Categories Alternatives Stacks Self-Hosted Explore

© 2026 Open-Awesome. Curated for the developer elite.

Terms Privacy About GitHub RSS

ActionsTOCTOU (Time Of Check to Time Of Use) — GitHub Actions TOCTOU Exploit | Open Awesome

Home
CI/CD Attacks
ActionsTOCTOU (Time Of Check to Time Of Use)

ActionsTOCTOU (Time Of Check to Time Of Use)

MITPython

A proof-of-concept tool demonstrating and exploiting TOCTOU vulnerabilities in GitHub Actions approval workflows.

42 stars7 forks0 contributors

Overview

Example repository for GitHub Actions Time of Check to Time of Use (TOCTOU vulnerabilities)

Quick Stats

Stars42

Forks7

Contributors0

Open Issues0

Last commit

Related Projects

Community-curated · Updated weekly · 100% open source

Found a gem we're missing?

Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.

Submit a project Star on GitHub

4 months ago

CreatedSince 2024

Tags

#actions #cicd #vulnerability-research #devsecops #python #security-tool #bugbounty #proof-of-concept #ci-cd-security #github-actions

Built With

Included in

CI/CD Attacks578

Auto-fetched 3 hours ago

Erosion of Trust: Unmasking Supply Chain Vulnerabilities in the Terraform Registry

Terraform modules are not protected by the Dependency Lock File, consequently, a seemingly harmless module could potentially introduce malicious code

Can you trust ChatGPT's package recommendations?

Exploit generative AI platforms' tendency to generate non-existent coding libraries to execute Dependecy Confusion

Introducing MavenGate: a supply chain attack method for Java and Android applications

Many public and popular libraries that have long been abandoned are still being used in huge projects. Access to projects can be hijacked through domain name purchases

WordPress Plugin Confusion: How an update can get you pwned

Unclaimed WordPress plugins are vulnerable to takeover via the plugin directory