risk 65/100 · high exploited in the wild

CI/CD · GitHub Actions · GitHub Actions to cloud OIDC trust misconfiguration

1 known advisory.

Risk score: 65/100

Transparent, additive — every input shown:

Worst severity: +40
Worst CVSS: +0
Exploited in the wild: +25
Exploit probability (EPSS): +0

Advisories

SC-GHA-OIDC-MISCONFIG-2021 — critical · exploited

Stateward checks every dependency on every pull request and flags GitHub Actions to cloud OIDC trust misconfiguration only if your code actually reaches the vulnerable path.

Scan my repo

Sources: CISA KEV (public domain), OSV.dev & GitHub Advisory Database (CC-BY-4.0), FIRST EPSS, NVD/CWE (public domain). Served live from the Stateward advisory database.