Ref# ADV2025_233 | Date: Jul 29th 2025

---

GitHub has published a security advisory highlighting vulnerabilities in the following product on July 25th, 2025. It is recommended that you take the necessary precautions by ensuring your products are always updated. 

• tj-actions/branch-names – versions prior to 8.2.1 

For more information on this update, you can follow this URL: 

• Command Injection Vulnerability – GHSA-gq52-6phf-x2r6 

The Guyana National CIRT recommends that users and administrators review this update and apply it where necessary. 

PDF Download: GitHub Security Advisory

References 

• Command Injection Vulnerability – GHSA-gq52-6phf-x2r6. (July 25th, 2025). Retrieved from GitHub. https://github.com/tj-actions/branch-names/security/advisories/GHSA-gq52-6phf-x2r6  

• GitHub Security Advisory. (July 28th, 2025). Retrieved from Canadian Centre for Cyber Security. https://www.cyber.gc.ca/en/alerts-advisories/github-security-advisory-av25-460