GitHub security alert: Malicious code found in ‘tj-actions/changed-files,’ impacting 23K+ repos. Learn how to check, remove, and protect your CI/CD pipelines.
Research firm StepSecurity’s CI/CD security solution Harden-Runner recently uncovered a security vulnerability within a GitHub Action, “tj-actions/changed-files,” used in over 23,000 repositories. The vulnerability allows remote attackers to discover secrets by reading action logs.
The vulnerability, identified as CVE-2025-30066, affected all versions of the compromised Action. For your information, this action identifies files modified within pull requests or commits, allowing development teams to trigger processes like testing or deployments based on specific file changes. This approach enhances the efficiency of continuous integration and continuous delivery pipelines
As per StepSecurity’s research, the malicious code focused on infiltrating the Runner.Worker process, designed to extract secrets, passwords, and authentication tokens exposed during CI/CD execution. In many scenarios, these sensitive details were likely made publicly accessible, potentially granting unauthorized individuals access to critical systems and internal services.
The timeline of the compromise began with the introduction of a malicious commit, disguised as a routine Dependabot update, on March 14th. Immediately following this, all Action tags were redirected to point towards the compromised commit, placing a significant number of repositories at risk. Suspicious activity was subsequently flagged by the community, indicating the Action was exfiltrating environment variables and secrets.
Approximately twelve hours after this discovery, the repository was taken offline, effectively preventing further downloads of the compromised version. While the exact initiator of the takedown remains unclear, the repository was reactivated on March 16th, following the removal of the malicious commit. However, by this point, an estimated 23,000 repositories had already been exposed.
Due to the action’s widespread use, public GitHub repositories with enabled GitHub Actions were placed at considerable risk. The tj-actions maintainers claim that an attacker breached a GitHub personal access token (PAT) used by a bot with access to the repository.
GitHub responded by removing the compromised Action, necessitating users to seek alternative solutions. This removal, however, introduced potential disruptions to CI pipelines, particularly for those relying on non-cached versions.
Endor Labs exclusively published a blog post for its users, providing specific guidance on mitigating the impact. Customers utilizing the Endor Labs GitHub App were advised to search their dependencies for “tj-actions/changed-files” within the Endor Labs dashboard. Those using CI or CLI scanning were instructed to configure CI scanning with specific parameters to identify affected repositories. Additionally, auditing GitHub logs for suspicious IP addresses and rotating active secrets were recommended.
The primary objective of the attackers was likely to compromise the software supply chain, targeting open-source libraries, binaries, and artefacts generated by the affected CI pipelines, Dimitri Stiliadis, CTO and co-founder of Endor Labs, shared with his analysis Hackread.com.
“The attacker was likely not looking for secrets in public repositories — they are already public. They were likely looking to compromise the software supply chain for other open-source libraries, binaries, and artefacts created with this. Any public repository that creates packages or containers as part of a CI pipeline could have been impacted. That means potentially thousands of open source packages have the potential to have been compromised,” Stiliadis explained.
Organizations not utilizing Endor Labs were also advised to take immediate action. This included inspecting GitHub Actions workflows for the compromised Action, removing it from all branches, auditing past CI workflows for signs of compromise, and rotating any exposed secrets.
