| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-15617 | Wazuh GitHub Actions Workflow Exposure of Sensitive Credentials | Wazuh | Wazuh (GitHub Actions) | Medium | 6.5 | 2026-03-27 18:04:14 | Deep Dive |
| CVE-2025-64145 | Jenkins ByteGuard Build Actions Plugin 安全漏洞 | Jenkins Project | Jenkins ByteGuard Build Actions Plugin | - | - | 2025-10-29 13:29:49 | Deep Dive |
| CVE-2025-64144 | Jenkins plugin ByteGuard Build Actions 安全漏洞 | Jenkins Project | Jenkins ByteGuard Build Actions Plugin | - | - | 2025-10-29 13:29:48 | Deep Dive |
| CVE-2025-54416 | tj-actions/branch-names Contains Command Injection Vulnerability | tj-actions | branch-names | Critical | 9.1 | 2025-07-26 03:34:31 | Deep Dive |
| CVE-2025-47627 | WordPress PrivateContent - Mail Actions plugin <= 2.3.2 - Local File Inclusion vulnerability | LCweb | PrivateContent - Mail Actions | High | 7.5 | 2025-07-04 11:18:04 | Deep Dive |
| CVE-2025-5890 | actions toolkit glob internal-pattern.ts globEscape redos | actions | toolkit | Medium | 4.3 | 2025-06-09 18:31:05 | Deep Dive |
| CVE-2025-30066 | changed-files 安全漏洞 | tj-actions | changed-files | High | 8.6 | 2025-03-15 00:00:00 | Deep Dive |
| CVE-2025-24001 | WordPress PPO Call To Actions plugin <= 0.1.3 - CSRF to Stored XSS vulnerability | Ngô Thắng IT | PPO Call To Actions | High | 7.1 | 2025-01-21 13:57:37 | Deep Dive |
| CVE-2024-10311 | External Database Based Actions <= 0.1 - Authenticated (Subscriber+) Authentication Bypass | cmorillas1 | External Database Based Actions | High | 7.5 | 2024-11-15 09:29:40 | Deep Dive |
| CVE-2024-42471 | Arbitrary File Write via artifact extraction in actions/artifact | actions | toolkit | High | 7.3 | 2024-09-02 16:13:51 | Deep Dive |
| CVE-2024-30558 | WordPress Add Shortcodes Actions And Filters plugin <= 2.10 - Reflected Cross Site Scripting (XSS) vulnerability | Michael Simpson | Add Shortcodes Actions And Filters | High | 7.1 | 2024-03-31 19:41:33 | Deep Dive |
| CVE-2023-52137 | GitHub Action tj-actions/verify-changed-files is vulnerable to command injection in output filenames | tj-actions | verify-changed-files | High | 7.7 | 2023-12-29 17:08:49 | Deep Dive |
| CVE-2023-51664 | tj-actions/changed-files command injection in output filenames | tj-actions | changed-files | High | 7.3 | 2023-12-27 16:58:32 | Deep Dive |
| CVE-2023-49291 | Improper Sanitization of Branch Name Leads to Arbitrary Code Injection | tj-actions | branch-names | Critical | 9.3 | 2023-12-04 23:21:33 | Deep Dive |
| CVE-2023-46072 | WordPress Add Shortcodes Actions And Filters Plugin <= 2.0.9 is vulnerable to Cross Site Scripting (XSS) | Michael Simpson | Add Shortcodes Actions And Filters | High | 7.1 | 2023-10-26 11:39:32 | Deep Dive |
| CVE-2023-44475 | WordPress Add Shortcodes Actions And Filters Plugin <= 2.0.9 is vulnerable to Cross Site Request Forgery (CSRF) | Michael Simpson | Add Shortcodes Actions And Filters | Medium | 5.4 | 2023-10-10 14:25:20 | Deep Dive |
| CVE-2022-39321 | GitHub Actions Runner vulnerable to Docker Command Escaping | actions | runner | High | 8.8 | 2022-10-25 00:00:00 | Deep Dive |
| CVE-2022-37342 | WordPress Add Shortcodes Actions And Filters plugin <= 2.0.9 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability | Michael Simpson | Add Shortcodes Actions And Filters (WordPress plugin) | Medium | 4.8 | 2022-09-23 14:32:52 | Deep Dive |
| CVE-2022-35954 | Delimiter injection vulnerability in @actions/core exportVariable | actions | toolkit | Medium | 5.0 | 2022-08-13 23:40:09 | Deep Dive |
| CVE-2020-15228 | Environment Variable Injection in GitHub Actions | actions | toolkit | Low | 3.5 | 2020-10-01 17:25:12 | Deep Dive |