Step-security Harden-runner
5 CVEs affecting Step-security Harden-runner. Latest disclosed: 2026-03-20. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-32955 | Medium | 6.0 | 2025-04-21 | Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. Versions from 0.12.0 to before 2.12.0 are vulnerable to `disable-sud… |
CVE-2026-32947 | | 2026-03-20 | Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. In versions 2.15.1 and below, a DNS over HTTPS (DoH) vulnerability a… | |
CVE-2026-32946 | | 2026-03-20 | Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. In versions 2.15.1 and below, the Harden-Runner that allows bypass o… | |
CVE-2026-25598 | | 2026-02-09 | Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. Prior to 2.14.2, a security vulnerability has been identified in the… | |
CVE-2024-52587 | | 2024-11-18 | StepSecurity's Harden-Runner provides network egress filtering and runtime security for GitHub-hosted and self-hosted runners. Versions of step-security/harden… |