VYPR

GitHub Actions package

OZI-Project/publish

pkg:github/OZI-Project/publish

Vulnerabilities (1)

  • CVE-2025-47271MedMay 12, 2025
    affected >= 1.13.2, < 1.13.6fixed 1.13.6

    The OZI action is a GitHub Action that publishes releases to PyPI and mirror releases, signature bundles, and provenance in a tagged release. In versions 1.13.2 through 1.13.5, potentially untrusted data flows into PR creation logic. A malicious actor could construct a branch nam