Back to article
The GitHub Blog

Safer pull_request_target defaults for GitHub Actions checkout (opens in new tab)

Covers 2 stories See all stories this covers including Keeping your GitHub Actions and workflows secure: Preventing pwn requests (2021)Covered by 6 sources See all sources covering this story including javascriptweekly.com, Andrew Nesbitt

Covers 2 related stories

securitylab.github.com·

Keeping your GitHub Actions and workflows secure: Preventing pwn requests (2021)

Discussed on Hacker News
Feeds
GitHub·

GitHub's checkout action is halting contributions

Discussed on Hacker News
Feeds

Covered in 6 articles

javascriptweekly.com·

Babel 8.0, Vite 8.1, and TypeScript 7.0 RC

Feeds
Andrew Nesbitt·

This Week in Package Management: 20 June 2026

Feeds
InfoWorld·

GitHub Actions hardens checkout security to block ‘pwn request’ attacks

Feeds
The Hacker News·

GitHub Updates actions/checkout to Block Common Pwn Request Attack Patterns

Feeds
Socket·

GitHub Actions Checkout Now Blocks Risky pull_request_target Checkouts

Feeds
CSO Online·

GitHub Actions hardens checkout security to block ‘pwn request’ attacks

Feeds

Keyboard Shortcuts

Navigation

Next / previous post
j/k
Open post
oorEnter
Preview post
v

Post Actions

Love post
a
Like post
l
Dislike post
d
Undo reaction
u
Save / unsave
s

Recommendations

Add interest / feed
Enter
Not interested
x

Go to

Home
gh
Interests
gi
Feeds
gf
Likes
gl
History
gy
Changelog
gc
Settings
gs
Discover
gb
Search
/

General

Show this help
?
Submit feedback
!
Close modal / unfocus
Esc

Press ? anytime to show this help