10 matches found
EUVD-2026-22214
PraisonAI is a multi-agent teams system. In versions 4.5.139 and below, the GitHub Actions workflows are vulnerable to ArtiPACKED attack, a known credential leakage vector caused by using actions/checkout without setting persist-credentials: false. By default, actions/checkout writes the...
CVE-2026-40313
Summary: PraisonAI versions ≤ 4.5.139 expose GitHub Actions credential leakage via ArtiPACKED attack due to actions/checkout persisting GITHUB_TOKEN (and sometimes ACTIONS_RUNTIME_TOKEN) in the repository’s .git/config when artifacts are uploaded from workflows. This can allow read-access users t...
CVE-2026-40313 PraisonAI: ArtiPACKED Vulnerability via GitHub Actions Credential Persistence
PraisonAI is a multi-agent teams system. In versions 4.5.139 and below, the GitHub Actions workflows are vulnerable to ArtiPACKED attack, a known credential leakage vector caused by using actions/checkout without setting persist-credentials: false. By default, actions/checkout writes the...
EUVD-2025-9678
Malicious code in bioql PyPI...
CVE-2025-32111
The Docker image from acme.sh before 40b6db6 is based on a .github/workflows/dockerhub.yml file that lacks "persist-credentials: false" for actions/checkout...
CVE-2025-32111
The Docker image from acme.sh before 40b6db6 is based on a .github/workflows/dockerhub.yml file that lacks "persist-credentials: false" for actions/checkout...
CVE-2025-32111
The Docker image from acme.sh before 40b6db6 is based on a .github/workflows/dockerhub.yml file that lacks "persist-credentials: false" for actions/checkout...
CVE-2025-32111
CVE-2025-32111 affects the acme.sh Docker image built from a .github/workflows/dockerhub.yml workflow. The root cause is that actions/checkout lacked persist-credentials: false, potentially exposing credentials. The provided metrics indicate high impact (CVSS 3.1: AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/...
PT-2025-14858 · Acme.Sh · Acme.Sh
Name of the Vulnerable Software and Affected Versions: acme.sh versions prior to 40b6db6 Description: The issue concerns a Docker image of acme.sh that is based on a .github/workflows/dockerhub.yml file. This file lacks the "persist-credentials: false" setting for actions/checkout, which may lead...
acme.sh 安全漏洞
acme.sh is a scripting tool in the acme.sh open source. A security vulnerability exists in versions of acme.sh prior to 40b6db6, which stems from a missing persist-credentials: false configuration in the github/workflows/dockerhub.yml file on which the Docker image is based...