Post
CRITICAL ⚡ MUST-KNOW

Claude Code GitHub Action Flaw Enabled Single-Issue Repository Takeover

· supply-chain · github · anthropic · appsec

Researcher RyotaK (GMO) disclosed a flaw in Anthropic’s Claude Code GitHub Action that allowed an attacker to take over any public repository running it by opening a single malicious GitHub issue. Because Anthropic’s own action repository used the same vulnerable workflow, a working exploit could have injected malicious code into the action itself and propagated downstream to every project consuming it as a dependency. Anthropic has patched the vulnerability. Organizations using the Claude Code GitHub Action should verify they are pinned to a patched version and audit recent workflow runs for unexpected commits or permission changes.