Tj Actions Changed Files
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Tj Actions Changed Files.
By the Year
In 2026 there have been 0 vulnerabilities in Tj Actions Changed Files. Last year, in 2025 Changed Files had 1 security vulnerability published. Right now, Changed Files is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 1 | 8.60 |
| 2024 | 0 | 0.00 |
| 2023 | 1 | 9.80 |
It may take a day or so for new Changed Files vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Tj Actions Changed Files Security Vulnerabilities
Changed-files (pre-v46) Remote Secret Disclosure via Log Reading
CVE-2025-30066
8.6 - High
- March 15, 2025
tj-actions changed-files before 46 allows remote attackers to discover secrets by reading actions logs. (The tags v1 through v45.0.7 were affected on 2025-03-14 and 2025-03-15 because they were modified by a threat actor to point at commit 0e58ed8, which contained malicious updateFeatures code.)
Embedded Malicious Code
GitHub Action tj-actions/changed-files <41.0.0: Command Injection
CVE-2023-51664
9.8 - Critical
- December 27, 2023
tj-actions/changed-files is a Github action to retrieve all files and directories. Prior to 41.0.0, the `tj-actions/changed-files` workflow allows for command injection in changed filenames, allowing an attacker to execute arbitrary code and potentially leak secrets. This issue may lead to arbitrary command execution in the GitHub Runner. This vulnerability has been addressed in version 41.0.0. Users are advised to upgrade.
Command Injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Tj Actions Changed Files or by Tj Actions? Click the Watch button to subscribe.
