Actions Toolkit
4 CVEs affecting Actions Toolkit. Latest disclosed: 2025-06-09. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-42471 | High | 7.3 | 2024-09-02 | actions/artifact is the GitHub ToolKit for developing GitHub Actions. Versions of `actions/artifact` on the 2.x branch before 2.1.2 are vulnerable to arbitrar… |
CVE-2022-35954 | Medium | 5.0 | 2022-08-15 | The GitHub Actions ToolKit provides a set of packages to make creating actions easier. The `core.exportVariable` function uses a well known delimiter that atta… |
CVE-2025-5890 | Medium | 4.3 | 2025-06-09 | A vulnerability classified as problematic has been found in actions toolkit 0.5.0. This affects the function globEscape of the file toolkit/packages/glob/src/i… |
CVE-2020-15228 | Low | 3.5 | 2020-10-01 | In the `@actions/core` npm module before version 1.2.6,`addPath` and `exportVariable` functions communicate with the Actions Runner over stdout by generating a… |