Known exploited
tj-actions
CVE published 2025-03-18
CVE-2025-30066
CVE-2025-30066 is a supply-chain security issue in the tj-actions/changed-files GitHub Action, described in the supplied corpus as an embedded malicious code vulnerability. CISA added it to the Known Exploited Vulnerabilities catalog on 2025-03-18, which means defenders should treat it as an urgent exposure and apply the referenced mitigations or discontinue use if mitigations are unavailable.