VYPR

GitHub Actions package

njzjz/wenxian

pkg:github/njzjz/wenxian

Vulnerabilities (1)

  • CVE-2026-34243CriMar 31, 2026
    affected <= 0.3.1

    wenxian is a tool to generate BIBTEX files from given identifiers (DOI, PMID, arXiv ID, or paper title). In versions 0.3.1 and prior, a GitHub Actions workflow uses untrusted user input from issue_comment.body directly inside a shell command, allowing potential command injection