Ref# ADV2025_96 | Date: Apr 1st 2025

---

GitHub has published a security advisory highlighting vulnerabilities in the following product on March 15th, 2025. It is recommended that you take the necessary precautions by ensuring your products are always updated. 

• tj-actions/changed-files GitHub Actions – versions 45.07 and prior 

For more information on this update, you can follow this URL: 

GHSA-mrrh-fwg8-r2c3

The Guyana National CIRT recommends that users and administrators review these updates and apply them where necessary.

PDF Download: GitHub Security Advisory

References

• GitHub Advisories Database. (March 15th, 2025). Retrieved from GitHub Docs. https://github.com/advisories/GHSA-mrrh-fwg8-r2c3
• GitHub Security Advisory. (March 19th, 2025). Retrieved from Canadian Centre for Cyber Security. https://www.cyber.gc.ca/en/alerts-advisories/github-security-advisory-av25-148