Browse and filter security vulnerabilities across ecosystems
Browse and filter security vulnerabilities across ecosystems
CVE-2026-31976
xygeni-action v5 tag poisoned with C2 backdoor
CVE-2026-31900
Black's vulnerable version parsing leads to RCE in GitHub Action
CVE-2026-26189
Trivy Action has a script injection via sourced env file in composite action
CVE-2026-25761
Super-linter is vulnerable to command injection via crafted filenames in Super-linter Action
CVE-2026-25598
Harden-Runner: Bypassing Logging of Outbound Connections Using sendto, sendmsg, and sendmmsg in Harden-Runner (Community Tier)
j178/prek-action vulnerable to arbitrary code injection in composite action
CVE-2025-59844
Argument injection vulnerability in SonarQube Scan Action
PyPI publish GitHub Action vulnerable to injectable expression expansions in action steps
CVE-2025-58178
Command Injection via sonarqube-scan-action GitHub Action
CVE-2024-48908
lychee link checking action affected by arbitrary code injection in composite action
m00nl1ght-dev/steam-workshop-deploy: Exposure of Version-Control Repository to an Unauthorized Control Sphere and Insufficiently Protected Credentials
CVE-2025-54416
tj-actions/branch-names has a Command Injection Vulnerability
RageAgainstThePixel/setup-steamcmd leaked authentication token in job output logs
buildalon/setup-steamcmd leaked authentication token in job output logs
Cromwell GitHub Actions Secrets exfiltration via `Issue_comment`
CVE-2025-47775
Bullfrog's DNS over TCP bypasses domain filtering
CVE-2025-47271
OZI-Project/ozi-publish Code Injection vulnerability
CVE-2025-32955
Harden-Runner allows evasion of 'disable-sudo' policy
CVE-2025-31479
canonical/get-workflow-version-action can leak a partial GITHUB_TOKEN in exception output
drm/drm_vma_manager: Add drm_vma_node_allow_once()
Showing 1 - 20 of 1,000+ results