actsense - GitHub Actions Security Auditor Home Getting Started Usage Vulnerabilities Contributors

CTRL K

CTRL K

Contributors
Getting Started
Installation
Security Vulnerabilities
- Vulnerability Categories
Usage
More
GitHub Repository

Light
Dark
System

On this page

Vulnerability Categories
Action Pinning & Immutability
Permissions & Access Control
Secrets & Credentials
Workflow Security
Supply Chain Security
Self-Hosted Runners
Best Practices
Advanced Threats

Edit this page on GitHub →

Security Vulnerabilities

Security Vulnerabilities

This section documents all security vulnerabilities detected by actsense. Each vulnerability includes a detailed description, evidence, and mitigation strategies.

Vulnerability Categories

Action Pinning & Immutability

Unpinned Version
No Hash Pinning
Short Hash Pinning
Older Action Version
Inconsistent Action Version
Unpinnable Docker Image
Unpinnable Composite Subaction
Unpinnable JavaScript Action

Permissions & Access Control

Overly Permissive
GitHub Token Write All
GitHub Token Write Permissions
Excessive Write Permissions
Branch Protection Bypass
Token Permission Escalation

Secrets & Credentials

Potential Hardcoded Secret
Potential Hardcoded Cloud Credentials
Long Term Cloud Credentials
Secret in Environment
Secrets Access Untrusted
Secrets in Matrix
Environment with Secrets

Workflow Security

Dangerous Event
Insecure Pull Request Target
Unsafe Checkout
Unsafe Checkout Ref
Checkout Full History
Script Injection
Shell Injection
Code Injection via Input
Unvalidated Workflow Input
Unsafe Shell

Supply Chain Security

Untrusted Action Source
Untrusted Action Unpinned
Typosquatting Action
Deprecated Action
Missing Action Repository
Unpinned Dockerfile Dependencies
Unpinned Dockerfile Resources
Unpinned External Resources
Unpinned JavaScript Resources
Unpinned NPM Packages
Unpinned Python Packages
Unfiltered Network Traffic
No File Tampering Protection

Self-Hosted Runners

Self Hosted Runner
Self Hosted Runner PR Exposure
Self Hosted Runner Issue Exposure
Self Hosted Runner Write All
Self Hosted Runner Secrets in Run
Self Hosted Runner Network Risk
Runner Label Confusion
Public Repo Self Hosted Secrets
Public Repo Self Hosted Environment

Best Practices

Continue on Error Critical Job
Artifact Retention
Large Matrix
Insufficient Audit Logging
Environment Bypass Risk
Cross Repository Access
Cross Repository Access Command

Advanced Threats

Malicious Curl Pipe Bash
Malicious Base64 Decode
Obfuscation Detection
Artifact Exposure Risk

Last updated on January 1, 2026

© 2025 actsense | GitHub Repository

Powered by Hextra