CVE-2025-30066

HIGH Year: 2025
CVSS v3 Score
8.6
High
Weakness Type
CWE-506
View all →

Vulnerability Description

tj-actions changed-files before 46 allows remote attackers to discover secrets by reading actions logs. (The tags v1 through v45.0.7 were affected on 2025-03-14 and 2025-03-15 because they were modified by a threat actor to point at commit 0e58ed8, which contained malicious updateFeatures code.)

Related Vulnerabilities

CVE-2025-30154

HIGH
CVSS:8.6(High)

reviewdog/action-setup is a GitHub action that installs reviewdog. reviewdog/action-setup@v1 was compromised March 11, 2025, between 18:42 and 20:31 UTC, with malicious code added that dumps exposed s...

CWE-5062025

CVE-2024-4978

HIGH
CVSS:8.4(High)

Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious binary when executed and is signed with an unexpected authenticode signature. A remote, privileged threat actor may exploit this vuln...

CWE-5062024

CVE-2020-15165

CRITICAL
CVSS:9.1(Critical)

Version 1.1.6-free of Chameleon Mini Live Debugger on Google Play Store may have had it's sources or permissions tampered by a malicious actor. The official maintainer of the package is recommending a...

CWE-5062020

CVE-2017-16044

HIGH
CVSS:7.5(High)

`d3.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

CWE-5062017

CVE-2017-16045

HIGH
CVSS:7.5(High)

`jquery.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

CWE-5062017

CVE-2017-16046

HIGH
CVSS:7.5(High)

`mariadb` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

CWE-5062017