6 matches found
EUVD-2026-22214
PraisonAI is a multi-agent teams system. In versions 4.5.139 and below, the GitHub Actions workflows are vulnerable to ArtiPACKED attack, a known credential leakage vector caused by using actions/checkout without setting persist-credentials: false. By default, actions/checkout writes the...
EUVD-2025-12339
Malicious code in bioql PyPI...
EUVD-2023-0514
Malicious code in bioql PyPI...
EUVD-2025-28133
Malicious code in bioql PyPI...
CVE-2025-31479
canonical/get-workflow-version-action is a GitHub composite action to get commit SHA that GitHub Actions reusable workflow was called with. Prior to 1.0.1, if the get-workflow-version-action step fails, the exception output may include the GITHUBTOKEN. If the full token is included in the excepti...
CVE-2025-31479 canonical/get-workflow-version-action can leak a partial GITHUB_TOKEN in exception output
canonical/get-workflow-version-action is a GitHub composite action to get commit SHA that GitHub Actions reusable workflow was called with. Prior to 1.0.1, if the get-workflow-version-action step fails, the exception output may include the GITHUBTOKEN. If the full token is included in the excepti...