Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Multiple Reviewdog actions were compromised during a specific time period
Vulnerability Description
reviewdog/action-setup is a GitHub action that installs reviewdog. reviewdog/action-setup@v1 was compromised March 11, 2025, between 18:42 and 20:31 UTC, with malicious code added that dumps exposed secrets to Github Actions Workflow Logs. Other reviewdog actions that use `reviewdog/action-setup@v1` that would also be compromised, regardless of version or pinning method, are reviewdog/action-shellcheck, reviewdog/action-composite-template, reviewdog/action-staticcheck, reviewdog/action-ast-grep, and reviewdog/action-typos.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Vulnerability Type
内嵌的恶意代码
Vulnerability Title
Reviewdog 安全漏洞
Vulnerability Description
Reviewdog是Reviewdog的一个开源的自动化代码审查工具。 Reviewdog存在安全漏洞,该漏洞源于恶意代码可能泄露暴露的密钥。
CVSS Information
N/A
Vulnerability Type
N/A