7 matches found
MAL-2026-2722 Malicious code in action-setup-enos (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a8c231ffd75db68f6571ecaba491b827f5c86e682716dadadf47c74a979f80a The package action-setup-enos was found to contain malicious code...
Malicious code in action-setup-enos (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a8c231ffd75db68f6571ecaba491b827f5c86e682716dadadf47c74a979f80a The package action-setup-enos was found to contain malicious code...
Supply Chain Compromise of Third-Party tj-actions/changed-files (CVE-2025-30066) and reviewdog/action-setup@v1 (CVE-2025-30154)
A popular third-party GitHub Action, tj-actions/changed-files tracked as CVE-2025-30066link is external, was compromised. tj-actions/changed-files is designed to detect which files have changed in a pull request or commit. The supply chain compromise allows for information disclosure of secrets...
The vulnerability of the reviewdog/action-setup component of the GitHub collaborative development platform allows a hacker to disclose protected information.
The vulnerability of the reviewdog/action-setup component of the GitHub collaborative development platform is related to the presence of undeclared capabilities. Exploiting this vulnerability could allow a malicious actor to disclose the protected information...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-30154link is external reviewdog action-setup GitHub Action Embedded Malicious Code Vulnerability These types of vulnerabilities are frequent attack vectors for...
CVE-2025-30154
CVE-2025-30154 involves the GitHub Action reviewdog/action-setup@v1, which was compromised on 2025-03-11 (18:42–20:31 UTC). The malicious code dumps exposed secrets to GitHub Actions workflow logs. Related reviewdog actions that rely on action-setup@v1 (including action-shellcheck, action-composi...
CVE-2025-30154
reviewdog/action-setup is a GitHub action that installs reviewdog. reviewdog/action-setup@v1 was compromised March 11, 2025, between 18:42 and 20:31 UTC, with malicious code added that dumps exposed secrets to Github Actions Workflow Logs. Other reviewdog actions that use reviewdog/action-setup@v...