CVE-2026-34243 wenxian: Command Injection in GitHub Actions Workflow via `issue_comment.body`

wenxian is a tool to generate BIBTEX files from given identifiers DOI, PMID, arXiv ID, or paper title. In versions 0.3.1 and prior, a GitHub Actions workflow uses untrusted user input from issuecomment.body directly inside a shell command, allowing potential command injection and arbitrary code...

GHSA-R4FJ-R33X-8V88 wenxian: Command Injection in GitHub Actions Workflow via `issue_comment.body`

Summary A GitHub Actions workflow uses untrusted user input from issuecomment.body directly inside a shell command, allowing potential command injection and arbitrary code execution on the runner. Details The workflow is triggered by issuecomment, which can be controlled by external users. In the...

EUVD-2024-3251

Malicious code in bioql PyPI...

EUVD-2025-12339

Malicious code in bioql PyPI...

CVE-2021-32638

Github's CodeQL action is provided to run CodeQL-based code scanning on non-GitHub CI/CD systems and requires a GitHub access token to connect to a GitHub repository. The runner and its documentation previously suggested passing the GitHub token as a command-line parameter to the process instead ...

CVE-2025-32955 Harden-Runner Evasion of 'disable-sudo' policy

Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. Versions from 0.12.0 to before 2.12.0 are vulnerable to disable-sudo bypass. Harden-Runner includes a policy option disable-sudo to prevent the GitHub Actions runner user from using sudo. This is implemente...

CVE-2025-32955 Harden-Runner Evasion of 'disable-sudo' policy

Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. Versions from 0.12.0 to before 2.12.0 are vulnerable to disable-sudo bypass. Harden-Runner includes a policy option disable-sudo to prevent the GitHub Actions runner user from using sudo. This is implemente...

OPENSUSE-SU-2024:14287-1 forgejo-runner-3.5.1-1.1 on GA media

These are all security issues fixed in the forgejo-runner-3.5.1-1.1 package on the GA media of openSUSE Tumbleweed...

SUSE-SU-2021:0158-1 Security update for tcmu-runner

This update for tcmu-runner fixes the following issue: - CVE-2021-3139: Fixed a LIO security issue bsc1180676...

SUSE-SU-2021:0143-1 Security update for tcmu-runner

This update for tcmu-runner fixes the following issue: - CVE-2021-3139: Fixed a LIO security issue bsc1180676...

SUSE-SU-2021:0093-1 Security update for tcmu-runner

This update for tcmu-runner fixes the following issues: - CVE-2021-3139: Fixed a LIO security issue bsc1180676...

SUSE-SU-2017:2109-1 Security update for tcmu-runner

This update for tcmu-runner fixes the following issues: - qcow handler opens up an information leak via the CheckConfig D-Bus method bsc1049491 - glfs handler allows local DoS via crafted CheckConfig strings bsc1049485 - UnregisterHandler dbus method in tcmu-runner daemon for non-existing handler...

[SECURITY] New versions of file-runner fix security problem

We have received a report that the file-runner program opens files in /tmp in an unsecure manner. This can result in damaging other files when linked to them. We recommend you upgrade your file-runner package immediately. dpkg -i file.deb will install the referenced file. Debian GNU/Linux 1.3.1...