CVE-2025-54430: dedupe is a python library that uses machine learning to perform fuzzy matching, deduplication and entity resolution qui

The dedupe Python library (which uses machine learning for fuzzy matching, deduplication, and entity resolution on structured data) had a critical vulnerability in its GitHub Actions workflow that allowed attackers to trigger code execution by commenting @benchmark on pull requests, potentially exposing the GITHUB_TOKEN (a credential that grants access to modify repository contents) and leading to repository takeover.