advertisement
Kaspersky Detects 250,000 GitHub Workflow Security Issues
Kaspersky’s Global Research and Analysis Team (GReAT) has identified widespread security misconfigurations in GitHub Actions workflows after analysing more than 130,000 continuous integration and continuous delivery (CI/CD) pipelines across 30,000 of GitHub’s most-starred open-source repositories.
The assessment, conducted using new scanning capabilities introduced in Kaspersky Container Security, uncovered more than 250,000 potential configuration issues. According to the company, only 10 percent of the repositories analysed did not trigger any security alerts.
The findings come as software supply chain security remains under increasing scrutiny following a series of high-profile attacks targeting open-source software. Kaspersky pointed to the Mini Shai-Hulud campaign carried out by TeamPCP in May 2026, which exploited weaknesses in GitHub Actions build pipelines to compromise more than 170 npm and PyPI packages used by projects including TanStack, Mistral AI and OpenSearch.
advertisement
GitHub Actions is widely used by software developers to automate the building, testing and deployment of applications. However, misconfigured workflows can create opportunities for attackers to inject malicious code into software releases, compromise development pipelines or gain access to sensitive infrastructure credentials.
Among the issues identified by Kaspersky, 59.8 percent were classified as low risk, while 39.8 percent were rated as medium risk. A further 0.4 percent were considered high risk under the company’s risk classification framework.
The most common security issues involved overly broad access permissions, missing version pinning for dependencies and insecure workflow-level configuration settings. Less common but more severe issues included the exposure of sensitive secrets, unsafe workflow execution conditions and insecure handling of external data.
advertisement
Of the repositories analysed, approximately 200 were identified as high risk. Within that group, Kaspersky said it discovered eight repositories containing critical configuration flaws that could potentially enable software supply chain attacks.
The affected repositories covered a range of applications, including enterprise AI integrations, developer automation services and security testing tools. Kaspersky said it had notified the maintainers of the affected projects about the identified issues.
“Over the past year, we have observed serious supply-chain attacks, that could have been prevented by following secure CI/CD configuration guidelines,” said Leonid Bezvershenko, senior security researcher at Kaspersky GReAT.
advertisement
“While the uncovered issues do not automatically indicate exploitable vulnerabilities, they point to areas where developers should verify and strengthen configurations. By identifying these weaknesses early, organisations can build more resilient pipelines and reduce the likelihood of supply-chain compromise. The rules developed for our container security solution provide a practical framework to identify and remediate these gaps before they can be exploited.”
Kaspersky said organisations using its Container Security platform can scan GitHub repositories for workflow misconfigurations either as part of their CI/CD pipelines or through standalone deployments, helping development teams identify and remediate security weaknesses before they can be exploited.