VYPR
Vendor

Actions

Products
3
CVEs
9
Across products
9
Status
Private

Products

3

Recent CVEs

9
  • CVE-2025-9043MedAug 14, 2025
    risk 0.44cvss epss 0.00

    The service executable path in Seagate Toolkit on Versions prior to 2.34.0.33 on Windows allows an attacker with Admin privileges to exploit a vulnerability as classified under CWE-428: Unquoted Search Path or Element. An attacker with write permissions to the root could place a…

  • CVE-2025-5890MedJun 9, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability classified as problematic has been found in actions toolkit 0.5.0. This affects the function globEscape of the file toolkit/packages/glob/src/internal-pattern.ts of the component glob. The manipulation leads to inefficient regular expression complexity. It is…

  • CVE-2024-42471Sep 2, 2024
    risk 0.00cvss epss 0.03

    actions/artifact is the GitHub ToolKit for developing GitHub Actions. Versions of `actions/artifact` on the 2.x branch before 2.1.2 are vulnerable to arbitrary file write when using `downloadArtifactInternal`, `downloadArtifactPublic`, or `streamExtractExternal` for extracting…

  • CVE-2022-35954Aug 13, 2022
    risk 0.00cvss epss 0.01

    The GitHub Actions ToolKit provides a set of packages to make creating actions easier. The `core.exportVariable` function uses a well known delimiter that attackers can use to break out of that specific variable and assign values to other arbitrary variables. Workflows that…

  • CVE-2021-31787Nov 30, 2021
    risk 0.00cvss epss 0.00

    The Bluetooth Classic implementation on Actions ATS2815 chipsets does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service and shutdown of a device by flooding the target device with…

  • CVE-2021-31785Sep 7, 2021
    risk 0.00cvss epss 0.00

    The Bluetooth Classic implementation on Actions ATS2815 and ATS2819 chipsets does not properly handle the reception of multiple LMP_host_connection_req packets, allowing attackers in radio range to trigger a denial of service (deadlock) of the device via crafted LMP packets.…

  • CVE-2021-31786Sep 7, 2021
    risk 0.00cvss epss 0.00

    The Bluetooth Classic Audio implementation on Actions ATS2815 and ATS2819 devices does not properly handle a connection attempt from a host with the same BDAddress as the current connected BT host, allowing attackers to trigger a disconnection and deadlock of the device by…

  • CVE-2020-15228Oct 1, 2020
    risk 0.00cvss epss 0.01

    In the `@actions/core` npm module before version 1.2.6,`addPath` and `exportVariable` functions communicate with the Actions Runner over stdout by generating a string in a specific format. Workflows that log untrusted data to stdout may invoke these commands, resulting in the…

  • CVE-2020-11021Apr 29, 2020
    risk 0.00cvss epss 0.02

    Actions Http-Client (NPM @actions/http-client) before version 1.0.8 can disclose Authorization headers to incorrect domain in certain redirect scenarios. The conditions in which this happens are if consumers of the http-client: 1. make an http request with an authorization…