To report a vulnerability in lychee-action, open a private vulnerability report and you can create a patch on a private fork or, after reporting the problem, our maintainers will fix it as soon as possible.
Security: lycheeverse/lychee-action
Security
SECURITY.md
-
Arbitrary code injection in composite actionGHSA-65rg-554r-9j5x published
Aug 28, 2025 by mreLow
Learn more about advisories related to lycheeverse/lychee-action in the GitHub Advisory Database