Tj Actions Branch Names
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Tj Actions Branch Names.
By the Year
In 2026 there have been 0 vulnerabilities in Tj Actions Branch Names. Branch Names did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 1 | 9.80 |
It may take a day or so for new Branch Names vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Tj Actions Branch Names Security Vulnerabilities
GitHub Action tj-actions/branch-names v<7.0.7 RCE via head_ref
CVE-2023-49291
9.8 - Critical
- December 05, 2023
tj-actions/branch-names is a Github action to retrieve branch or tag names with support for all events. The `tj-actions/branch-names` GitHub Actions improperly references the `github.event.pull_request.head.ref` and `github.head_ref` context variables within a GitHub Actions `run` step. The head ref variable is the branch name and can be used to execute arbitrary code using a specially crafted branch name. As a result an attacker can use this vulnerability to steal secrets from or abuse `GITHUB_TOKEN` permissions. This vulnerability has been addressed in version 7.0.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Tj Actions Branch Names or by Tj Actions? Click the Watch button to subscribe.
