Created by Sola Security
Last updated 16 March 2025
Tags GitHubCI/CD SecuritySupply Chain SecurityWorkflow SecurityVulnerability ManagementRisk Mitigationtj-actions/changed-filesCVE+5X
Monitor GitHub workflows for instances of the compromised tj-actions/changed-files versions (v35, v44, v5) linked to CVE-2025-30066. This app helps security teams quickly identify affected repositories, take immediate remediation actions, and track workflow security risks.
Who is it for?
Security engineers, DevSecOps teams, CISOs, and incident response professionals responsible for securing GitHub Actions workflows and mitigating supply chain risks.
What problems does it solve?
Detect GitHub workflows using compromised versions of tj-actions/changed-files (v35, v44, v5) linked to CVE-2025-30066 and mitigate the risk of unauthorized code execution.
Key security questions
Is my organization vulnerable to CVE-2025-30066?
Are any of my repositories affected by CVE-2025-30066?
Do any of my GitHub workflows contain vulnerabilities related to CVE-2025-30066?
