Description

GitHub Workflow Updater is a VS Code extension that automatically pins GitHub Actions to specific commits for enhanced security. Before 0.0.7, any provided Github token would be stored in plaintext in the editor configuration as json on disk, rather than through the more secure "securestorage" api. An attacker with read only access to your home directory could have read this token and used it to perform actions with that token. Update to 0.0.7.

INFO

Published Date :

2025-10-28T20:53:14.167Z

Last Modified :

2025-10-28T20:53:14.167Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-62794 vulnerability.

Vendors Products
Github-workflow-updater-extension
  • Github-workflow-updater-extension
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-62794.

URL Resource
https://github.com/RichardoC/github-workflow-updater-extension/commit/b9518c38ac6bc2a9fda2242e6daef17f7184ad1f cve-icon cve-icon
https://github.com/RichardoC/github-workflow-updater-extension/security/advisories/GHSA-679x-97jw-8vjp cve-icon cve-icon
https://github.com/microsoft/vscode-discussions/discussions/748 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact