Vulnerabilities > GIT TAG Annotation Action Project
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-26 | CVE-2020-15272 | OS Command Injection vulnerability in Git-Tag-Annotation-Action Project Git-Tag-Annotation-Action In the git-tag-annotation-action (open source GitHub Action) before version 1.0.1, an attacker can execute arbitrary (*) shell commands if they can control the value of [the `tag` input] or manage to alter the value of [the `GITHUB_REF` environment variable]. | 6.5 |