Thanks to visit codestin.com
Credit goes to codeql.github.com

CodeQL documentation
CodeQL resources

CWE coverage for GitHub Actions

An overview of CWE coverage for GitHub Actions in the latest release of CodeQL.

Overview

CWE Language Query id Query name
CWE-20 GitHub Actions actions/composite-action-sinks Composite Action Sinks
CWE-20 GitHub Actions actions/composite-action-sources Composite Action Sources
CWE-20 GitHub Actions actions/composite-action-summaries Composite Action Summaries
CWE-20 GitHub Actions actions/reusable-workflow-sinks Reusable Workflow Sinks
CWE-20 GitHub Actions actions/reusable-workflow-sources Reusable Workflow Sources
CWE-20 GitHub Actions actions/reusable-workflow-summaries Reusable Workflows Summaries
CWE-20 GitHub Actions actions/envpath-injection/critical PATH environment variable built from user-controlled sources
CWE-20 GitHub Actions actions/envpath-injection/medium PATH environment variable built from user-controlled sources
CWE-20 GitHub Actions actions/envvar-injection/critical Environment variable built from user-controlled sources
CWE-20 GitHub Actions actions/envvar-injection/medium Environment variable built from user-controlled sources
CWE-74 GitHub Actions actions/envpath-injection/critical PATH environment variable built from user-controlled sources
CWE-74 GitHub Actions actions/envpath-injection/medium PATH environment variable built from user-controlled sources
CWE-74 GitHub Actions actions/envvar-injection/critical Environment variable built from user-controlled sources
CWE-74 GitHub Actions actions/envvar-injection/medium Environment variable built from user-controlled sources
CWE-74 GitHub Actions actions/code-injection/critical Code injection
CWE-74 GitHub Actions actions/code-injection/medium Code injection
CWE-74 GitHub Actions actions/cache-poisoning/code-injection Cache Poisoning via low-privileged code injection
CWE-74 GitHub Actions actions/output-clobbering/high Output Clobbering
CWE-74 GitHub Actions actions/command-injection/critical Command built from user-controlled sources
CWE-74 GitHub Actions actions/command-injection/medium Command built from user-controlled sources
CWE-74 GitHub Actions actions/argument-injection/critical Argument injection
CWE-74 GitHub Actions actions/argument-injection/medium Argument injection
CWE-77 GitHub Actions actions/envpath-injection/critical PATH environment variable built from user-controlled sources
CWE-77 GitHub Actions actions/envpath-injection/medium PATH environment variable built from user-controlled sources
CWE-77 GitHub Actions actions/envvar-injection/critical Environment variable built from user-controlled sources
CWE-77 GitHub Actions actions/envvar-injection/medium Environment variable built from user-controlled sources
CWE-77 GitHub Actions actions/command-injection/critical Command built from user-controlled sources
CWE-77 GitHub Actions actions/command-injection/medium Command built from user-controlled sources
CWE-77 GitHub Actions actions/argument-injection/critical Argument injection
CWE-77 GitHub Actions actions/argument-injection/medium Argument injection
CWE-78 GitHub Actions actions/command-injection/critical Command built from user-controlled sources
CWE-78 GitHub Actions actions/command-injection/medium Command built from user-controlled sources
CWE-88 GitHub Actions actions/argument-injection/critical Argument injection
CWE-88 GitHub Actions actions/argument-injection/medium Argument injection
CWE-94 GitHub Actions actions/code-injection/critical Code injection
CWE-94 GitHub Actions actions/code-injection/medium Code injection
CWE-94 GitHub Actions actions/cache-poisoning/code-injection Cache Poisoning via low-privileged code injection
CWE-95 GitHub Actions actions/code-injection/critical Code injection
CWE-95 GitHub Actions actions/code-injection/medium Code injection
CWE-116 GitHub Actions actions/code-injection/critical Code injection
CWE-116 GitHub Actions actions/code-injection/medium Code injection
CWE-200 GitHub Actions actions/secret-exfiltration Secret exfiltration
CWE-284 GitHub Actions actions/improper-access-control Improper Access Control
CWE-284 GitHub Actions actions/pr-on-self-hosted-runner Pull Request code execution on self-hosted runner
CWE-285 GitHub Actions actions/improper-access-control Improper Access Control
CWE-311 GitHub Actions actions/excessive-secrets-exposure Excessive Secrets Exposure
