actions
32,232 packages · github actions
Security Advisories in actions
Critical
2 days ago
j178/prek-action vulnerable to arbitrary code injection in composite action
actions
j178/prek-action
High
5 days ago
Argument injection vulnerability in SonarQube Scan Action
actions
SonarSource/sonarqube-scan-action
Low
27 days ago
PyPI publish GitHub Action vulnerable to injectable expression expansions in action steps
actions
pypa/gh-action-pypi-publish
High
29 days ago
Command Injection via sonarqube-scan-action GitHub Action
actions
SonarSource/sonarqube-scan-action
Moderate
about 1 month ago
lychee link checking action affected by arbitrary code injection in composite action
actions
lycheeverse/lychee-action
Critical
about 2 months ago
m00nl1ght-dev/steam-workshop-deploy: Exposure of Version-Control Repository to an Unauthorized Control Sphere and Insufficiently Protected Credentials
actions
BoldestDungeon/steam-workshop-deploy, m00nl1ght-dev/steam-workshop-deploy
Critical
2 months ago
tj-actions/branch-names has a Command Injection Vulnerability
actions
tj-actions/branch-names
High
2 months ago
RageAgainstThePixel/setup-steamcmd leaked authentication token in job output logs
actions
RageAgainstThePixel/setup-steamcmd
High
2 months ago
buildalon/setup-steamcmd leaked authentication token in job output logs
actions
buildalon/setup-steamcmd
Critical
4 months ago
Cromwell GitHub Actions Secrets exfiltration via `Issue_comment`
actions
broadinstitute/cromwell
Moderate
5 months ago
Bullfrog's DNS over TCP bypasses domain filtering
actions
bullfrogsec/bullfrog
Moderate
5 months ago
OZI-Project/ozi-publish Code Injection vulnerability
actions
OZI-Project/publish
Moderate
5 months ago
Harden-Runner allows evasion of 'disable-sudo' policy
actions
step-security/harden-runner
High
6 months ago
canonical/get-workflow-version-action can leak a partial GITHUB_TOKEN in exception output
actions
canonical/get-workflow-version-action
High
7 months ago
Multiple Reviewdog actions were compromised during a specific time period
actions
reviewdog/action-setup
High
7 months ago
tj-actions changed-files through 45.0.7 allows remote attackers to discover secrets by reading actions logs.
actions
tj-actions/changed-files
High
10 months ago
Artifact poisoning vulnerability in action-download-artifact v5 and earlier
actions
dawidd6/action-download-artifact
Low
11 months ago
Harden-Runner has a command injection weaknesses in `setup.ts` and `arc-runner.ts`
actions
step-security/harden-runner
High
about 1 year ago
@actions/download-artifact has an Arbitrary File Write via artifact extraction
actions
actions/download-artifact
High
about 1 year ago
GitHub Actions Script Injection in `ultralytics/actions`
actions
ultralytics/actions
Moderate
about 1 year ago
fish-shop/syntax-check Improper Neutralization of Delimiters
actions
fish-shop/syntax-check
Moderate
over 1 year ago
github-slug-action use of `set-env` Runner commands which are processed via stdout
actions
rlespinasse/github-slug-action
High
over 1 year ago
Potential Actions command injection in output filenames (GHSL-2023-275)
actions
tj-actions/verify-changed-files
High
over 1 year ago
tj-actions/changed-files has Potential Actions command injection in output filenames (GHSL-2023-271)
actions
tj-actions/changed-files
Critical
almost 2 years ago
memory overflow vulnerability in OpenEXR-viewer
actions
afichet/openexr-viewer
Critical
almost 2 years ago
tj-actions/branch-names's Improper Sanitization of Branch Name Leads to Arbitrary Code Injection
actions
tj-actions/branch-names
Moderate
about 2 years ago
Actions expression injection in `filter-test-configs` (`GHSL-2023-181`)
