Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2025/04/02 9:9 p.m.17 views

CVE-2025-31479 canonical/get-workflow-version-action can leak a partial GITHUB_TOKEN in exception output

canonical/get-workflow-version-action is a GitHub composite action to get commit SHA that GitHub Actions reusable workflow was called with. Prior to 1.0.1, if the get-workflow-version-action step fails, the exception output may include the GITHUBTOKEN. If the full token is included in the excepti...

8.2CVSS6.7AI score0.00589EPSS
Exploits0References3
VulnCheck KEV
VulnCheck KEV
added 2025/03/24 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-30154

reviewdog action-setup GitHub Action contains an embedded malicious code vulnerability that dumps exposed secrets to Github Actions Workflow Logs...

8.6CVSS5.8AI score0.02296EPSS
Exploits2References1
CISA KEV Catalog
CISA KEV Catalog
added 2025/03/24 12:0 a.m.26 views

reviewdog/action-setup GitHub Action Embedded Malicious Code Vulnerability

reviewdog action-setup GitHub Action contains an embedded malicious code vulnerability that dumps exposed secrets to Github Actions Workflow Logs...

8.6CVSS7.4AI score0.02296EPSS
In wildExploits2
CNNVD
CNNVD
added 2021/05/07 12:0 a.m.7 views

HashiCorp Vault 日志信息泄露漏洞

HashiCorp Vault is a private key access management tool from HashiCorp Hashicorp USA. An information disclosure vulnerability exists in HashiCorp vault-action prior to version 2.2.0, which stems from a multi-line secret that fails to properly register with GitHub Actions to mask logs, which can b...

7.5CVSS5.6AI score0.0188EPSS
Exploits1References5
Rows per page
Query Builder