Tj-Actions Changed-Files vulnerabilities
2 known vulnerabilities affecting tj-actions/changed-files.
Total CVEs
2
CISA KEV
1
actively exploited
Public exploits
0
Exploited in wild
1
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2025-30066P1HIGHCVSS 8.6KEV≤ 45.0.7≥ 1, < 462025-03-15
CVE-2025-30066 [HIGH] CWE-506 CVE-2025-30066: tj-actions changed-files before 46 allows remote attackers to discover secrets by reading actions lo
tj-actions changed-files before 46 allows remote attackers to discover secrets by reading actions logs. (The tags v1 through v45.0.7 were affected on 2025-03-14 and 2025-03-15 because they were modified by a threat actor to point at commit 0e58ed8, which contained malicious updateFeatures code.)
ghsanvd
CVE-2023-51664P2CRITICALCVSS 9.8fixed in 41.0.02023-12-27
CVE-2023-51664 [CRITICAL] CWE-74 CVE-2023-51664: tj-actions/changed-files is a Github action to retrieve all files and directories. Prior to 41.0.0,
tj-actions/changed-files is a Github action to retrieve all files and directories. Prior to 41.0.0, the `tj-actions/changed-files` workflow allows for command injection in changed filenames, allowing an attacker to execute arbitrary code and potentially leak secrets. This issue may lead to arbitrary command execution in the GitHub Runner. This vulne
ghsanvd