H3-2025-0009¶

GitHub Actions Known Vulnerable Actions

Description¶

GitHub Actions workflows utilizing actions with known vulnerabilities, as identified in the GitHub Advisory Database, expose the workflow environment to potential exploitation.

Impact¶

An attacker may exploit the vulnerable action to gain code execution or access to the repository.

References¶

• GitHub Advisory Database
• MITRE ATT&CK Technique: T1595.002: Active Scanning: Vulnerability Scanning