Analysis
Analysis and contextual insights are available on OpenCVE Cloud.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| reviewdog | reviewdog | affected |
|
Configuration 1 [-]
|
No data.
No data available yet.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
| Source | ID | Title |
|---|---|---|
 Github GHSA |
GHSA-qmg3-hpqr-gqvc | Multiple Reviewdog actions were compromised during a specific time period |
Tue, 21 Oct 2025 23:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
Tue, 21 Oct 2025 20:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
Tue, 21 Oct 2025 19:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
Tue, 25 Mar 2025 19:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Reviewdog
Reviewdog action-ast-grep Reviewdog action-composite-template Reviewdog action-setup Reviewdog action-shellcheck Reviewdog action-staticcheck Reviewdog action-typos |
|
| Weaknesses | NVD-CWE-Other | |
| CPEs | cpe:2.3:a:reviewdog:action-ast-grep:*:*:*:*:*:*:*:* cpe:2.3:a:reviewdog:action-composite-template:*:*:*:*:*:*:*:* cpe:2.3:a:reviewdog:action-setup:1:*:*:*:*:*:*:* cpe:2.3:a:reviewdog:action-shellcheck:*:*:*:*:*:*:*:* cpe:2.3:a:reviewdog:action-staticcheck:*:*:*:*:*:*:*:* cpe:2.3:a:reviewdog:action-typos:*:*:*:*:*:*:*:* |
|
| Vendors & Products |
Reviewdog
Reviewdog action-ast-grep Reviewdog action-composite-template Reviewdog action-setup Reviewdog action-shellcheck Reviewdog action-staticcheck Reviewdog action-typos |
Mon, 24 Mar 2025 23:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
kev
|
Mon, 24 Mar 2025 19:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
ssvc
|
Fri, 21 Mar 2025 18:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
ssvc
|
Wed, 19 Mar 2025 17:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 19 Mar 2025 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | reviewdog/action-setup is a GitHub action that installs reviewdog. reviewdog/action-setup@v1 was compromised March 11, 2025, between 18:42 and 20:31 UTC, with malicious code added that dumps exposed secrets to Github Actions Workflow Logs. Other reviewdog actions that use `reviewdog/action-setup@v1` that would also be compromised, regardless of version or pinning method, are reviewdog/action-shellcheck, reviewdog/action-composite-template, reviewdog/action-staticcheck, reviewdog/action-ast-grep, and reviewdog/action-typos. | |
| Title | Multiple Reviewdog actions were compromised during a specific time period | |
| Weaknesses | CWE-506 | |
| References |
|
|
| Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-02-26T19:09:21.840Z
Reserved: 2025-03-17T12:41:42.566Z
Link: CVE-2025-30154
Vulnrichment
Updated: 2025-03-19T16:20:55.189Z
NVD
Status : Analyzed
Published: 2025-03-19T16:15:33.780
Modified: 2025-10-24T13:58:58.223
Link: CVE-2025-30154
Redhat
No data.
OpenCVE Enrichment
No data.