{
  "title": "Claude Code GitHub Action Secret Exposure",
  "summary": "Microsoft reported that the Claude Code GitHub Action could expose workflow secrets through a Read-tool path that reached /proc/self/environ; Anthropic shipped v2.1.128 as the fixed release.",
  "date": "2026-06-05",
  "severity": "critical",
  "tags": [
    "github-actions",
    "ci-cd",
    "ai-assistants",
    "credential-theft",
    "workflow-secrets"
  ],
  "sources_count": 2,
  "indicators": {
    "slug": "claude-code-github-action-secret-exposure",
    "since": "2026-05-04T23:01:47Z",
    "until": "2026-06-05T23:59:59Z",
    "ecosystem": "",
    "cves": [],
    "cwes": [],
    "advisoryIds": [],
    "products": [],
    "packages": [],
    "versions": [],
    "affectedVersions": [],
    "fixedVersions": [],
    "files": [],
    "paths": [],
    "services": [],
    "domains": [],
    "urls": [],
    "ips": [],
    "hashes": [],
    "processPatterns": [],
    "networkPatterns": [],
    "telemetrySelectors": []
  }
}