Compromised GitHub Action Highlights Risks in CI/CD Supply ...

A popular GitHub Action used by thousands of repositories recently compromised those repositories, exposing a critical weakness in how open-source Actions are published and consumed. A new maintainer briefly hijacked the tj-actions/changed-files Action by publishing a version that contained obfuscated, malicious code. This triggered concern within the developer community about CI/CD security in the GitHub Actions ecosystem. The incident highlights an emerging attack surface: the supply chain of Actions themselves. While most guidance focuses on hardening the workflow environment, few teams scrutinize the security of the Actions they import. This breach has prompted renewed calls for best practices such as Action pinning, third-party audits, and hardened runners. Repositories widely used the tj-actions/changed-files Action to detect file changes in pull requests — a common step in conditional CI workflows. In March 2025, a new maintainer introduced a version (v44) that included obfuscated shell commands capable of remote code execution. While the malicious release was short lived, it bypassed detection long enough to expose a blind spot in how many developers trust and consume GitHub Actions. … The compromised Action is notable not just because of its popularity - over 20,000 repositories are estimated to have used it - but because it revealed a broader ecosystem weakness. Devs often treat GitHub Actions as trusted building blocks, yet unlike packages or containers, Actions lack strong controls around publishing, ownership changes, or signature verification. … GitHub Actions in particular run with high privileges, capable of signing releases, pushing images, or deploying to production. A compromised Action can subvert an entire delivery pipeline. While StepSecurity did not quantify how widespread the practice of using unpinned Actions was, they have often emphasized the risks of their use and recommended treating them with caution. The compromise echoes similar issues in adjacent ecosystems, such as malicious NPM packages or trojanized Docker Images. While the industry is making progress through initiatives like SLSA, Sigstore and SBOM tooling, GitHub Actions still lack first-class support for provenance, sandboxing, or trust enforcement on reusable Actions.