaping in the GitHub Actions RunnerEcosystems: actions
Packages: actions/runner
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
Ecosystems: actions
Packages: kartverket/github-workflows
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
GSA_kwCzR0hTQS1mOXFqLTdnaDMtbWhqNM4AAvcr
run-terraform allows for RCE via terraform planEcosystems: actions
Packages: kartverket/github-workflows
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Critical
Ecosystems: actions
Packages: atlassian/gajira-create
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
GSA_kwCzR0hTQS00eHF4LXBxcGotOWZxd84AAvMB
gajira-create GitHub action vulnerable to arbitrary code executionEcosystems: actions
Packages: atlassian/gajira-create
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
Ecosystems: actions
Packages: some-natalie/ghas-to-csv
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
GSA_kwCzR0hTQS02MzRwLTkzaDktOTJ2aM4AAu2Z
ghas-to-csv vulnerable to Improper Neutralization of Formula Elements in a CSV FileEcosystems: actions
Packages: some-natalie/ghas-to-csv
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Critical
Ecosystems: actions
Packages: check-spelling/check-spelling
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
GSA_kwCzR0hTQS1nODZnLWNobTgtN3IycM4AAtvI
check-spelling workflow vulnerable to token leakage via symlink attackEcosystems: actions
Packages: check-spelling/check-spelling
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
Ecosystems: actions
Packages: hashicorp/vault-action
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
GSA_kwCzR0hTQS00bWd2LW01Y20tZjloN84AAobT
Vault GitHub Action did not correctly mask multi-line secrets in outputEcosystems: actions
Packages: hashicorp/vault-action
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Statistics
Advisories: 20,668
Packages: 9,040
Repositories: 19
Ecosystems: 12
Packages: 9,040
Repositories: 19
Ecosystems: 12
Filter by Severity
Filter by Ecosystem
Filter by Package
rlespinasse/github-slug-action
2
ultralytics/actions
1
embano1/wip
1
gradle/gradle-build-action
1
actions/runner
1
kartverket/github-workflows
1
hashicorp/vault-action
1
check-spelling/check-spelling
1
atlassian/gajira-create
1
Azure/setup-kubectl
1
https://github.com/pytorch/pytorch/.github/actions/filter-test-configs
1
tj-actions/branch-names
1
afichet/openexr-viewer
1
tj-actions/verify-changed-files
1
actions/download-artifact
1
step-security/harden-runner
1
tj-actions/changed-files
1
some-natalie/ghas-to-csv
1
fish-shop/syntax-check
1
Filter by Repository
https://github.com/rlespinasse/github-slug-action
2
https://github.com/actions/download-artifact
1
https://github.com/actions/runner
1
https://github.com/afichet/openexr-viewer
1
https://github.com/atlassian/gajira-create
1
https://github.com/Azure/setup-kubectl
1
https://github.com/check-spelling/check-spelling
1
https://github.com/embano1/wip
1
https://github.com/fish-shop/syntax-check
1
https://github.com/gradle/gradle-build-action
1
https://github.com/hashicorp/vault-action
1
https://github.com/kartverket/github-workflows
1
https://github.com/pytorch/pytorch
1
https://github.com/some-natalie/ghas-to-csv
1
https://github.com/step-security/harden-runner
1
https://github.com/tj-actions/branch-names
1
https://github.com/tj-actions/changed-files
1
https://github.com/tj-actions/verify-changed-files
1
https://github.com/ultralytics/actions
1