GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
3 advisories
Harden-Runner has a command injection weaknesses in `setup.ts` and `arc-runner.ts`
Low
CVE-2024-52587
was published
for
step-security/harden-runner
(GitHub Actions)
Nov 18, 2024
PyPI publish GitHub Action vulnerable to injectable expression expansions in action steps
Low
GHSA-vxmw-7h4f-hqxh
was published
for
pypa/gh-action-pypi-publish
(GitHub Actions)
Sep 4, 2025
ProTip!
Advisories are also available from the
GraphQL API