CWE-311 GitHub Actions actions/secrets-in-artifacts Storage of sensitive information in GitHub Actions artifact
CWE-311 GitHub Actions actions/unmasked-secret-exposure Unmasked Secret Exposure
CWE-312 GitHub Actions actions/excessive-secrets-exposure Excessive Secrets Exposure
CWE-312 GitHub Actions actions/secrets-in-artifacts Storage of sensitive information in GitHub Actions artifact
CWE-312 GitHub Actions actions/unmasked-secret-exposure Unmasked Secret Exposure
CWE-345 GitHub Actions actions/cache-poisoning/code-injection Cache Poisoning via low-privileged code injection
CWE-345 GitHub Actions actions/cache-poisoning/direct-cache Cache Poisoning via caching of untrusted files
CWE-345 GitHub Actions actions/cache-poisoning/poisonable-step Cache Poisoning via execution of untrusted code
CWE-349 GitHub Actions actions/cache-poisoning/code-injection Cache Poisoning via low-privileged code injection
CWE-349 GitHub Actions actions/cache-poisoning/direct-cache Cache Poisoning via caching of untrusted files
CWE-349 GitHub Actions actions/cache-poisoning/poisonable-step Cache Poisoning via execution of untrusted code
CWE-362 GitHub Actions actions/untrusted-checkout-toctou/critical Untrusted Checkout TOCTOU
CWE-362 GitHub Actions actions/untrusted-checkout-toctou/high Untrusted Checkout TOCTOU
CWE-367 GitHub Actions actions/untrusted-checkout-toctou/critical Untrusted Checkout TOCTOU
CWE-367 GitHub Actions actions/untrusted-checkout-toctou/high Untrusted Checkout TOCTOU
CWE-441 GitHub Actions actions/request-forgery Uncontrolled data used in network request
CWE-610 GitHub Actions actions/request-forgery Uncontrolled data used in network request
CWE-664 GitHub Actions actions/code-injection/critical Code injection
CWE-664 GitHub Actions actions/code-injection/medium Code injection
CWE-664 GitHub Actions actions/improper-access-control Improper Access Control
CWE-664 GitHub Actions actions/excessive-secrets-exposure Excessive Secrets Exposure
CWE-664 GitHub Actions actions/secrets-in-artifacts Storage of sensitive information in GitHub Actions artifact
CWE-664 GitHub Actions actions/unmasked-secret-exposure Unmasked Secret Exposure
CWE-664 GitHub Actions actions/cache-poisoning/code-injection Cache Poisoning via low-privileged code injection
CWE-664 GitHub Actions actions/artifact-poisoning/critical Artifact poisoning
CWE-664 GitHub Actions actions/artifact-poisoning/medium Artifact poisoning
CWE-664 GitHub Actions actions/unpinned-tag Unpinned tag for a non-immutable Action in workflow
CWE-664 GitHub Actions actions/untrusted-checkout/critical Checkout of untrusted code in a privileged context
CWE-664 GitHub Actions actions/untrusted-checkout/high Checkout of untrusted code in trusted context
CWE-664 GitHub Actions actions/untrusted-checkout/medium Checkout of untrusted code in trusted context
CWE-664 GitHub Actions actions/secret-exfiltration Secret exfiltration
CWE-664 GitHub Actions actions/pr-on-self-hosted-runner Pull Request code execution on self-hosted runner
CWE-664 GitHub Actions actions/artifact-poisoning/path-traversal Artifact Poisoning (Path Traversal)
CWE-664 GitHub Actions actions/unversioned-immutable-action Unversioned Immutable Action
CWE-664 GitHub Actions actions/request-forgery Uncontrolled data used in network request
CWE-668 GitHub Actions actions/secret-exfiltration Secret exfiltration
CWE-669 GitHub Actions actions/artifact-poisoning/critical Artifact poisoning
CWE-669 GitHub Actions actions/artifact-poisoning/medium Artifact poisoning
CWE-669 GitHub Actions actions/unpinned-tag Unpinned tag for a non-immutable Action in workflow
CWE-669 GitHub Actions actions/untrusted-checkout/critical Checkout of untrusted code in a privileged context
CWE-669 GitHub Actions actions/untrusted-checkout/high Checkout of untrusted code in trusted context
CWE-669 GitHub Actions actions/untrusted-checkout/medium Checkout of untrusted code in trusted context
CWE-669 GitHub Actions actions/artifact-poisoning/path-traversal Artifact Poisoning (Path Traversal)
CWE-669 GitHub Actions actions/unversioned-immutable-action Unversioned Immutable Action
CWE-691 GitHub Actions actions/code-injection/critical Code injection
CWE-691 GitHub Actions actions/code-injection/medium Code injection
CWE-691 GitHub Actions actions/cache-poisoning/code-injection Cache Poisoning via low-privileged code injection
CWE-691 GitHub Actions actions/untrusted-checkout-toctou/critical Untrusted Checkout TOCTOU
