I wrote a small tool to help organizations analyze blast radius and figure out what repositories are potentially impacted.
https://www.npmjs.com/package/travis-org-vuln-scanner
You can run it as simple as ‘npx travis-org-vuln-scanner’
Since it’s hard to understand from the announcement what is the exact vulnerable window, it’s not filtering anything by dates. The script will output repos that had Travis builds + env variables + forks, then prints repo names + contact information of the top 3 contributors for each potentially impacted repository.