11 matches found
EUVD-2021-19465
Malware in sbrugna...
CVE-2025-24362
In some circumstances, debug artifacts uploaded by the CodeQL Action after a failed code scanning workflow run may contain the environment variables from the workflow run, including any secrets that were exposed as environment variables to the workflow. Users with read access to the repository...
GHSA-VQF5-2XX6-9WFM GitHub PAT written to debug artifacts
Impact summary In some circumstances, debug artifacts uploaded by the CodeQL Action after a failed code scanning workflow run may contain the environment variables from the workflow run, including any secrets that were exposed as environment variables to the workflow. Users with read access to th...
GitHub PAT written to debug artifacts
Impact summary In some circumstances, debug artifacts uploaded by the CodeQL Action after a failed code scanning workflow run may contain the environment variables from the workflow run, including any secrets that were exposed as environment variables to the workflow. Users with read access to th...
CVE-2025-24362
In some circumstances, debug artifacts uploaded by the CodeQL Action after a failed code scanning workflow run may contain the environment variables from the workflow run, including any secrets that were exposed as environment variables to the workflow. Users with read access to the repository...
CVE-2025-24362 CodeQL GitHub Action failed workflow writes GitHub PAT to debug artifacts
In some circumstances, debug artifacts uploaded by the CodeQL Action after a failed code scanning workflow run may contain the environment variables from the workflow run, including any secrets that were exposed as environment variables to the workflow. Users with read access to the repository...
CVE-2025-24362
CVE-2025-24362 concerns CodeQL Action when debug artifacts are enabled. In certain failed CodeQL analyses on Java/Kotlin repos, the uploaded debug artifacts could contain environment variables from the workflow run, including secrets such as the GITHUB_TOKEN. The token could be valid for the dura...
CVE-2025-24362 CodeQL GitHub Action failed workflow writes GitHub PAT to debug artifacts
In some circumstances, debug artifacts uploaded by the CodeQL Action after a failed code scanning workflow run may contain the environment variables from the workflow run, including any secrets that were exposed as environment variables to the workflow. Users with read access to the repository...
CodeQL Action 日志信息泄露漏洞
CodeQL Action is a GitHub open source application. It is used to run CodeQL, GitHub's industry-leading static analysis engine, on repository source code to find security vulnerabilities. A log message disclosure vulnerability exists in CodeQL Action versions prior to 3.28.3, which stems from...
PT-2025-5344 · Github · Codeql Action +1
Name of the Vulnerable Software and Affected Versions: CodeQL Action versions prior to 3.28.3 CodeQL CLI versions prior to 2.20.3 Description: In certain circumstances, debug artifacts uploaded by the CodeQL Action after a failed code scanning workflow run may contain environment variables from t...
codeql action信息泄露漏洞
codeql action is a software application. It is used to run CodeQL, GitHub's industry-leading static analysis engine, on the repository's source code to find security vulnerabilities. codeql action has a security vulnerability that stems from an access token being visible to other processes on the...