Lucene search
+L

36 matches found

nessus
nessus
added 6 days ago9 views

Linux Distros Unpatched Vulnerability : CVE-2026-59831

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitHub CLI gh is GitHub's official command line tool. From 2.10.0 through 2.95.0, connecting to a malicious Codespace with gh codespace jupyter can allow comman...

4.4CVSS6.2AI score0.00198EPSS
Exploits0References3
nvd
nvd
added last week5 views

CVE-2026-59831

GitHub CLI gh is GitHub’s official command line tool. From 2.10.0 through 2.95.0, connecting to a malicious Codespace with gh codespace jupyter can allow command execution because the command opens a JupyterLab URL supplied by a process inside the Codespace without validating that it is a loopbac...

4.4CVSS0.00198EPSS
Exploits0References3
osv
osv
added last week4 views

UBUNTU-CVE-2026-59831

GitHub CLI gh is GitHub’s official command line tool. From 2.10.0 through 2.95.0, connecting to a malicious Codespace with gh codespace jupyter can allow command execution because the command opens a JupyterLab URL supplied by a process inside the Codespace without validating that it is a loopbac...

4.4CVSS6.2AI score0.00198EPSS
Exploits0References5
osv
osv
added last week4 views

CVE-2026-59831 GitHub CLI `gh codespace jupyter` could allow remote code execution when connecting to a malicious Codespace

GitHub CLI gh is GitHub’s official command line tool. From 2.10.0 through 2.95.0, connecting to a malicious Codespace with gh codespace jupyter can allow command execution because the command opens a JupyterLab URL supplied by a process inside the Codespace without validating that it is a loopbac...

4.4CVSS6.2AI score0.00198EPSS
Exploits0References5
attackerkb
attackerkb
added last week7 views

CVE-2026-59831

GitHub CLI gh is GitHub’s official command line tool. From 2.10.0 through 2.95.0, connecting to a malicious Codespace with gh codespace jupyter can allow command execution because the command opens a JupyterLab URL supplied by a process inside the Codespace without validating that it is a loopbac...

4.4CVSS6.1AI score0.00198EPSS
Exploits0References4Affected Software1
cve
cve
added last week12 views

CVE-2026-59831

Summary: CVE-2026-59831 affects GitHub CLI (gh) prior to 2.96.0. When using the command gh codespace jupyter, a malicious Codespace could supply a JupyterLab URL to the process inside the Codespace without validating that it is a loopback address, enabling a crafted vscode:// or vscode-insiders:/...

4.4CVSS6.1AI score0.00198EPSS
Exploits0References3
cvelist
cvelist
added last week38 views

CVE-2026-59831 GitHub CLI `gh codespace jupyter` could allow remote code execution when connecting to a malicious Codespace

GitHub CLI gh is GitHub’s official command line tool. From 2.10.0 through 2.95.0, connecting to a malicious Codespace with gh codespace jupyter can allow command execution because the command opens a JupyterLab URL supplied by a process inside the Codespace without validating that it is a loopbac...

4.4CVSS0.00198EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/07/09 12:0 a.m.11 views

PT-2026-57006

Name of the Vulnerable Software and Affected Versions GitHub CLI gh versions 2.10.0 through 2.95.0 Description Connecting to a malicious Codespace using the gh codespace jupyter command can lead to command execution. This occurs because the tool opens a JupyterLab URL provided by a process within...

4.4CVSS6.1AI score0.00198EPSS
Exploits0References6
snyk
snyk
added 2026/05/29 5:16 p.m.8 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via host resolution in the CLI authentication layer. An attacker can obtain authentication tokens intended for GitHub or GitHub Enterprise by causing authenticated requests to be sent to external hosts, as the ho...

9.1CVSS5.4AI score0.00289EPSS
Exploits0References2
snyk
snyk
added 2026/05/29 5:16 p.m.7 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via host resolution in the CLI authentication layer. An attacker can obtain authentication tokens intended for GitHub or GitHub Enterprise by causing authenticated requests to be sent to external hosts, as the ho...

9.1CVSS5.4AI score0.00289EPSS
Exploits0References2
nessus
nessus
added 2026/01/22 12:0 a.m.6 views

Azure Linux 3.0 Security Update: gh (CVE-2024-52308)

The version of gh installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-52308 advisory. - The GitHub CLI version 2.6.1 and earlier are vulnerable to remote code execution through a malicious codespace S...

9.6CVSS7.1AI score0.00861EPSS
Exploits0References2
redhatcve
redhatcve
added 2025/10/16 4:1 p.m.6 views

CVE-2025-62379

Reflex is a library to build full-stack web apps in pure Python. In versions 0.5.4 through 0.8.14, the /auth-codespace endpoint automatically assigns the redirectto query parameter value directly to client-side links without any validation and triggers automatic clicks when the page loads in a...

3.1CVSS7.2AI score0.00236EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/10/15 3:57 p.m.2 views

CVE-2025-62379 Open Redirect in reflex-dev/reflex

Reflex is a library to build full-stack web apps in pure Python. In versions 0.5.4 through 0.8.14, the /auth-codespace endpoint automatically assigns the redirectto query parameter value directly to client-side links without any validation and triggers automatic clicks when the page loads in a...

3.1CVSS6.9AI score0.00236EPSS
Exploits0References2
cvelist
cvelist
added 2025/10/15 3:57 p.m.13 views

CVE-2025-62379 Open Redirect in reflex-dev/reflex

Reflex is a library to build full-stack web apps in pure Python. In versions 0.5.4 through 0.8.14, the /auth-codespace endpoint automatically assigns the redirectto query parameter value directly to client-side links without any validation and triggers automatic clicks when the page loads in a...

3.1CVSS0.00236EPSS
Exploits0References2
cve
cve
added 2025/10/15 3:57 p.m.19 views

CVE-2025-62379

Reflex (Python web app framework) versions 0.5.4–0.8.14 contain an Open Redirect in the /auth-codespace route: the redirect_to query parameter is assigned directly to client-side links without validation, triggering automatic navigation, which can redirect users to arbitrary external URLs. The vu...

3.1CVSS6.9AI score0.00236EPSS
Exploits0References2
osv
osv
added 2025/10/15 3:57 p.m.7 views

CVE-2025-62379 Open Redirect in reflex-dev/reflex

Reflex is a library to build full-stack web apps in pure Python. In versions 0.5.4 through 0.8.14, the /auth-codespace endpoint automatically assigns the redirectto query parameter value directly to client-side links without any validation and triggers automatic clicks when the page loads in a...

3.1CVSS7.3AI score0.00236EPSS
Exploits0References4
euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-3287

Malicious code in bioql PyPI...

9.6CVSS9.2AI score0.00861EPSS
Exploits0References4
euvd
euvd
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-3396

Malicious code in bioql PyPI...

7.5CVSS6.4AI score0.00534EPSS
Exploits0References9
mscve
mscve
added 2025/01/30 8:0 a.m.6 views

go-gh `auth.TokenForHost` violates GitHub host security boundary within a codespace

...

7.5CVSS6.3AI score0.00534EPSS
Exploits0
veracode
veracode
added 2024/12/23 3:8 p.m.11 views

Authentication Token Leakage

github.com/cli/go-gh is vulnerable to authentication token leakage. The vulnerability is due to improper handling of authentication tokens, where auth.TokenForHost could source a token from the GITHUBTOKEN environment variable for non-GitHub hosts within a codespace...

7.5CVSS6.8AI score0.00534EPSS
Exploits0References8Affected Software1
Rows per page
Query Builder