Thousands of open source projects at risk from hack of GitHub Actions tool

App development teams who use a popular utility in the GitHub Actions continuous integration and continuous delivery/deployment (CI/CD) platform need to scrub their code because the tool was compromised last week to steal credentials.

That warning came after researchers at StepSecurity found that all versions of the tj-actions/changed-files utility up to 45.0.7 had been modified by a threat actor on March 14. Normally this tool helps developers detect file changes in a repository, but a GitHub advisory says the change executes a malicious Python script that allows remote attackers to discover secrets such as API keys, access tokens, and passwords by reading actions logs.

The compromise has been designated CVE-2025-30066.

According to a report from Endor Labs, the utility is used in over 23,000 GitHub repositories. The compromised action could impact thousands of CI pipelines, the report said.

GitHub pulled access to the tool by March 16 and replaced it with a patched version.

CI/CD pipeline secrets could be compromised

“Any public repository that creates packages or containers as part of a CI pipeline could have been impacted,” warns Endor Labs. “That means potentially thousands of open source packages have the potential to have been compromised.”

The attacker was likely not looking for secrets in public repositories, says Endor, because they are already public. “They were likely looking to compromise the software supply chain for other open source libraries, binaries, and artifacts created with this.”

The warning applies to development teams that have both private and public repositories, Endor added. “If these repositories share CI/CD pipeline secrets for artifact or container registries, these registries can be potentially compromised. 

“We have no evidence that any downstream open source library or containers has been impacted at this time. But we urge open source maintainers and the security community to join us in keeping a close eye out for potential secondary compromises.”

In an interview Monday, the CTO of Endor Labs, Dimitri Stiliadis, said the risk of damage is to applications that used the tj-actions tool. But, he added, hackers could have used stolen credentials in Docker Hub or other open source repositories to access and insert malware in other software packages. “We could have packages infected with malware that nobody’s going to know about,” he said. “It could be thousands or hundreds of thousands or even millions … We really don’t know what the real damage is right now. We will know in the coming days.”

Researchers at Wiz Threat Research said in a blog that they had identified “dozens” of impacted public repositories with exposed sensitive secrets and are reaching out to affected parties. 

GitHub recommendations

To help determine whether their repositories were affected, infosec leaders should audit GitHub logs for suspicious IP addresses. If any are found, the active secrets in their repositories need to be rotated.

Researchers at Wiz Threat Research also said that, as recommended by GitHub, developers should pin all GitHub Actions to specific commit hashes instead of version tags to mitigate against future supply chain attacks. They should also use GitHub’s allow-listing feature to block unauthorized GitHub Actions from running and configure GitHub to allow only trusted actions. 

A ‘very serious incident’

In an interview Monday morning, StepSecurity CEO Varun Sharma called it a “very serious incident.” His firm, which makes an endpoint detection and response tool for CI/CD environments, discovered unusual outbound network connections from workflows using tj-actions/changed-files and alerted GitHub that a malicious version of the tool had been inserted to expose CI/CD credentials in build logs.

“Although the original has been restored,” he added, “its not clear why that got compromised.”

He said infosec or development leaders should:

review where tj-actions/changed-files was used in workflows;

determine if the compromised version was used in CI/CD pipelines;

if impacted, immediately rotate exposed credentials including API keys, access tokens, passwords;

either switch to a secure alternative for this tool or upgrade to a patched version.

An efficient method of compromise

Threat actors have learned that compromising software while it is under development is an efficient way to worm their way into a wide range of IT environments, rather than hacking one application at a time. GitHub and other open source code repositories like NPM, GitLab, Ruby on Rails and PyPI have increasingly been abused by hackers.

Just over a year ago we reported that security researchers had shown how a GitHub Action called Bazel could have been backdoored. In 2012, we reported a Rails vulnerability that could be exploited to insert unauthorized data into a Rails’ application database through Web forms.

As a result, CISOs have to ensure their app developers follow security best practices if they use open source platforms for honing code.

More GitHub news:

GitHub accounts targeted with fake security alerts

GitHub to unbundle Advanced Security

GitHub Copilot previews agent mode