From 55f83b8967bddba6ff5d4def43aa9c12db17cc3e Mon Sep 17 00:00:00 2001
From: Kawsar Ahmed Bhuiyan <kawsarahmed21@iut-dhaka.edu>
Date: Thu, 27 Nov 2025 16:11:52 -0500
Subject: [PATCH] Add GHSA-pwf7-47c3-mfhx to OSV advisories database

Add j178/prek-action arbitrary code injection vulnerability to the
vulnerability database.

- Package: j178/prek-action
- Severity: 9.9 Critical (CWE-94)
- Vulnerable versions: <=1.0.5
- Fixed in: 1.0.6
- Published: 2025-09-29

Reference: https://github.com/advisories/GHSA-pwf7-47c3-mfhx
---
 opa/rego/external/osv.rego | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/opa/rego/external/osv.rego b/opa/rego/external/osv.rego
index 4b4864be..375ac0f6 100644
--- a/opa/rego/external/osv.rego
+++ b/opa/rego/external/osv.rego
@@ -277,4 +277,19 @@ advisories = {
 		"vulnerable_version_ranges": [">=4,<4.1.7"],
 		"vulnerable_commit_shas": [],
 	},
+	"GHSA-pwf7-47c3-mfhx": {
+		"osv_id": "GHSA-pwf7-47c3-mfhx",
+		"package_name": "j178/prek-action",
+		"published": "2025-09-29T17:51:19Z",
+		"aliases": [],
+		"summary": "j178/prek-action vulnerable to arbitrary code injection in composite action",
+		"severity": [{
+			"type": "CVSS_V3",
+			"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
+		}],
+		"cwe_ids": ["CWE-94"],
+		"vulnerable_versions": [],
+		"vulnerable_version_ranges": [">=0,<=1.0.5"],
+		"vulnerable_commit_shas": [],
+	},
 }