VYPR

Go modules package

github.com/nektos/act

pkg:golang/github.com/nektos/act

Vulnerabilities (3)

  • CVE-2026-34042HigMar 31, 2026
    affected < 0.2.86fixed 0.2.86

    act is a project which allows for local running of github actions. Prior to version 0.2.86, act's built in actions/cache server listens to connections on all interfaces and allows anyone who can connect to it including someone anywhere on the internet to create caches with arbitr

  • CVE-2026-34041CriMar 31, 2026
    affected < 0.2.86fixed 0.2.86

    act is a project which allows for local running of github actions. Prior to version 0.2.86, act unconditionally processes the deprecated ::set-env:: and ::add-path:: workflow commands, which was disabled due to environment injection risks. When a workflow step echoes untrusted da

  • CVE-2023-22726Jan 20, 2023
    affected < 0.2.40fixed 0.2.40

    act is a project which allows for local running of github actions. The artifact server that stores artifacts from Github Action runs does not sanitize path inputs. This allows an attacker to download and overwrite arbitrary files on the host from a Github Action. This issue may l