CWE-691 GitHub Actions actions/untrusted-checkout-toctou/high Untrusted Checkout TOCTOU
CWE-693 GitHub Actions actions/composite-action-sinks Composite Action Sinks
CWE-693 GitHub Actions actions/composite-action-sources Composite Action Sources
CWE-693 GitHub Actions actions/composite-action-summaries Composite Action Summaries
CWE-693 GitHub Actions actions/reusable-workflow-sinks Reusable Workflow Sinks
CWE-693 GitHub Actions actions/reusable-workflow-sources Reusable Workflow Sources
CWE-693 GitHub Actions actions/reusable-workflow-summaries Reusable Workflows Summaries
CWE-693 GitHub Actions actions/envpath-injection/critical PATH environment variable built from user-controlled sources
CWE-693 GitHub Actions actions/envpath-injection/medium PATH environment variable built from user-controlled sources
CWE-693 GitHub Actions actions/envvar-injection/critical Environment variable built from user-controlled sources
CWE-693 GitHub Actions actions/envvar-injection/medium Environment variable built from user-controlled sources
CWE-693 GitHub Actions actions/improper-access-control Improper Access Control
CWE-693 GitHub Actions actions/excessive-secrets-exposure Excessive Secrets Exposure
CWE-693 GitHub Actions actions/secrets-in-artifacts Storage of sensitive information in GitHub Actions artifact
CWE-693 GitHub Actions actions/unmasked-secret-exposure Unmasked Secret Exposure
CWE-693 GitHub Actions actions/cache-poisoning/code-injection Cache Poisoning via low-privileged code injection
CWE-693 GitHub Actions actions/cache-poisoning/direct-cache Cache Poisoning via caching of untrusted files
CWE-693 GitHub Actions actions/cache-poisoning/poisonable-step Cache Poisoning via execution of untrusted code
CWE-693 GitHub Actions actions/pr-on-self-hosted-runner Pull Request code execution on self-hosted runner
CWE-707 GitHub Actions actions/envpath-injection/critical PATH environment variable built from user-controlled sources
CWE-707 GitHub Actions actions/envpath-injection/medium PATH environment variable built from user-controlled sources
CWE-707 GitHub Actions actions/envvar-injection/critical Environment variable built from user-controlled sources
CWE-707 GitHub Actions actions/envvar-injection/medium Environment variable built from user-controlled sources
CWE-707 GitHub Actions actions/code-injection/critical Code injection
CWE-707 GitHub Actions actions/code-injection/medium Code injection
CWE-707 GitHub Actions actions/cache-poisoning/code-injection Cache Poisoning via low-privileged code injection
CWE-707 GitHub Actions actions/output-clobbering/high Output Clobbering
CWE-707 GitHub Actions actions/command-injection/critical Command built from user-controlled sources
CWE-707 GitHub Actions actions/command-injection/medium Command built from user-controlled sources
CWE-707 GitHub Actions actions/argument-injection/critical Argument injection
CWE-707 GitHub Actions actions/argument-injection/medium Argument injection
CWE-829 GitHub Actions actions/artifact-poisoning/critical Artifact poisoning
CWE-829 GitHub Actions actions/artifact-poisoning/medium Artifact poisoning
CWE-829 GitHub Actions actions/unpinned-tag Unpinned tag for a non-immutable Action in workflow
CWE-829 GitHub Actions actions/untrusted-checkout/critical Checkout of untrusted code in a privileged context
CWE-829 GitHub Actions actions/untrusted-checkout/high Checkout of untrusted code in trusted context
CWE-829 GitHub Actions actions/untrusted-checkout/medium Checkout of untrusted code in trusted context
CWE-829 GitHub Actions actions/artifact-poisoning/path-traversal Artifact Poisoning (Path Traversal)
CWE-829 GitHub Actions actions/unversioned-immutable-action Unversioned Immutable Action
CWE-913 GitHub Actions actions/code-injection/critical Code injection
CWE-913 GitHub Actions actions/code-injection/medium Code injection
CWE-913 GitHub Actions actions/cache-poisoning/code-injection Cache Poisoning via low-privileged code injection
CWE-918 GitHub Actions actions/request-forgery Uncontrolled data used in network request
CWE-922 GitHub Actions actions/excessive-secrets-exposure Excessive Secrets Exposure
CWE-922 GitHub Actions actions/secrets-in-artifacts Storage of sensitive information in GitHub Actions artifact
CWE-922 GitHub Actions actions/unmasked-secret-exposure Unmasked Secret Exposure
CWE-1395 GitHub Actions actions/vulnerable-action Use of a known vulnerable action
  • © GitHub, Inc.
  • Terms
  • Privacy