Jaisurya-Me

**Name of the Vulnerable Software and Affected Versions** goshs versions prior to 2.0.0-beta.6 **Description** goshs is a SimpleHTTPServer written in Go. An ArtiPACKED issue allows the leakage of the `GITHUB TOKEN` through workflow artifacts, even when the token is not included in the repository source code. **Recommendations** Update to version 2.0.0-beta.6.

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 4.5.140 Description GitHub Actions workflows are susceptible to an ArtiPACKED attack, which is a credential leakage vector. This occurs when `actions/checkout` is used without setting `persist-credentials: false`. By default, this action writes the `GITHUB TOKEN` and sometimes the `ACTIONS RUNTIME TOKEN` into the `.git/config` file. If subsequent workflow steps upload artifacts, these tokens may be included. Since the repository is public, unauthorized users can download these artifacts to extract the tokens, potentially allowing them to push malicious code, poison releases and PyPI/Docker packages, steal repository secrets, and execute a full supply chain compromise. The issue affects multiple files within `.github/workflows/` and `.github/actions/`. Recommendations Update to version 4.5.140. Set `persist-credentials: false` within the `actions/checkout` action to prevent token leakage.