CVE-2025-30154: reviewdog/action-setup GitHub Action Embedded Malicious

reviewdog/action-setup GitHub Action Embedded Malicious Code Vulnerability. reviewdog action-setup GitHub Action contains an embedded malicious code vulnerability that dumps exposed secrets to Github Actions Workflow Logs.

• CISA KEV-listed (remediation due 2025-04-14)
• EPSS 37.1% (97.3% percentile)

Browse the CVE database

Read the full analysis on IntelFusions