1. Ruff GitHub Actions Workflow Exposes Write Token to Fork Pull Requests — Code Execution Risk
A GitHub Actions workflow in the Ruff repository contains a security flaw that allows any user with fork pull request access to execute arbitrary code inside a runner holding a write-scoped `GITHUB_TOKEN`. The vulnerability, classified under CWE-77 (Improper Neutralization of Special Elements used in a Command), reside...