actions Summary
Latest vulnerabilities published by actions
Vulnerability Published:
ποΈ Published
- Anytime
Sort By:
ποΈ Published Date
- Descending
Arbitrary Command Execution Vulnerability in tj-actions/branch-names GitHub Action
CVE-2025-54416Tj-actionsBranch-names9.1CRITICALInefficient Regular Expression Complexity in Actions Toolkit Glob by GitHub
CVE-2025-5890ActionsToolkit5.3MEDIUMAccess Control Flaw in Shiro-Action Affects Sensitive Information Exposure
CVE-2025-45613Shiro-ActionShiro-Action7.5HIGHRemote Code Execution Vulnerability in tj-actions changed-files by GitHub
CVE-2025-30066Tj-actionsChanged-filesππΎEPSS 91%π¦ 8.6HIGHPossible XSS Vulnerability in Action Pack CSP Helper
CVE-2024-54133Action PackPossible ReDoS Vulnerability in Action Text's 'plain_text_for_blockquote_node' Helper in Rails
CVE-2024-47888Action TextArbitrary File Write Vulnerability in GitHub Actions
CVE-2024-42471ActionsToolkitπΎπ‘7.3HIGHUnsanitized HTML in Rich Text Area Could Lead to Code Execution
CVE-2024-32464Action TextRails6.1MEDIUMGitHub Action tj-actions/verify-changed-files is vulnerable to command injection in output filenames
CVE-2023-52137tj-actionsverify-changed-files7.7HIGHtj-actions/changed-files command injection in output filenames
CVE-2023-51664tj-actionschanged-files7.3HIGHImproper Sanitization of Branch Name Leads to Arbitrary Code Injection
CVE-2023-49291tj-actionsbranch-names9.8CRITICALGitHub Actions Runner vulnerable to Docker Command Escaping
CVE-2022-39321ActionsRunner8.8HIGHDelimiter injection vulnerability in @actions/core exportVariable
CVE-2022-35954ActionsToolkit5MEDIUMDenial of Service Vulnerability in Actions ATS2815 Bluetooth Chipsets
CVE-2021-31787Actions-semiAts2819p Firmware6.5MEDIUMDenial of Service in Bluetooth Classic on Actions ATS2815 and ATS2819 Chipsets
CVE-2021-31785Actions-semiAts2819p Firmware6.5MEDIUMBluetooth Classic Audio Disconnection Vulnerability in Actions Devices
CVE-2021-31786Actions-semiAts2819p Firmware6.5MEDIUMCredential Exposure in EZCast Pro II from Digital Security
CVE-2019-12305Actions-microEzcast Pro Ii Firmware6.5MEDIUMEnvironment Variable Injection in GitHub Actions
CVE-2020-15228ActionsToolkitπΎπ‘3.5LOWHTTP request which redirect to another hostname do not strip authorization header in Actions Http-Client
CVE-2020-11021ActionsHttp-client6.3MEDIUM