VYPR
High severityCISA KEVNVD Advisory· Published Mar 15, 2025· Updated Feb 26, 2026

CVE-2025-30066

CVE-2025-30066

Description

tj-actions changed-files before 46 allows remote attackers to discover secrets by reading actions logs. (The tags v1 through v45.0.7 were affected on 2025-03-14 and 2025-03-15 because they were modified by a threat actor to point at commit 0e58ed8, which contained malicious updateFeatures code.)

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
tj-actions/changed-filesGitHub Actions
< 46.0.146.0.1

Affected products

2

Patches

Vulnerability mechanics

References

28

News mentions

0

No linked articles in our index yet.