Lucene search
+L

5 matches found

RedhatCVE
RedhatCVE
added 2025/05/08 7:13 p.m.14 views

CVE-2025-46820

phpgt/Dom provides access to modern DOM APIs. Versions of phpgt/Dom prior to 4.1.8 expose the GITHUBTOKEN in the Dom workflow run artifact. The ci.yml workflow file uses actions/upload-artifact@v4 to upload the build artifact. This artifact is a zip of the current directory, which includes the...

7.1CVSS7.3AI score0.00163EPSS
Exploits0References1
NVD
NVD
added 2025/05/06 7:16 p.m.27 views

CVE-2025-46820

phpgt/Dom provides access to modern DOM APIs. Versions of phpgt/Dom prior to 4.1.8 expose the GITHUBTOKEN in the Dom workflow run artifact. The ci.yml workflow file uses actions/upload-artifact@v4 to upload the build artifact. This artifact is a zip of the current directory, which includes the...

7.1CVSS0.00163EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/05/06 6:48 p.m.24 views

CVE-2025-46820 phpgt/Dom exposes the GITHUB_TOKEN in Dom workflow run artifact

phpgt/Dom provides access to modern DOM APIs. Versions of phpgt/Dom prior to 4.1.8 expose the GITHUBTOKEN in the Dom workflow run artifact. The ci.yml workflow file uses actions/upload-artifact@v4 to upload the build artifact. This artifact is a zip of the current directory, which includes the...

7.1CVSS0.00163EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/05/06 6:48 p.m.18 views

CVE-2025-46820 phpgt/Dom exposes the GITHUB_TOKEN in Dom workflow run artifact

phpgt/Dom provides access to modern DOM APIs. Versions of phpgt/Dom prior to 4.1.8 expose the GITHUBTOKEN in the Dom workflow run artifact. The ci.yml workflow file uses actions/upload-artifact@v4 to upload the build artifact. This artifact is a zip of the current directory, which includes the...

7.1CVSS7AI score0.00163EPSS
Exploits0References2
CVE
CVE
added 2025/05/06 6:48 p.m.70 views

CVE-2025-46820

phpgt/Dom (versions before 4.1.8) exposes the GITHUB_TOKEN in the Dom workflow run artifact. The ci.yml workflow uploads the build artifact as a zip of the current directory, including the generated .git/config with the run’s token. An attacker can download the artifact during the workflow window...

7.1CVSS6.9AI score0.00163EPSS
Exploits0References2
Rows per page
Query Builder