Timescale pgai GitHub Actions Workflow Secrets Exfiltration Vulnerability

A vulnerability in the Timescale pgai repository's GitHub Actions workflow allowed for the exfiltration of secrets, including the GITHUB_TOKEN with write permissions for the repository. This vulnerability existed in the workflow file '.github/workflows/huggingface-dataset.yml' and was present between March 21, 2025, and May 14, 2025. The issue has been patched by switching the event trigger from 'pull_request_target' to 'pull_request' and reducing the GITHUB_TOKEN's scope to read-only access.

Impact

Exploitation of this vulnerability could have led to unauthorized modifications of the pgai codebase, including pushing arbitrary code and releases to the repository. Such actions would pose a significant supply-chain risk, as malicious code could be introduced to users via the pgai repository or through published releases on PyPI.

Remediation

The vulnerability has been fixed by updating the workflow to use the 'pull_request' event and by explicitly reducing the GITHUB_TOKEN's permissions to read-only. The HUGGINGFACE_HUB_TIMESCALE_TOKEN was also rotated.