Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N
Lifecycle Timeline
3DescriptionGitHub Advisory
Espressif Shared GitHub DangerJS is a reusable GitHub Action CI DangerJS workflow for Espressif GitHub projects. Prior to 1.0.1, the action's entrypoint.sh invoked DangerJS from the caller's workspace after copying the fork's checkout into it, creating an untrusted search path for both binary resolution and Node.js module resolution. A fork pull request processed by a pull_request_target workflow could therefore cause fork-supplied code to execute inside the action container in place of the action's own code. This vulnerability is fixed in 1.0.1.
AnalysisAI
Untrusted search path in Espressif's shared-github-dangerjs GitHub Action prior to 1.0.1 allows a fork pull request, when processed by a pull_request_target workflow, to substitute attacker-controlled binaries and Node.js modules for the action's own code. Exploitation yields code execution inside the action container with access to repository secrets and write-scoped GITHUB_TOKEN, with no public exploit identified at time of analysis.
Technical ContextAI
The vulnerability is a CWE-427 (Uncontrolled Search Path Element) flaw in entrypoint.sh of the reusable Espressif DangerJS GitHub Action (CPE cpe:2.3:a:espressif:shared-github-dangerjs). The action ran npx danger ci from the caller's workspace after the fork's checkout had been copied into it; because npx resolves binaries relative to the current working directory's node_modules/.bin and Node.js resolves modules from the nearest node_modules tree, a fork PR could supply both a malicious danger binary and arbitrary modules that Node would load in preference to the action's intended code. The danger here is amplified by the pull_request_target trigger, which runs with the base repository's secrets and a privileged GITHUB_TOKEN, unlike the safer pull_request trigger.
RemediationAI
Vendor-released patch: 1.0.1, which invokes danger via the absolute path /node_modules/.bin/danger and runs rm -rf /github/workspace/node_modules before execution to neutralize fork-supplied modules; upgrade by bumping the uses: reference in calling workflows to espressif/shared-github-dangerjs@1.0.1 (or, preferably, pin to the fix commit SHA d7424080) per the advisory at https://github.com/espressif/shared-github-dangerjs/security/advisories/GHSA-wm3p-pv54-6w73. If immediate upgrade is not possible, switch the calling workflow's trigger from pull_request_target to pull_request so secrets and write-scoped tokens are not exposed to fork code (trade-off: the workflow will no longer be able to post Danger comments back to the PR), or gate the job behind an if: github.event.pull_request.head.repo.full_name == github.repository check to skip fork PRs entirely (trade-off: forks receive no Danger feedback). Avoid relying on permissions: read-all alone, since the underlying hijack still executes attacker code in the runner.
FortiOS and FortiProxy contain an authentication bypass via the Node.js websocket module allowing unauthenticated remote
Eval injection vulnerability in the internals.batch function in lib/batch.js in the bassmaster plugin before 1.5.2 for t
Flowise version 3.0.5 contains a remote code execution vulnerability in the CustomMCP node. The mcpServerConfig paramete
Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was inc
An issue was discovered in the node-serialize package 0.0.4 for Node.js. Rated critical severity (CVSS 9.8), this vulner
Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary fi
Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwin
The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, whic
Directory traversal vulnerability in lib/app/index.js in Geddy before 13.0.8 for Node.js allows remote attackers to read
Credential-harvesting malware compromised 84 versions of 42 TanStack npm packages on 2026-05-11 via chained GitHub Actio
Eval injection vulnerability in index.js in the syntax-error package before 1.1.1 for Node.js 0.10.x, as used in IBM Rat
The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before 0.8.26 allows remote attackers to cause a denial of se
Same weakness CWE-427 – Uncontrolled Search Path Element
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-32908