Overview · feast-dev/feast · GitHub

Security

No security policy detected

This project has not set up a SECURITY.md file yet.

Report a vulnerability

`pull_request_target` integration tests run untrusted fork code with production cloud secrets; the `ok-to-test` label guard is bypassable via label persistence on `synchronize`
GHSA-2j2x-r73g-hrr5 published Jun 23, 2026 by franciscojavierarceo

High

Learn more about advisories related to feast-dev/feast in the GitHub Advisory Database