GitHub Actions Vulnerabilities Expose 38% of Organizations to Supply Chain Attacks
A recent analysis reveals that 38% of organizations using GitHub Actions are running workflows with script injection vulnerabilities or unsafe trigger configurations, exposing them to significant supply chain risks. GitHub Actions, a core component of modern CI/CD pipelines, automates build, test, and deployment tasks often with elevated privileges and access to source code and credentials. Misconfigurations in these workflows can serve as prime entry points for attackers.
Research from Datadog’s 2026 State of DevSecOps found that two out of three organizations have at least one vulnerability in their workflows or actions, expanding the attack surface. Real-world incidents demonstrate how threat actors exploit these weaknesses:
- The s1ngularity attack abused the
pull_request_targettrigger, which allows workflows to run with heightened privileges. Attackers crafted malicious pull requests dubbed "pwn requests" to execute arbitrary code by exploiting the assumption that external input is trusted. - The hackerbot-claw campaign, an AI-driven attack, compromised over half of targeted repositories by injecting malicious input into workflow scripts. For example, unchecked pull request titles could break out of intended commands, enabling remote code execution.
- The TeamPCP campaign exploited compromised credentials to publish malicious versions of popular tools like Trivy and KICS, manipulating version tags to trick workflows into executing tampered code. This risk is amplified by the fact that 71% of organizations do not pin GitHub Actions to specific commit hashes, leaving them vulnerable to dependency tampering.
A successful compromise can have far-reaching consequences, including modified build artifacts, secret exfiltration, or backdoors in distributed software. GitHub has acknowledged these risks and outlined a security roadmap to mitigate them, including:
- Deterministic dependency management (locking actions to commit hashes).
- Centralized policies to restrict workflow triggers and initiator permissions.
- Scoped secrets to limit credential exposure.
- Enhanced observability via Actions Data Stream for real-time anomaly detection.
- A native egress firewall to monitor and block unauthorized outbound traffic from CI/CD runners.
Despite these upcoming protections, organizations remain responsible for securing their workflows treating them as part of the application attack surface, validating external input, and restricting token permissions. As CI/CD pipelines increasingly become high-value targets, insecure GitHub Actions configurations continue to pose a high-impact, widely exploitable threat.
Source: https://gbhackers.com/38-of-github-actions-workflows-exposed/
GitHub cybersecurity rating report: https://www.rankiteo.com/company/github
Aqua Security cybersecurity rating report: https://www.rankiteo.com/company/aquasecteam
"id": "GITAQU1780490516",
"linkid": "github, aquasecteam",
"type": "Vulnerability",
"date": "1/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': '38% of organizations using '
'GitHub Actions',
'industry': ['Technology', 'Software Development'],
'location': 'Global',
'type': 'Organizations'}],
'attack_vector': ['Script Injection',
'Unsafe Trigger Configurations',
'Malicious Pull Requests',
'Dependency Tampering'],
'data_breach': {'data_exfiltration': 'Possible',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Source code', 'Credentials']},
'description': 'A recent analysis reveals that 38% of organizations using '
'GitHub Actions are running workflows with script injection '
'vulnerabilities or unsafe trigger configurations, exposing '
'them to significant supply chain risks. GitHub Actions, a '
'core component of modern CI/CD pipelines, automates build, '
'test, and deployment tasks often with elevated privileges and '
'access to source code and credentials. Misconfigurations in '
'these workflows can serve as prime entry points for '
'attackers. Real-world incidents demonstrate how threat actors '
'exploit these weaknesses, including the *s1ngularity* attack, '
'*hackerbot-claw* campaign, and *TeamPCP* campaign.',
'impact': {'brand_reputation_impact': 'High',
'data_compromised': ['Source code',
'Credentials',
'Build artifacts'],
'operational_impact': 'Modified build artifacts, backdoors in '
'distributed software',
'systems_affected': ['CI/CD pipelines',
'GitHub Actions workflows']},
'initial_access_broker': {'backdoors_established': 'Possible (backdoors in '
'distributed software)',
'entry_point': ['Malicious pull requests',
'Compromised credentials',
'Tampered dependencies'],
'high_value_targets': ['CI/CD pipelines',
'GitHub Actions workflows']},
'lessons_learned': 'Organizations must treat CI/CD pipelines as part of the '
'application attack surface, validate external input, '
'restrict token permissions, and secure GitHub Actions '
'workflows to mitigate supply chain risks.',
'motivation': ['Code Execution',
'Secret Exfiltration',
'Backdoor Installation',
'Supply Chain Compromise'],
'post_incident_analysis': {'corrective_actions': ['Deterministic dependency '
'management',
'Centralized policies',
'Scoped secrets',
'Enhanced monitoring'],
'root_causes': ['Unsafe workflow configurations',
'Unpinned dependencies',
'Unchecked external input']},
'recommendations': ['Pin GitHub Actions to specific commit hashes',
'Restrict workflow triggers and initiator permissions',
'Use scoped secrets to limit credential exposure',
'Enhance observability with Actions Data Stream',
'Implement a native egress firewall for CI/CD runners'],
'references': [{'source': 'Datadog’s 2026 State of DevSecOps'}],
'response': {'enhanced_monitoring': ['Actions Data Stream for real-time '
'anomaly detection',
'Native egress firewall to monitor and '
'block unauthorized outbound traffic'],
'remediation_measures': ['Deterministic dependency management '
'(locking actions to commit hashes)',
'Centralized policies to restrict '
'workflow triggers',
'Scoped secrets to limit credential '
'exposure']},
'threat_actor': ['s1ngularity', 'hackerbot-claw campaign', 'TeamPCP campaign'],
'title': 'GitHub Actions Vulnerabilities Expose 38% of Organizations to '
'Supply Chain Attacks',
'type': 'Supply Chain Attack',
'vulnerability_exploited': ['Unsafe `pull_request_target` trigger',
'Unpinned GitHub Actions dependencies',
'Unchecked external input in workflow scripts']}