← Scan another repo

github.com/BurntSushi/ripgrep

@ 82313cf95849

Submitted 6/20/2026, 12:38:41 AM · Status: ok

Risk grade
B
12 / 100
Findings
18
0 critical1 high0 medium0 low17 info0 on CISA KEV0ATT&CK
Showing 18 of 18 findings

Findings

  • Using variable interpolation `${{...}}` with `github` context data in a `run:` step could allow an attacker to inject their own code into the runner. This would allow them to steal secrets and code. `
    Using variable interpolation `${{...}}` with `github` context data in a `run:` step could allow an attacker to inject their own code into the runner. This would allow them to steal secrets and code. `github` context data can have arbitrary user input and should be treated as untr…
    semgrep.github/workflows/release.yml:24

This report is public.