CVE advisoryKnown Exploit
CVE-2025-30154
Reviewdog Actions Expose Secrets in Logs
Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.
A GitHub Action used for installing development tools was compromised, exposing sensitive secrets in workflow logs. This impacts several related actions, risking the exposure of confidential business data. Organizations should address this to protect development pipelines.