Tj-Actions Branch-Names vulnerabilities
2 known vulnerabilities affecting tj-actions/branch-names.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2
Vulnerabilities
Page 1 of 1
CVE-2025-54416P2CRITICALCVSS 9.1fixed in 9.0.02025-07-26
CVE-2025-54416 [CRITICAL] CWE-77 CVE-2025-54416: tj-actions/branch-names is a Github actions repository that contains workflows to retrieve branch or
tj-actions/branch-names is a Github actions repository that contains workflows to retrieve branch or tag names with support for all events. In versions 8.2.1 and below, a critical vulnerability has been identified in the tj-actions/branch-names' GitHub Action workflow which allows arbitrary command execution in downstream workflows. This issue aris
ghsanvd
CVE-2023-49291P3CRITICALCVSS 9.8fixed in 7.0.0≥ 7.0.1, < 7.0.7+1 more2023-12-05
CVE-2023-49291 [CRITICAL] CWE-20 CVE-2023-49291: tj-actions/branch-names is a Github action to retrieve branch or tag names with support for all even
tj-actions/branch-names is a Github action to retrieve branch or tag names with support for all events. The `tj-actions/branch-names` GitHub Actions improperly references the `github.event.pull_request.head.ref` and `github.head_ref` context variables within a GitHub Actions `run` step. The head ref variable is the branch name and can be used to ex
ghsanvd