27 matches found
Malicious code in @ikyyofc/gemini-cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5793a1cde3de83b8c15b49a0f9981d72fbf431067a4416ce6b2bd5650ea4a4d6 @ikyyofc/[email protected] ships two heavily obfuscated modules src/gemini.js and src/utils/proxy.js wrapped in an obfuscator.io-style string-array +...
CVE-2026-44902 vulnerabilities
Vulnerabilities for packages: kibana, langfuse-fips, gemini-cli, librechat, langfuse...
GHSA-Q7RR-3CGH-J5R3 vulnerabilities
Vulnerabilities for packages: kibana, langfuse-fips, gemini-cli, librechat, langfuse...
CVE-2026-42338 vulnerabilities
Vulnerabilities for packages: lerna, kibana, code-server, opensearch-dashboards, gemini-cli, renovate, wazuh-dashboard-fips, saf, npm, tileserver-gl-fips, wazuh-dashboard, kubeflow-pipelines, opensearch-dashboards-fips, prism, langfuse-fips, actions-runner, librechat, pulumi, tileserver-gl,...
Google Fixes CVSS 10 Gemini CLI Vulnerability Enabling GitHub Issue-Based RCE
Google patches a CVSS 10 Gemini CLI vulnerability that allowed hackers to use prompt injection and privilege escalation for a full supply chain compromise...
CVE-2026-41907 vulnerabilities
Vulnerabilities for packages: kibana, code-server, opensearch-dashboards, kubeflow-centraldashboard, argo-workflows, gemini-cli, dbgate, renovate, wazuh-dashboard-fips, npm, saf, wazuh-dashboard, jitsucom-jitsu, kubeflow-pipelines, opensearch-dashboards-fips, prism, langfuse-fips, actions-runner,...
GHSA-WPQR-6V78-JR5G vulnerabilities
Vulnerabilities for packages: gemini-cli...
Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code Execution
Google has addressed a maximum severity security flaw in Gemini CLI -- the "@google/gemini-cli" npm package and the "google-github-actions/run-gemini-cli" GitHub Actions workflow -- that could have allowed attackers to execute arbitrary commands on host systems. "The vulnerability allowed an...
Gemini CLI: Remote Code Execution via workspace trust and tool allowlisting bypasses
Summary Gemini CLI @google/gemini-cli and the run-gemini-cli GitHub Action are being updated to harden workspace trust and tool allowlisting, in particular when used in untrusted environments like GitHub Actions. This update introduces a breaking change to how non-interactive headless environment...
@13w/local-rag (=2.0.0), @amodalai/cli (>=0.1.0 <=0.1.1) +29 more potentially affected by unknown CVE via @google/gemini-cli (>=0.11.3 <=0.39.0-nightly.20260411.0957f7d3e)
@google/gemini-cli NPM version =0.11.3, =0.1.0, =0.1.5, =0.1.0, =1.0.0, =0.0.17, =0.6.4, =0.0.1, =1.3.0, =1.0.0, =2.0.0 - @vibe-forge/client =1.0.0 and more Source cves: unknown CVE Source advisory: SNYK:JS-GOOGLEGEMINICLI-16301693...
Command Injection
Overview @google/gemini-cli is a Gemini CLI Affected versions of this package are vulnerable to Command Injection via the processing of untrusted workspace folders in headless mode and the handling of tool allowlisting under --yolo mode. An attacker can execute arbitrary code by submitting...
GHSA-WPQR-6V78-JR5G Gemini CLI: Remote Code Execution via workspace trust and tool allowlisting bypasses
Summary Gemini CLI @google/gemini-cli and the run-gemini-cli GitHub Action are being updated to harden workspace trust and tool allowlisting, in particular when used in untrusted environments like GitHub Actions. This update introduces a breaking change to how non-interactive headless environment...
MAL-2026-2764 Malicious code in gemini-cli-vscode-ide-companion (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6a98d87fa5f23a47c4b1ea2c0cecb3e88518985493c1b7f125299ecf8ee6dba1 The package gemini-cli-vscode-ide-companion was found to contain malicious code...
Malicious code in gemini-cli-vscode-ide-companion (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6a98d87fa5f23a47c4b1ea2c0cecb3e88518985493c1b7f125299ecf8ee6dba1 The package gemini-cli-vscode-ide-companion was found to contain malicious code...
CVE-2026-39410 vulnerabilities
Vulnerabilities for packages: kibana, langfuse-fips, opensearch-dashboards, gemini-cli, librechat, opensearch-dashboards-fips, langfuse...
CVE-2026-39406 vulnerabilities
Vulnerabilities for packages: kibana, langfuse-fips, opensearch-dashboards, gemini-cli, librechat, opensearch-dashboards-fips, langfuse...
GHSA-26PP-8WGV-HJVM vulnerabilities
Vulnerabilities for packages: kibana, langfuse-fips, opensearch-dashboards, gemini-cli, librechat, opensearch-dashboards-fips, langfuse...
GHSA-XPCF-PG52-R92G vulnerabilities
Vulnerabilities for packages: kibana, langfuse-fips, opensearch-dashboards, gemini-cli, librechat, opensearch-dashboards-fips, langfuse...
GHSA-XF4J-XP2R-RQQX vulnerabilities
Vulnerabilities for packages: kibana, langfuse-fips, opensearch-dashboards, gemini-cli, librechat, opensearch-dashboards-fips, langfuse...
GHSA-R5RP-J6WH-RVV4 vulnerabilities
Vulnerabilities for packages: kibana, langfuse-fips, opensearch-dashboards, gemini-cli, librechat, opensearch-dashboards-fips, langfuse...