Over-privileged GitHub Actions workflows

8/10 High

99.8% of GitHub Actions workflows are over-privileged, meaning repositories grant excessive permissions that increase vulnerability to attacks. Secrets are scoped at repository or organization level, flowing broadly by default in reusable workflows without fine-grained controls to bind credentials to specific execution contexts.

GitHub Actions

Sources

https://deepthix.com/en/blog/github-actions-lente-agonie-des-equipes-d-ingenierie-1770544924956/
https://github.blog/news-insights/product-news/whats-coming-to-our-github-actions-2026-security-roadmap/

Collection History

Query: “What are the most common pain points with GitHub Actions in 2025?”3/27/2026

A study revealed that 99.8% of workflows are over-privileged... Secrets in GitHub Actions are currently scoped at the repository or organization level. This makes secrets difficult to use safely, particularly with reusable workflows where credentials flow broadly by default.

Created: 3/27/2026Updated: 3/27/2026