VYPR

Codeql Action

by GitHub

Source repositories

CVEs (2)

  • CVE-2025-24362HigJan 24, 2025
    risk 0.39cvss epss 0.01

    In some circumstances, debug artifacts uploaded by the CodeQL Action after a failed code scanning workflow run may contain the environment variables from the workflow run, including any secrets that were exposed as environment variables to the workflow. Users with read access to…

  • CVE-2021-32638May 25, 2021
    risk 0.00cvss epss 0.00

    Github's CodeQL action is provided to run CodeQL-based code scanning on non-GitHub CI/CD systems and requires a GitHub access token to connect to a GitHub repository. The runner and its documentation previously suggested passing the GitHub token as a command-line parameter to…