17 matches found
EUVD-2025-20825
Malicious code in bioql PyPI...
EUVD-2022-6338
Malicious code in bioql PyPI...
EUVD-2025-9624
Malicious code in bioql PyPI...
CVE-2025-46820
phpgt/Dom provides access to modern DOM APIs. Versions of phpgt/Dom prior to 4.1.8 expose the GITHUBTOKEN in the Dom workflow run artifact. The ci.yml workflow file uses actions/upload-artifact@v4 to upload the build artifact. This artifact is a zip of the current directory, which includes the...
CVE-2025-46820 phpgt/Dom exposes the GITHUB_TOKEN in Dom workflow run artifact
phpgt/Dom provides access to modern DOM APIs. Versions of phpgt/Dom prior to 4.1.8 expose the GITHUBTOKEN in the Dom workflow run artifact. The ci.yml workflow file uses actions/upload-artifact@v4 to upload the build artifact. This artifact is a zip of the current directory, which includes the...
CVE-2025-46820 phpgt/Dom exposes the GITHUB_TOKEN in Dom workflow run artifact
phpgt/Dom provides access to modern DOM APIs. Versions of phpgt/Dom prior to 4.1.8 expose the GITHUBTOKEN in the Dom workflow run artifact. The ci.yml workflow file uses actions/upload-artifact@v4 to upload the build artifact. This artifact is a zip of the current directory, which includes the...
CVE-2025-46820
phpgt/Dom (versions before 4.1.8) exposes the GITHUB_TOKEN in the Dom workflow run artifact. The ci.yml workflow uploads the build artifact as a zip of the current directory, including the generated .git/config with the run’s token. An attacker can download the artifact during the workflow window...
CVE-2025-46820 phpgt/Dom exposes the GITHUB_TOKEN in Dom workflow run artifact
phpgt/Dom provides access to modern DOM APIs. Versions of phpgt/Dom prior to 4.1.8 expose the GITHUBTOKEN in the Dom workflow run artifact. The ci.yml workflow file uses actions/upload-artifact@v4 to upload the build artifact. This artifact is a zip of the current directory, which includes the...
CVE-2025-32958
Adept is a language for general purpose programming. Prior to commit a1a41b7, the remoteBuild.yml workflow file uses actions/upload-artifact@v4 to upload the mac-standalone artifact. This artifact is a zip of the current directory, which includes the automatically generated .git/config file...
CVE-2025-32958 Adept exposed the GITHUB_TOKEN in workflow run artifact
Adept is a language for general purpose programming. Prior to commit a1a41b7, the remoteBuild.yml workflow file uses actions/upload-artifact@v4 to upload the mac-standalone artifact. This artifact is a zip of the current directory, which includes the automatically generated .git/config file...
CVE-2025-32958 Adept exposed the GITHUB_TOKEN in workflow run artifact
Adept is a language for general purpose programming. Prior to commit a1a41b7, the remoteBuild.yml workflow file uses actions/upload-artifact@v4 to upload the mac-standalone artifact. This artifact is a zip of the current directory, which includes the automatically generated .git/config file...
CVE-2025-32958
Adept (prior to commit a1a41b7) exposed the GITHUB_TOKEN via the mac-standalone artifact created by remoteBuild.yml using actions/upload-artifact@v4. The artifact was a zip of the current directory that included the generated .git/config containing the run’s token, enabling an attacker to extract...
CVE-2025-32958 Adept exposed the GITHUB_TOKEN in workflow run artifact
Adept is a language for general purpose programming. Prior to commit a1a41b7, the remoteBuild.yml workflow file uses actions/upload-artifact@v4 to upload the mac-standalone artifact. This artifact is a zip of the current directory, which includes the automatically generated .git/config file...
CVE-2025-32953 z80pack Vulnerable to Exposure of the GITHUB_TOKEN in Workflow Run Artifact
z80pack is a mature emulator of multiple platforms with 8080 and Z80 CPU. In version 1.38 and prior, the makefile-ubuntu.yml workflow file uses actions/upload-artifact@v4 to upload the z80pack-ubuntu artifact. This artifact is a zip of the current directory, which includes the automatically...
CVE-2025-32953 z80pack Vulnerable to Exposure of the GITHUB_TOKEN in Workflow Run Artifact
z80pack is a mature emulator of multiple platforms with 8080 and Z80 CPU. In version 1.38 and prior, the makefile-ubuntu.yml workflow file uses actions/upload-artifact@v4 to upload the z80pack-ubuntu artifact. This artifact is a zip of the current directory, which includes the automatically...
CVE-2025-31479
canonical/get-workflow-version-action is a GitHub composite action to get commit SHA that GitHub Actions reusable workflow was called with. Prior to 1.0.1, if the get-workflow-version-action step fails, the exception output may include the GITHUBTOKEN. If the full token is included in the excepti...
CVE-2025-31479
CVE-2025-31479 : The GitHub composite action canonical/get-workflow-version-action can leak a partial GITHUB_TOKEN in exception output for versions prior to 1.0.1. If the step fails, the exception may include tokens, which can be viewed by anyone with read access to the repository in GitHub Actio...