EUVD-2026-38790

Improper Neutralization used in an OS Command in the container launcher in Google Gemini CLI versions prior to 0.39.1 and run-gemini-cli GitHub Action versions prior to 0.1.22 on headless CI platforms allows an unprivileged attacker to achieve pre-sandbox host-level code execution a maliciously...

PT-2026-51788

Name of the Vulnerable Software and Affected Versions Google Gemini CLI versions prior to 0.39.1 run-gemini-cli GitHub Action versions prior to 0.1.22 Description An OS command injection flaw exists in the container launcher used on headless CI platforms. The issue stems from unsafe parsing and...

CVE-2025-63737

Cross-site scripting XSS vulnerability in function urltestAction in file cliAction.php in Xinhu Rainrock RockOA 2.7.0 allows remote attackers to inject arbitrary web script or HTML via the m parameter to the task.php endpoint...

Malicious code in shopify-cli-action (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1ac026a9813f5990782498aebf88f964c1acd7c6eaecf867c37ee7e04e77fa5b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-6096 Malicious code in shopify-cli-action (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1ac026a9813f5990782498aebf88f964c1acd7c6eaecf867c37ee7e04e77fa5b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...