According to a report from Endor Labs, the utility is used in over 23,000 GitHub repositories. The compromised action could impact thousands of CI pipelines, the report said.