Find and Fix CVE-2025-30066, Compromised GitHub Actions Leading to Credential Leaks

On March 14, 2025 Step Security disclosed that multiple GitHub Actions (including tj-actions/changed-files, tj-actions/eslint-changed-files and several reviewdog Actions) were compromised and contain code that exposes secrets and sensitive information in GitHub Actions run logs (tracked as CVE-2025-30066). The report urges organizations to audit workflow YAML files, replace affected actions (Step Security provides a drop-in replacement for tj-actions/changed-files), restrict repository access while remediating, scan run logs for leaked secrets using provided detection tools, and rotate any exposed credentials.