actions
https://github.com/pytorch/pytorch/.github/actions/filter-test-configs
High
over 2 years ago
Data written to GitHub Actions Cache may expose secrets
actions
gradle/gradle-build-action
High
over 2 years ago
github-slug-action vulnerable to arbitrary code execution
actions
rlespinasse/github-slug-action
Low
over 2 years ago
Azure/setup-kubectl: Escalation of privilege vulnerability for v3 and lower
actions
Azure/setup-kubectl
High
almost 3 years ago
run-terraform allows for RCE via terraform plan
actions
kartverket/github-workflows
Critical
almost 3 years ago
gajira-create GitHub action vulnerable to arbitrary code execution
actions
atlassian/gajira-create
Moderate
about 3 years ago
ghas-to-csv vulnerable to Improper Neutralization of Formula Elements in a CSV File
actions
some-natalie/ghas-to-csv
Critical
about 3 years ago
check-spelling workflow vulnerable to token leakage via symlink attack
actions
check-spelling/check-spelling
High
over 3 years ago
Vault GitHub Action did not correctly mask multi-line secrets in output
actions
hashicorp/vault-action
Filter by Severity
Filter by Package
step-security/harden-runner
2
tj-actions/branch-names
2
rlespinasse/github-slug-action
2
tj-actions/changed-files
2
SonarSource/sonarqube-scan-action
2
reviewdog/action-setup
1
pypa/gh-action-pypi-publish
1
actions/download-artifact
1
fish-shop/syntax-check
1
m00nl1ght-dev/steam-workshop-deploy
1
ultralytics/actions
1
OZI-Project/publish
1
embano1/wip
1
kartverket/github-workflows
1
Azure/setup-kubectl
1
some-natalie/ghas-to-csv
1
check-spelling/check-spelling
1
atlassian/gajira-create
1
bullfrogsec/bullfrog
1
https://github.com/pytorch/pytorch/.github/actions/filter-test-configs
1
buildalon/setup-steamcmd
1
afichet/openexr-viewer
1
hashicorp/vault-action
1
broadinstitute/cromwell
1
RageAgainstThePixel/setup-steamcmd
1
actions/runner
1
canonical/get-workflow-version-action
1
gradle/gradle-build-action
1
BoldestDungeon/steam-workshop-deploy
1
tj-actions/verify-changed-files
1
lycheeverse/lychee-action
1
github/codeql-action
1
dawidd6/action-download-artifact
1
j178/prek-action
1
Filter by Repository
https://github.com/tj-actions/changed-files
2
https://github.com/tj-actions/branch-names
2
https://github.com/rlespinasse/github-slug-action
2
https://github.com/step-security/harden-runner
2
https://github.com/SonarSource/sonarqube-scan-action
2
https://github.com/kartverket/github-workflows
1
https://github.com/OZI-Project/publish
1
https://github.com/fish-shop/syntax-check
1
https://github.com/ultralytics/actions
1
https://github.com/pytorch/pytorch
1
https://github.com/j178/prek-action
1
https://github.com/buildalon/setup-steamcmd
1
https://github.com/actions/download-artifact
1
https://github.com/embano1/wip
1
https://github.com/hashicorp/vault-action
1
https://github.com/check-spelling/check-spelling
1
https://github.com/lycheeverse/lychee-action
1
https://github.com/broadinstitute/cromwell
1
https://github.com/Azure/setup-kubectl
1
https://github.com/RageAgainstThePixel/setup-steamcmd
1
https://github.com/github/codeql-action
1
https://github.com/pypa/gh-action-pypi-publish
1
https://github.com/dawidd6/action-download-artifact
1
https://github.com/atlassian/gajira-create
1
https://github.com/tj-actions/verify-changed-files
1
https://github.com/actions/runner
1
https://github.com/afichet/openexr-viewer
1
https://github.com/bullfrogsec/bullfrog
1
https://github.com/some-natalie/ghas-to-csv
1
https://github.com/gradle/gradle-build-action
1
https://github.com/BoldestDungeon/steam-workshop-deploy
1
https://github.com/reviewdog/reviewdog
1
https://github.com/canonical/get-workflow-version-action
1