Lucene search
K

7 matches found

OSV
OSV
added 2026/04/16 9:42 a.m.7 views

MAL-2026-2722 Malicious code in action-setup-enos (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a8c231ffd75db68f6571ecaba491b827f5c86e682716dadadf47c74a979f80a The package action-setup-enos was found to contain malicious code...

5.7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/16 9:42 a.m.11 views

Malicious code in action-setup-enos (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a8c231ffd75db68f6571ecaba491b827f5c86e682716dadadf47c74a979f80a The package action-setup-enos was found to contain malicious code...

5.7AI score
Exploits0
CISA
CISA
added 2025/03/26 12:0 p.m.4 views

Supply Chain Compromise of Third-Party tj-actions/changed-files (CVE-2025-30066) and reviewdog/action-setup@v1 (CVE-2025-30154)

A popular third-party GitHub Action, tj-actions/changed-files tracked as CVE-2025-30066link is external, was compromised. tj-actions/changed-files is designed to detect which files have changed in a pull request or commit. The supply chain compromise allows for information disclosure of secrets...

8.6CVSS7.1AI score0.41008EPSS
Exploits3References13
BDU FSTEC
BDU FSTEC
added 2025/03/26 12:0 a.m.5 views

The vulnerability of the reviewdog/action-setup component of the GitHub collaborative development platform allows a hacker to disclose protected information.

The vulnerability of the reviewdog/action-setup component of the GitHub collaborative development platform is related to the presence of undeclared capabilities. Exploiting this vulnerability could allow a malicious actor to disclose the protected information...

8.6CVSS7.8AI score0.02296EPSS
Exploits2References4Affected Software1
CISA
CISA
added 2025/03/24 12:0 p.m.4 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-30154link is external reviewdog action-setup GitHub Action Embedded Malicious Code Vulnerability These types of vulnerabilities are frequent attack vectors for...

8.6CVSS7.5AI score0.02296EPSS
In wildExploits2References6
CVE
CVE
added 2025/03/19 3:15 p.m.297 views

CVE-2025-30154

CVE-2025-30154 involves the GitHub Action reviewdog/action-setup@v1, which was compromised on 2025-03-11 (18:42–20:31 UTC). The malicious code dumps exposed secrets to GitHub Actions workflow logs. Related reviewdog actions that rely on action-setup@v1 (including action-shellcheck, action-composi...

8.6CVSS8.7AI score0.02296EPSS
In wildExploits2References6Affected Software6
ATTACKERKB
ATTACKERKB
added 2025/03/19 12:0 a.m.15 views

CVE-2025-30154

reviewdog/action-setup is a GitHub action that installs reviewdog. reviewdog/action-setup@v1 was compromised March 11, 2025, between 18:42 and 20:31 UTC, with malicious code added that dumps exposed secrets to Github Actions Workflow Logs. Other reviewdog actions that use reviewdog/action-setup@v...

8.6CVSS7.4AI score0.02296EPSS
In wildExploits2References6
Rows per page
Query Builder