Back to Blog
high SEVERITY5 min read

How missing Dependabot cooldown happens in GitHub Actions and how to fix it

A high-severity configuration vulnerability was discovered in a `.github/dependabot.yml` file that lacked a cooldown period for package updates. Without this safeguard, Dependabot could immediately propose updates to newly published package versions—including potentially malicious or unstable releases. The fix adds a simple `cooldown` block with a 7-day waiting period before any new package version is suggested.

O
By Orbis AppSec
Published July 12, 2026Reviewed July 12, 2026

Answer Summary

Missing Dependabot cooldown (CWE-1104) is a supply chain security vulnerability in GitHub Actions where Dependabot configurations lack a waiting period before proposing newly published package updates. Attackers can publish malicious packages and have them immediately suggested to projects. The fix requires adding a `cooldown` block with `default-days: 7` to each `package-ecosystem` entry in `.github/dependabot.yml`, ensuring a 7-day buffer for the community to detect malicious packages before they're proposed.

Vulnerability at a Glance

cweCWE-1104 (Use of Unmaintained Third Party Components)
fixAdd `cooldown: default-days: 7` to each package-ecosystem entry
riskSupply chain attack via malicious newly-published packages
languageYAML (GitHub Actions Configuration)
root causeNo cooldown block in dependabot.yml package-ecosystem configuration
vulnerabilityMissing Dependabot Cooldown Period

Introduction

In this repository's .github/dependabot.yml file, a high-severity supply chain security vulnerability was discovered at line 5. The configuration defined a pip package ecosystem with monthly update scheduling but completely omitted the cooldown block—leaving the project exposed to immediate proposals for newly published package versions.

Here's the vulnerable configuration that was flagged:

updates:
  - package-ecosystem: pip
    directory: /
    schedule:
      interval: monthly

This seemingly innocent configuration creates a dangerous window where malicious actors can publish compromised packages and have them immediately suggested to your project. For developers maintaining Python projects with automated dependency updates, this oversight represents a critical gap in supply chain security.

The Vulnerability Explained

What's Actually Happening?

When Dependabot monitors your dependencies, it watches for new package versions and creates pull requests to update them. Without a cooldown period, this happens immediately—sometimes within minutes of a new version being published to PyPI or other package registries.

The problem? Newly published packages haven't been vetted by the community. In supply chain attacks, malicious actors:

  1. Compromise legitimate maintainer accounts and push malicious updates
  2. Typosquat popular packages with similar names containing malware
  3. Inject malicious code into dependencies of popular packages

A Real Attack Scenario for This Configuration

Consider this specific pip ecosystem configuration. An attacker could:

  1. Identify a dependency used by this project
  2. Compromise the package maintainer's PyPI credentials
  3. Publish version 2.0.1 with a malicious setup.py that exfiltrates environment variables during installation
  4. Within minutes, Dependabot creates a PR: "Bump dependency from 2.0.0 to 2.0.1"
  5. A developer, trusting Dependabot's automated process, merges the PR
  6. The malicious code executes during the next pip install

Without a cooldown, there's no buffer time for:
- Security researchers to discover and report the malicious package
- PyPI to remove the compromised version
- The community to raise alerts

Why This Matters for CLI Tools

The PR notes this is "a local CLI tool" where "exploitation requires the attacker to control command-line arguments or input files." However, supply chain attacks bypass this protection entirely—the malicious code executes during dependency installation, before any user interaction occurs. The attack surface isn't the CLI interface; it's the build and installation process itself.

The Fix

The fix adds a cooldown block to the pip package-ecosystem entry at the end of the configuration:

Before (Vulnerable)

version: 2
updates:
  - package-ecosystem: pip
    directory: /
    schedule:
      interval: monthly

After (Secure)

version: 2
updates:
  - package-ecosystem: pip
    directory: /
    schedule:
      interval: monthly
    cooldown:
      default-days: 7

How This Solves the Problem

The cooldown block with default-days: 7 instructs Dependabot to wait 7 days after a new package version is published before proposing an update. This 7-day buffer provides:

  1. Community vetting time: Security researchers and users can discover and report malicious packages
  2. Registry response window: PyPI can remove compromised packages
  3. Stability verification: Unstable releases often get patched within the first week
  4. Alert propagation: Security advisories have time to reach monitoring tools

The change is minimal—just 2 lines of YAML—but it fundamentally shifts the security posture from "trust immediately" to "trust after verification period."

Prevention & Best Practices

Immediate Actions

  1. Audit all dependabot.yml files in your organization for missing cooldown configurations
  2. Set cooldown periods appropriate to your risk tolerance:
    - default-days: 7 for most projects (recommended minimum)
    - default-days: 14 for high-security environments
    - default-days: 30 for critical infrastructure

Configuration Template

Use this secure template for new Dependabot configurations:

version: 2
updates:
  - package-ecosystem: pip  # or npm, maven, etc.
    directory: /
    schedule:
      interval: weekly
    cooldown:
      default-days: 7
    open-pull-requests-limit: 5

Additional Supply Chain Protections

  • Enable Dependabot security alerts for vulnerability notifications
  • Use lock files (requirements.txt with pinned versions, package-lock.json)
  • Implement dependency review in your CI/CD pipeline
  • Consider private registries for sensitive projects
  • Sign commits on dependency update PRs

Detection Tools

  • Semgrep: Use rules like package_managers.dependabot.dependabot-missing-cooldown to scan configurations
  • GitHub Advanced Security: Enables dependency review and secret scanning
  • OSSF Scorecard: Evaluates repository security practices

