Security

Report a vulnerability

SECURITY.md

Security Policy

Reporting a Vulnerability

Please report security vulnerabilities to info@stepsecurity.io

Evasion of 'disable-sudo' policy
GHSA-mxr3-8whj-j74r published Apr 21, 2025 by varunsh-coder

Moderate
Command injection weaknesses in `setup.ts` and `arc-runner.ts`
GHSA-g85v-wf27-67xc published Nov 18, 2024 by varunsh-coder

Low

Learn more about advisories related to step-security/harden-runner in the GitHub Advisory Database