Known exploited
reviewdog
CVE published 2025-03-24
CVE-2025-30154
CVE-2025-30154 is a GitHub Actions supply-chain issue affecting reviewdog/action-setup and is listed in CISA’s Known Exploited Vulnerabilities catalog. Because CISA has assigned a mitigation due date and directs organizations to follow vendor guidance or stop using the product if mitigations are unavailable, this should be treated as an urgent CI/CD risk.