Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.7
GitHub Action for Black code formatter allows code execution
GHSA-v53h-f6m7-xcgm
Summary
A vulnerability in Black's GitHub Action could let attackers run malicious code in the context of the action, potentially accessing sensitive information. To stay safe, avoid using the `use_pyproject: true` option in the psf/black GitHub Action. Update to version 26.3.0 or later if you're using this feature.
What to do
- Update psf psf/black to version 26.3.0.
- Update psf black to version 26.3.0.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| psf | psf/black | <= 26.3.0 | 26.3.0 |
| psf | black | <= 26.3.0 | 26.3.0 |
Original title
Black's vulnerable version parsing leads to RCE in GitHub Action
Original description
### Impact
Black provides a [GitHub action](https://black.readthedocs.io/en/stable/integrations/github_actions.html) for formatting code. This action supports an option, `use_pyproject: true`, for reading the version of Black to use from the repository `pyproject.toml`. A malicious pull request could edit pyproject.toml to use a direct URL reference to a malicious repository. This could lead to arbitrary code execution in the context of the GitHub Action. Attackers could then gain access to secrets or permissions available in the context of the action.
### Patches
Version 26.3.0 fixes this vulnerability by tightening the validation of the `version` field. Users who use the GitHub Action as `psf/black@stable` will automatically pick up this update.
### Workarounds
Do not use the `use_pyproject: true` option in the psf/black GitHub Action.
Black provides a [GitHub action](https://black.readthedocs.io/en/stable/integrations/github_actions.html) for formatting code. This action supports an option, `use_pyproject: true`, for reading the version of Black to use from the repository `pyproject.toml`. A malicious pull request could edit pyproject.toml to use a direct URL reference to a malicious repository. This could lead to arbitrary code execution in the context of the GitHub Action. Attackers could then gain access to secrets or permissions available in the context of the action.
### Patches
Version 26.3.0 fixes this vulnerability by tightening the validation of the `version` field. Users who use the GitHub Action as `psf/black@stable` will automatically pick up this update.
### Workarounds
Do not use the `use_pyproject: true` option in the psf/black GitHub Action.
osv CVSS4.0
9.4
Vulnerability type
CWE-20
Improper Input Validation
Published: 7 Mar 2026 · Updated: 13 Mar 2026 · First seen: 7 Mar 2026