{"data":{"id":"20cea1ff-6a45-4cba-8e3e-5dd6bd16ef04","title":"CVE-2025-54430: dedupe is a python library that uses machine learning to perform fuzzy matching, deduplication and entity resolution qui","summary":"The dedupe Python library (which uses machine learning for fuzzy matching, deduplication, and entity resolution on structured data) had a critical vulnerability in its GitHub Actions workflow that allowed attackers to trigger code execution by commenting @benchmark on pull requests, potentially exposing the GITHUB_TOKEN (a credential that grants access to modify repository contents) and leading to repository takeover.","solution":"This is fixed by commit 3f61e79.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-54430","publishedAt":"2025-07-30T14:15:29.257Z","cveId":"CVE-2025-54430","cweIds":["CWE-78"],"cvssScore":"9.1","cvssSeverity":"critical","severity":"critical","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["dedupe"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00045,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-88"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}