VYPR

GitHub Actions package

xygeni/xygeni-action

pkg:github/xygeni/xygeni-action

Vulnerabilities (1)

  • CVE-2026-31976Mar 11, 2026
    affected >= 5, < 6.4.0fixed 6.4.0

    xygeni-action is the GitHub Action for Xygeni Scanner. On March 3, 2026, an attacker with access to compromised credentials created a series of pull requests (#46, #47, #48) injecting obfuscated shell code into action.yml. The PRs were blocked by branch protection rules and never