1360 matches found
PT-2026-25988
Name of the Vulnerable Software and Affected Versions Harden-Runner versions 2.15.1 and below Description Harden-Runner, a CI/CD security agent functioning as an EDR for GitHub Actions runners, contains a DNS over HTTPS DoH issue. This allows attackers to circumvent network restrictions imposed b...
Exploit for Improper Input Validation in Toolkit_Project Toolkit
gha-exploit-guard Standalone GitHub Action that scans GitHub...
xygeni-action v5 tag poisoned with C2 backdoor
Description On March 3, 2026, an attacker with access to compromised credentials created a series of pull requests 46, 47, 48 injecting obfuscated shell code into action.yml. The PRs were blocked by branch protection rules and never merged into the main branch. However, the attacker used the...
EUVD-2026-11331
xygeni-action v5 tag poisoned with C2 backdoor...
GHSA-F8Q5-H5QH-33MH xygeni-action v5 tag poisoned with C2 backdoor
Description On March 3, 2026, an attacker with access to compromised credentials created a series of pull requests 46, 47, 48 injecting obfuscated shell code into action.yml. The PRs were blocked by branch protection rules and never merged into the main branch. However, the attacker used the...
CVE-2026-31976
xygeni-action is the GitHub Action for Xygeni Scanner. On March 3, 2026, an attacker with access to compromised credentials created a series of pull requests 46, 47, 48 injecting obfuscated shell code into action.yml. The PRs were blocked by branch protection rules and never merged into the main...
CVE-2026-31976
xygeni-action, the GitHub Action for Xygeni Scanner, was abused via tag poisoning: compromised credentials moved the v5 tag to a malicious commit in a PR window (Mar 3–10, 2026). Workflows referencing xygeni-action@v5 could execute a C2 implant on CI runners for up to 180 seconds. The issue stems...
CVE-2026-31976 xygeni-action v5 tag poisoned with C2 backdoor
xygeni-action is the GitHub Action for Xygeni Scanner. On March 3, 2026, an attacker with access to compromised credentials created a series of pull requests 46, 47, 48 injecting obfuscated shell code into action.yml. The PRs were blocked by branch protection rules and never merged into the main...
CVE-2026-31976 xygeni-action v5 tag poisoned with C2 backdoor
xygeni-action is the GitHub Action for Xygeni Scanner. On March 3, 2026, an attacker with access to compromised credentials created a series of pull requests 46, 47, 48 injecting obfuscated shell code into action.yml. The PRs were blocked by branch protection rules and never merged into the main...
CVE-2026-31976 xygeni-action v5 tag poisoned with C2 backdoor
xygeni-action is the GitHub Action for Xygeni Scanner. On March 3, 2026, an attacker with access to compromised credentials created a series of pull requests 46, 47, 48 injecting obfuscated shell code into action.yml. The PRs were blocked by branch protection rules and never merged into the main...
CVE-2026-31900
CVE-2026-31900 concerns the Black Python code formatter used in a GitHub Action. The vulnerability arises when the action reads the Black version from a repository’s pyproject.toml (use_pyproject: true). A malicious pull request could alter pyproject.toml to reference a direct URL to a malicious ...
CVE-2026-31900 Black's vulnerable version parsing leads to RCE in GitHub Action
Black is the uncompromising Python code formatter. Black provides a GitHub action for formatting code. This action supports an option, usepyproject: true, for reading the version of Black to use from the repository pyproject.toml. A malicious pull request could edit pyproject.toml to use a direct...
CVE-2026-31852
Jellyfin is an open-source media system. The code-quality.yml GitHub Actions workflow in jellyfin/jellyfin-ios is vulnerable to arbitrary code execution via pull requests from forked repositories. Due to the workflow's elevated permissions nearly all write permissions, this vulnerability enables...
Jellyfin 安全漏洞
Jellyfin is an open-source free software media system developed by Jellyfin. It allows you to control the management and streaming of media. It serves as a replacement for proprietary products like Emby and Plex, enabling the delivery of media from proprietary servers to end-user devices through...
GO-2026-4574 ZITADEL has potential SSRF via Actions in github.com/zitadel/zitadel
ZITADEL has potential SSRF via Actions in github.com/zitadel/zitadel. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please suggest...
GHSA-V53H-F6M7-XCGM Black's vulnerable version parsing leads to RCE in GitHub Action
Impact Black provides a GitHub action for formatting code. This action supports an option, usepyproject: true, for reading the version of Black to use from the repository pyproject.toml. A malicious pull request could edit pyproject.toml to use a direct URL reference to a malicious repository. Th...
CVE-2026-27938
WPGraphQL provides a GraphQL API for WordPress sites. Prior to version 2.9.1, the wp-graphql/wp-graphql repository contains a GitHub Actions workflow release.yml vulnerable to OS command injection through direct use of $ github.event.pullrequest.body inside a run: shell block. When a pull request...
CVE-2026-27701
LiveCode is an open-source, client-side code playground. Prior to commit e151c64c2bd80d2d53ac1333f1df9429fe6a1a11, LiveCode's i18n-update-pull GitHub Actions workflow is vulnerable to JavaScript injection. The title of the Pull Request associated with the triggering issue comment is interpolated...
CVE-2026-27938
WPGraphQL provides a GraphQL API for WordPress sites. Prior to version 2.9.1, the wp-graphql/wp-graphql repository contains a GitHub Actions workflow release.yml vulnerable to OS command injection through direct use of $ github.event.pullrequest.body inside a run: shell block. When a pull request...
CVE-2026-27941 OpenLIT Vulnerable to Remote Code Execution and Secret Exposure via Misuse of `pull_request_target` in GitHub Actions Workflows
OpenLIT is an open source platform for AI engineering. Prior to version 1.37.1, several GitHub Actions workflows in OpenLIT's GitHub repository use the pullrequesttarget event while checking out and executing untrusted code from forked pull requests. These workflows run with the security context ...