3 matches found
MAL-2025-6397 Malicious code in actions-detectenv (npm)
--- -= Per source details. Do not edit below this line.=-...
A Fast, Reliable, and Secure Programming Language for LLM Agents with Code Actions
Modern large language models LLMs are often deployed as agents, calling external tools adaptively to solve tasks. Rather than directly calling tools, it can be more effective for LLMs to write code to perform the tool calls, enabling them to automatically generate complex control flow such as...
CVE-2025-30066
tj-actions changed-files before 46 allows remote attackers to discover secrets by reading actions logs. The tags v1 through v45.0.7 were affected on 2025-03-14 and 2025-03-15 because they were modified by a threat actor to point at commit 0e58ed8, which contained malicious updateFeatures code...