Reviewdog Reviewdog

  1. Vendors
  2. Reviewdog

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Reviewdog product.

RSS Feeds for Reviewdog security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Reviewdog products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Reviewdog Sorted by Most Security Vulnerabilities since 2018

Reviewdog Action Ast Grep1 vulnerability

Reviewdog Action Composite Template1 vulnerability

Reviewdog Action Setup1 vulnerability

Reviewdog Action Shellcheck1 vulnerability

Reviewdog Action Staticcheck1 vulnerability

Reviewdog Action Typos1 vulnerability

Known Exploited Reviewdog Vulnerabilities

The following Reviewdog vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
reviewdog/action-setup GitHub Action Embedded Malicious Code Vulnerability reviewdog action-setup GitHub Action contains an embedded malicious code vulnerability that dumps exposed secrets to Github Actions Workflow Logs.
CVE-2025-30154 Exploit Probability: 15.4% 		March 24, 2025

By the Year

In 2026 there have been 0 vulnerabilities in Reviewdog. Last year, in 2025 Reviewdog had 1 security vulnerability published. Right now, Reviewdog is on track to have less security vulnerabilities in 2026 than it did last year.

Year Vulnerabilities Average Score
2026 0 0.00
2025 1 8.60

It may take a day or so for new Reviewdog vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Reviewdog Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2025-30154 Mar 19, 2025
reviewdog/action-setup GitHub Action exfiltrates secrets to logs reviewdog/action-setup is a GitHub action that installs reviewdog. reviewdog/action-setup@v1 was compromised March 11, 2025, between 18:42 and 20:31 UTC, with malicious code added that dumps exposed secrets to Github Actions Workflow Logs. Other reviewdog actions that use `reviewdog/action-setup@v1` that would also be compromised, regardless of version or pinning method, are reviewdog/action-shellcheck, reviewdog/action-composite-template, reviewdog/action-staticcheck, reviewdog/action-ast-grep, and reviewdog/action-typos.
Action Ast Grep
Action Composite Template
Action Setup
And others...
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.