A newly discovered security flaw in GitHub allows leveraging GitHub Actions to bypass the required reviews mechanism and push unreviewed code to a protected branch, potentially allowing malicious code to be used by other users or flow down the pipeline to production.
Link to the original post on Medium:
https://medium.com/cider-sec/bypassing-required-reviews-using-github-actions-6e1b29135cc7