Key Takeaways

  • The pip ecosystem configuration at line 5 lacked any cooldown protection, making it vulnerable to immediate malicious package proposals
  • A 7-day cooldown period is the minimum recommended buffer for supply chain security in Dependabot configurations
  • Supply chain attacks bypass application-level security controls—they execute during installation, not runtime
  • Two lines of YAML (cooldown: and default-days: 7) provide significant protection against newly-published malicious packages
  • Every package-ecosystem entry needs its own cooldown block—this isn't inherited or global

How Orbis AppSec Detected This

  • Source: The .github/dependabot.yml configuration file defining automated dependency updates
  • Sink: The package-ecosystem: pip entry at line 5 that triggers immediate update proposals to PyPI packages
  • Missing control: No cooldown block to delay proposals for newly published package versions
  • CWE: CWE-1104 (Use of Unmaintained Third Party Components)
  • Fix: Added cooldown: default-days: 7 to the pip package-ecosystem entry, creating a 7-day buffer before new versions are proposed

Orbis AppSec automatically detected this vulnerability and opened a pull request with the fix. Try Orbis AppSec on your repositories to find and fix issues like this automatically.

Conclusion

Supply chain security isn't just about scanning your code—it's about controlling how external dependencies enter your project. This missing Dependabot cooldown in .github/dependabot.yml represented a high-severity gap that could have allowed malicious packages to be proposed immediately after publication.

The fix was simple: two lines of YAML adding a 7-day cooldown period. But the security improvement is substantial—providing a critical buffer for the community to identify and report compromised packages before they reach your repository.

Review your Dependabot configurations today. If you're missing cooldown periods, you're accepting unnecessary supply chain risk.

References

Frequently Asked Questions

What is a missing Dependabot cooldown vulnerability?

It's a configuration weakness where Dependabot immediately proposes updates to newly published package versions without waiting for community vetting, potentially exposing projects to malicious or unstable dependencies.

How do you prevent missing Dependabot cooldown in GitHub Actions?

Add a `cooldown` block with `default-days: 7` (or more) to each `package-ecosystem` entry in your `.github/dependabot.yml` file to delay update proposals for newly published versions.

What CWE is missing Dependabot cooldown?

CWE-1104 (Use of Unmaintained Third Party Components) is the most applicable CWE, as it relates to risks from third-party dependency management without proper vetting controls.

Is reviewing PR descriptions enough to prevent supply chain attacks?

No, manual review alone is insufficient because malicious packages can appear legitimate. A cooldown period provides time for the security community to identify and report compromised packages before they reach your project.

Can static analysis detect missing Dependabot cooldown?

Yes, tools like Semgrep can detect this misconfiguration by scanning `.github/dependabot.yml` files for missing `cooldown` blocks in package-ecosystem entries.

View the Security Fix

Check out the pull request that fixed this vulnerability

View PR #771

Related Articles

high

How Server-Sent Events Injection via Unsanitized Newlines happens in Node.js h3 and how to fix it

A high-severity Server-Sent Events (SSE) injection vulnerability (CVE-2026-33128) was discovered in the h3 HTTP framework, where unsanitized newline characters in event stream fields could allow attackers to inject arbitrary SSE messages. The fix upgrades h3 from version 1.15.5 to 1.15.6 in the frontend's dependency tree, ensuring that newline characters are properly sanitized before being written to event streams.

high

How Memory Exhaustion via Large Comma-Separated Selector Lists happens in Python Soup Sieve and how to fix it

A high-severity memory exhaustion vulnerability (CVE-2026-49476) was discovered in Soup Sieve version 2.8.3, affecting Python applications that parse CSS selectors from user-controlled input. The vulnerability allows attackers to craft malicious selector lists that consume excessive memory, potentially causing denial of service. The fix involves upgrading to soupsieve 2.8.4, which implements proper resource limits on selector parsing.

high

How prototype pollution via `__proto__` key happens in Node.js defu and how to fix it

A high-severity prototype pollution vulnerability (CVE-2026-35209) was discovered in the `defu` package version 6.1.4, which allowed attackers to inject properties into JavaScript's `Object.prototype` via the `__proto__` key in defaults arguments. The fix upgrades `defu` to version 6.1.5 in the frontend's dependency tree, protecting downstream consumers like `c12` and `dotenv` configuration loaders from malicious property injection.

critical

How buffer overflow in memcpy() happens in Node.js N-API bindings and how to fix it

A critical buffer overflow vulnerability was discovered in the GetBufferAsVector() function in examples_nodejs/src/zupt_napi.cpp, where memcpy() copied data from JavaScript Uint8Array buffers without proper bounds validation. This vulnerability could allow attackers to trigger memory corruption by providing maliciously crafted input arrays to the native Node.js module, potentially leading to crashes or arbitrary code execution.

high

How memory exhaustion via large comma-separated selector lists happens in Python soupsieve and how to fix it

A high-severity memory exhaustion vulnerability (CVE-2026-49476) was discovered in soupsieve 2.8.3, a CSS selector library used by BeautifulSoup in Python. An attacker who could influence CSS selector input could craft large comma-separated selector lists to exhaust system memory, causing denial of service. The fix upgrades soupsieve from 2.8.3 to 2.8.4 in the backend's `uv.lock` dependency file.

high

How buffer overflow from unsafe string copy functions happens in C network interface code and how to fix it

A high-severity buffer overflow vulnerability was discovered in `generic/eth-impl.c`, where unsafe `strncpy()` and `sprintf()` calls could write beyond buffer boundaries when handling network interface names and device filenames. The fix replaced these dangerous functions with bounded `snprintf()` calls that guarantee null-termination and prevent memory corruption.