Please report security vulnerabilities to info@stepsecurity.io
Security: step-security/harden-runner
Security
SECURITY.md
-
Bypassing Logging of Outbound Connections Using sendto, sendmsg, and sendmmsg in Harden-Runner (Community Tier)GHSA-cpmj-h4f6-r6pq published
Feb 7, 2026 by varunsh-coderModerate -
Evasion of 'disable-sudo' policyGHSA-mxr3-8whj-j74r published
Apr 21, 2025 by varunsh-coderModerate -
Command injection weaknesses in `setup.ts` and `arc-runner.ts`GHSA-g85v-wf27-67xc published
Nov 18, 2024 by varunsh-coderLow
Learn more about advisories related to step-security/harden-runner in the GitHub Advisory Database