GHSA-RV63-4MWF-QQC2

GitHub Actions cache poisoning abuses the fact that the Actions cache is shared across a repository's branches and is not integrity-validated against the producer, so a low-privileged context can plant a payload that a trusted context later restores and executes. Cache entries are keyed and versioned only by client-side computation, the branch-scoping boundary is not enforced server-side, and the restore step extracts the cached tarball without verifying that the restored files match what was originally cached. An attacker who gains code execution on a fork or low-privilege branch (commonly via script injection through untrusted inputs like github.head_ref in a pull_request_target workflow) writes a malicious entry under a key that a higher-privilege workflow on a protected branch will restore, gaining code execution in the trusted context and access to its secrets. The runtime cache token remaining valid after job completion and the per-repo eviction limit widen the window, letting the attacker evict legitimate entries and substitute poisoned ones. Adnan Khan documented the class on May 6, 2024 and built the Cacheract tool, with confirmed findings in projects including angular/components, mdn/content, hyperledger/besu and a later full chain in angular/dev-infra that exposed an admin-scoped GitHub App token.

CakePHP Authentication: Open redirect weakness via backslash bypass

Avo: Missing Authorization in Avo Association Attach Endpoint Allows Unauthorized Relationship Manipulation and Privilege Escalation

Deno: Denial of service via non-ASCII bytes in WebSocket response headers

HAPI FHIR: XXE in XsltUtilities.saxonTransform via unhardened Saxon TransformerFactory

HAPI FHIR: Incomplete fix for CVE-2026-45367: DSTU2 FHIRPathEngine.matches() missing RegexTimeout protection allows ReDoS