Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

actions — Vulnerabilities & Security Advisories 6

Browse all 6 CVE security advisories affecting actions. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by actions:toolkithttp-clientrunner
CVE IDTitleCVSSSeverityPublished
CVE-2025-5890 actions toolkit glob internal-pattern.ts globEscape redos — toolkitCWE-1333 4.3 Medium2025-06-09
CVE-2024-42471 Arbitrary File Write via artifact extraction in actions/artifact — toolkitCWE-22 7.3 High2024-09-02
CVE-2022-39321 GitHub Actions Runner vulnerable to Docker Command Escaping — runnerCWE-78 8.8 High2022-10-25
CVE-2022-35954 Delimiter injection vulnerability in @actions/core exportVariable — toolkitCWE-77 5.0 Medium2022-08-13
CVE-2020-15228 Environment Variable Injection in GitHub Actions — toolkitCWE-20 3.5 Low2020-10-01
CVE-2020-11021 HTTP request which redirect to another hostname do not strip authorization header in Actions Http-Client — http-clientCWE-200 6.3 Medium2020-04-29

This page lists every published CVE security advisory associated with actions. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.