RCE in Ozi-project Publish

CVE-2025-47271

The OZI action is a GitHub Action that publishes releases to PyPI and mirror releases, signature bundles, and provenance in a tagged release. In versions 1.13.2 through 1.13.5, potentially untrusted data flows into PR creation logic. A mal…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.004 (27.1th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References