CVE-2026-44971

GuardDog is a CLI tool to identify malicious PyPI packages. From 1.0.0 to 2.9.0, the programmatic remote project scanning path rewrites attacker-controlled repository URLs using a blind string replacement and then sends the caller's GitHub credentials with the resulting request. This allows an...

PT-2026-39677

Summary The programmatic remote project scanning path rewrites attacker-controlled repository URLs using a blind string replacement and then sends the caller's GitHub credentials with the resulting request. This allows an attacker who can influence the scanned repository URL to trigger SSRF and...

CVE-2026-41414

CVE-2026-41414 affects Skim. The vulnerability allows arbitrary code execution via the generate-files workflow in .github/workflows/pr.yml, where the workflow checks out code from an attacker-controlled fork and runs it with access to SKIM_RS_BOT_PRIVATE_KEY and GITHUB_TOKEN (contents:write). No ...

GHSA-R79C-PQJ3-577X Super-linter is vulnerable to command injection via crafted filenames in Super-linter Action

Summary The Super-linter GitHub Action is vulnerable to command injection via crafted filenames. When this action is used in downstream GitHub Actions workflows, an attacker can submit a pull request that introduces a file whose name contains shell command substitution syntax, such as $.... In...

EUVD-2019-0342

Malware in sbrugna...

EUVD-2025-27001

Malicious code in bioql PyPI...

EUVD-2025-28133

Malicious code in bioql PyPI...

CVE-2025-58401

Obsidian GitHub Copilot Plugin versions prior to 1.1.7 store Github API token in cleartext form. As a result, an attacker may perform unauthorized operations on the linked Github account...

docusaurus-plugin-content-gists vulnerability exposes GitHub Personal Access Token

GitHub Personal Access Token Exposure in docusaurus-plugin-content-gists Summary docusaurus-plugin-content-gists versions prior to 4.0.0 are vulnerable to exposing GitHub Personal Access Tokens in production build artifacts when passed through plugin configuration options. The token, intended for...

CVE-2025-53624 docusaurus-plugin-content-gists Exposes GitHub Personal Access Token

The Docusaurus gists plugin adds a page to your Docusaurus instance, displaying all public gists of a GitHub user. docusaurus-plugin-content-gists versions prior to 4.0.0 are vulnerable to exposing GitHub Personal Access Tokens in production build artifacts when passed through plugin configuratio...

Docusaurus gists plugin 信息泄露漏洞

Docusaurus gists plugin is an automation plugin by Webber Takken Personal Developer. An information disclosure vulnerability exists in Docusaurus gists plugin versions prior to 4.0.0, which stems from a GitHub token disclosure that could lead to credential disclosure...

CVE-2021-32724

check-spelling is a github action which provides CI spell checking. In affected versions and for a repository with the check-spelling action enabled that triggers on pullrequesttarget or schedule, an attacker can send a crafted Pull Request that causes a GITHUBTOKEN to be exposed. With the...

CVE-2021-32638

Github's CodeQL action is provided to run CodeQL-based code scanning on non-GitHub CI/CD systems and requires a GitHub access token to connect to a GitHub repository. The runner and its documentation previously suggested passing the GitHub token as a command-line parameter to the process instead ...

PT-2025-19986 · Phpgt/Dom · Phpgt/Dom

Name of the Vulnerable Software and Affected Versions: phpgt/Dom versions prior to 4.1.8 Description: The issue exposes the GITHUB TOKEN in the Dom workflow run artifact. This occurs because the ci.yml workflow file uses actions/upload-artifact@v4 to upload the build artifact, which is a zip of t...

PT-2025-17465 · Adept · Adept

Name of the Vulnerable Software and Affected Versions: Adept versions prior to commit a1a41b7 Description: The issue concerns the exposure of the GITHUB TOKEN in the Adept language workflow. Prior to commit a1a41b7, the remoteBuild.yml workflow file uses actions/upload-artifact@v4 to upload the...

CVE-2025-32953

z80pack is a mature emulator of multiple platforms with 8080 and Z80 CPU. In version 1.38 and prior, the makefile-ubuntu.yml workflow file uses actions/upload-artifact@v4 to upload the z80pack-ubuntu artifact. This artifact is a zip of the current directory, which includes the automatically...

PYSEC-2020-268

In EasyBuild before version 4.1.2, the GitHub Personal Access Token PAT used by EasyBuild for the GitHub integration features like --new-pr, --fro,-pr, etc. is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the master+ develop branches of the...