CVE-2026-44723

Vowpal Wabbit is a machine learning system. The workflow .github/workflows/pythonchecks.yml embeds $ github.event.pullrequest.title directly inside double-quoted bash strings in four separate steps across four jobs, each passing it as a CLI argument to the Python test script...

CVE-2026-35580

Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, GitHub Actions workflow files contained shell injection points where user-controlled workflowdispatch inputs were interpolated directly into shell commands via $ expression syntax. An attacker with repository write access could...

PT-2026-30892

Name of the Vulnerable Software and Affected Versions Emissary versions prior to 8.39.0 Description Emissary is a P2P based data-driven workflow engine. Prior to version 8.39.0, GitHub Actions workflow files contained shell injection points. User-controlled workflow dispatch inputs were...

OS Command Injection

Nuclei is vulnerable to OS Command Injection. The vulnerability is due to the -code option in code templates, allowing users to edit and execute workflow files in some web applications, leading to arbitrary command execution...

Data written to GitHub Actions Cache may expose secrets

Impact This vulnerability impacts GitHub workflows using the Gradle Build Action that have executed the Gradle Build Tool with the configuration cache enabled, potentially exposing secrets configured for the repository. Secrets configured for GitHub Actions are normally passed to the Gradle Build...

CVE-2022-46258

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a repository-scoped token with read/write access to modify Action Workflow files without a Workflow scope. The Create or Update file contents API should enforce workflow scope. This vulnerability...

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is a U.S. GitHub open source application. Provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server versions prior to 3.7. An attacker...

Knime Analytics Platform code issue vulnerability

Knime Analytics Platform is a free open source data analysis, reporting and integration platform from the Swiss company Knime.KNIME Analytics Platform versions prior to 4.5.0 contain a code issue vulnerability that can be exploited by attackers to conduct XXE attacks via crafted workflow files...

CVE-2021-45096

KNIME Analytics Platform before 4.5.0 is vulnerable to XXE external XML entity injection via a crafted workflow file .knwf, aka AP-17730...