15 matches found
EUVD-2025-17568
Malicious code in bioql PyPI...
EUVD-2022-6508
Malicious code in bioql PyPI...
CVE-2025-5890
A vulnerability classified as problematic has been found in actions toolkit 0.5.0. This affects the function globEscape of the file toolkit/packages/glob/src/internal-pattern.ts of the component glob. The manipulation leads to inefficient regular expression complexity. It is possible to initiate...
CVE-2025-5890
A vulnerability classified as problematic has been found in actions toolkit 0.5.0. This affects the function globEscape of the file toolkit/packages/glob/src/internal-pattern.ts of the component glob. The manipulation leads to inefficient regular expression complexity. It is possible to initiate...
CVE-2025-5890
A vulnerability classified as problematic has been found in actions toolkit 0.5.0. This affects the function globEscape of the file toolkit/packages/glob/src/internal-pattern.ts of the component glob. The manipulation leads to inefficient regular expression complexity. It is possible to initiate...
CVE-2025-5890 actions toolkit glob internal-pattern.ts globEscape redos
A vulnerability classified as problematic has been found in actions toolkit 0.5.0. This affects the function globEscape of the file toolkit/packages/glob/src/internal-pattern.ts of the component glob. The manipulation leads to inefficient regular expression complexity. It is possible to initiate...
CVE-2025-5890 actions toolkit glob internal-pattern.ts globEscape redos
A vulnerability classified as problematic has been found in actions toolkit 0.5.0. This affects the function globEscape of the file toolkit/packages/glob/src/internal-pattern.ts of the component glob. The manipulation leads to inefficient regular expression complexity. It is possible to initiate...
CVE-2025-5890
The CVE-2025-5890 entry concerns actions toolkit 0.5.0, specifically the glob component’s globEscape function in toolkit/packages/glob/src/internal-pattern.ts. The vulnerability is described as causing inefficient regular expression complexity (a Regular Expression Denial of Service, DoS risk). I...
PT-2025-24551 · Unknown · Actions Toolkit
Name of the Vulnerable Software and Affected Versions: actions toolkit version 0.5.0 Description: A problematic vulnerability has been found in the actions toolkit. This issue affects the globEscape function of the glob component, specifically in the file...
GitHub Actions toolkit 安全漏洞
GitHub Actions toolkit is a GitHub toolkit for developing GitHub Actions from GitHub Actions open source. A security vulnerability exists in GitHub Actions toolkit version 0.5.0, which stems from an inefficient regular expression complexity in the function globEscape...
GHSA-6Q32-HQ47-5QQ3 @actions/artifact has an Arbitrary File Write via artifact extraction
Impact Versions of actions/artifact before 2.1.7 are vulnerable to arbitrary file write when using downloadArtifactInternal, downloadArtifactPublic, or streamExtractExternal for extracting a specifically crafted artifact that contains path traversal filenames. Patches Upgrade to version 2.1.7 or...
GitHub Actions Toolkit 路径遍历漏洞
GitHub Actions Toolkit is a Github Actions open source toolkit for GitHub Actions. A path traversal vulnerability exists in GitHub Actions Toolkit versions prior to 2.1.7. An attacker exploiting this vulnerability could read arbitrary files on the server running the application...
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
The GitHub Actions ToolKit provides a set of packages to make creating actions easier. The core.exportVariable function uses a well known delimiter that attackers can use to break out of that specific variable and assign values to other arbitrary variables. Workflows that write untrusted values t...
CVE-2022-35954
The GitHub Actions ToolKit provides a set of packages to make creating actions easier. The core.exportVariable function uses a well known delimiter that attackers can use to break out of that specific variable and assign values to other arbitrary variables. Workflows that write untrusted values t...
CVE-2022-35954 Delimiter injection vulnerability in @actions/core exportVariable
The GitHub Actions ToolKit provides a set of packages to make creating actions easier. The core.exportVariable function uses a well known delimiter that attackers can use to break out of that specific variable and assign values to other arbitrary variables. Workflows that write untrusted values t...