Browse Security Advisories
Security Advisories in actions Clear Filters
Critical
4 days ago
tj-actions/branch-names has a Command Injection Vulnerability
actions
tj-actions/branch-names
High
8 days ago
RageAgainstThePixel/setup-steamcmd leaked authentication token in job output logs
actions
RageAgainstThePixel/setup-steamcmd
High
8 days ago
buildalon/setup-steamcmd leaked authentication token in job output logs
actions
buildalon/setup-steamcmd
Critical
2 months ago
Cromwell GitHub Actions Secrets exfiltration via `Issue_comment`
actions
broadinstitute/cromwell
Moderate
3 months ago
Bullfrog's DNS over TCP bypasses domain filtering
actions
bullfrogsec/bullfrog
Moderate
3 months ago
OZI-Project/ozi-publish Code Injection vulnerability
actions
OZI-Project/publish
Moderate
3 months ago
Harden-Runner allows evasion of 'disable-sudo' policy
actions
step-security/harden-runner
High
4 months ago
canonical/get-workflow-version-action can leak a partial GITHUB_TOKEN in exception output
actions
canonical/get-workflow-version-action
High
4 months ago
Multiple Reviewdog actions were compromised during a specific time period
actions
reviewdog/action-setup
High
5 months ago
tj-actions changed-files through 45.0.7 allows remote attackers to discover secrets by reading actions logs.
actions
tj-actions/changed-files
High
8 months ago
Artifact poisoning vulnerability in action-download-artifact v5 and earlier
actions
dawidd6/action-download-artifact
Low
8 months ago
Harden-Runner has a command injection weaknesses in `setup.ts` and `arc-runner.ts`
actions
step-security/harden-runner
High
11 months ago
@actions/download-artifact has an Arbitrary File Write via artifact extraction
actions
actions/download-artifact
High
12 months ago
GitHub Actions Script Injection in `ultralytics/actions`
actions
ultralytics/actions
Moderate
12 months ago
fish-shop/syntax-check Improper Neutralization of Delimiters
actions
fish-shop/syntax-check
Moderate
over 1 year ago
github-slug-action use of `set-env` Runner commands which are processed via stdout
actions
rlespinasse/github-slug-action
High
over 1 year ago
Potential Actions command injection in output filenames (GHSL-2023-275)
actions
tj-actions/verify-changed-files
High
over 1 year ago
tj-actions/changed-files has Potential Actions command injection in output filenames (GHSL-2023-271)
actions
tj-actions/changed-files
Critical
over 1 year ago
memory overflow vulnerability in OpenEXR-viewer
actions
afichet/openexr-viewer
Critical
over 1 year ago
tj-actions/branch-names's Improper Sanitization of Branch Name Leads to Arbitrary Code Injection
actions
tj-actions/branch-names
Moderate
almost 2 years ago
Actions expression injection in `filter-test-configs` (`GHSL-2023-181`)
actions
https://github.com/pytorch/pytorch/.github/actions/filter-test-configs
High
about 2 years ago
Data written to GitHub Actions Cache may expose secrets
actions
gradle/gradle-build-action
High
over 2 years ago
github-slug-action vulnerable to arbitrary code execution
actions
rlespinasse/github-slug-action
Low
over 2 years ago
Azure/setup-kubectl: Escalation of privilege vulnerability for v3 and lower
actions
Azure/setup-kubectl
High
almost 3 years ago
run-terraform allows for RCE via terraform plan
actions
kartverket/github-workflows
Critical
almost 3 years ago
gajira-create GitHub action vulnerable to arbitrary code execution
actions
atlassian/gajira-create
Moderate
almost 3 years ago
ghas-to-csv vulnerable to Improper Neutralization of Formula Elements in a CSV File
actions
some-natalie/ghas-to-csv
Critical
about 3 years ago
check-spelling workflow vulnerable to token leakage via symlink attack
actions
check-spelling/check-spelling
High
about 3 years ago
Vault GitHub Action did not correctly mask multi-line secrets in output
actions
hashicorp/vault-action
Filter by Severity
Filter by Ecosystem
maven
6,662
packagist
5,355
pypi
4,831
npm
4,188
go
2,795
nuget
1,700
cargo
1,065
rubygems
918
hex
37
swift
35
actions
32
pub
10
Filter by Package
tj-actions/branch-names
2
tj-actions/changed-files
2
step-security/harden-runner
2
rlespinasse/github-slug-action
2
fish-shop/syntax-check
1
ultralytics/actions
1
OZI-Project/publish
1
embano1/wip
1
kartverket/github-workflows
1
Azure/setup-kubectl
1
some-natalie/ghas-to-csv
1
check-spelling/check-spelling
1
atlassian/gajira-create
1
bullfrogsec/bullfrog
1
https://github.com/pytorch/pytorch/.github/actions/filter-test-configs
1
buildalon/setup-steamcmd
1
afichet/openexr-viewer
1
hashicorp/vault-action
1
broadinstitute/cromwell
1
RageAgainstThePixel/setup-steamcmd
1
actions/runner
1
canonical/get-workflow-version-action
1
gradle/gradle-build-action
1
github/codeql-action
1
tj-actions/verify-changed-files
1
dawidd6/action-download-artifact
1
reviewdog/action-setup
1
actions/download-artifact
1
Filter by Repository
https://github.com/tj-actions/branch-names
2
https://github.com/tj-actions/changed-files
2
https://github.com/rlespinasse/github-slug-action
2
https://github.com/step-security/harden-runner
2
https://github.com/embano1/wip
1
https://github.com/atlassian/gajira-create
1
https://github.com/actions/runner
1
https://github.com/gradle/gradle-build-action
1
https://github.com/check-spelling/check-spelling
1
https://github.com/ultralytics/actions
1
https://github.com/Azure/setup-kubectl
1
https://github.com/afichet/openexr-viewer
1
https://github.com/fish-shop/syntax-check
1
https://github.com/actions/download-artifact
1
https://github.com/pytorch/pytorch
1
https://github.com/buildalon/setup-steamcmd
1
https://github.com/reviewdog/reviewdog
1
https://github.com/bullfrogsec/bullfrog
1
https://github.com/OZI-Project/publish
1
https://github.com/kartverket/github-workflows
1
https://github.com/github/codeql-action
1
https://github.com/some-natalie/ghas-to-csv
1
https://github.com/hashicorp/vault-action
1
https://github.com/dawidd6/action-download-artifact
1
https://github.com/canonical/get-workflow-version-action
1
https://github.com/broadinstitute/cromwell
1
https://github.com/RageAgainstThePixel/setup-steamcmd
1
https://github.com/tj-actions/verify-changed-files
1