VYPR
Vendor

Nektos

Products
1
CVEs
3
Across products
3
Status
Private

Products

1

Recent CVEs

3
  • CVE-2026-34041CriMar 31, 2026
    risk 0.57cvss 9.8epss 0.01

    act is a project which allows for local running of github actions. Prior to version 0.2.86, act unconditionally processes the deprecated ::set-env:: and ::add-path:: workflow commands, which was disabled due to environment injection risks. When a workflow step echoes untrusted…

  • CVE-2026-34042HigMar 31, 2026
    risk 0.46cvss 8.2epss 0.00

    act is a project which allows for local running of github actions. Prior to version 0.2.86, act's built in actions/cache server listens to connections on all interfaces and allows anyone who can connect to it including someone anywhere on the internet to create caches with…

  • CVE-2023-22726Jan 20, 2023
    risk 0.00cvss epss 0.01

    act is a project which allows for local running of github actions. The artifact server that stores artifacts from Github Action runs does not sanitize path inputs. This allows an attacker to download and overwrite arbitrary files on the host from a Github Action. This issue may…