383 matches found
MAL-2025-2607 Malicious code in gh-find-current-pr (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0aba54c4eb36c259689cdca7db5a45c0b6cd53c7a27670e8a557c3b802afd97f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in gh-find-current-pr (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0aba54c4eb36c259689cdca7db5a45c0b6cd53c7a27670e8a557c3b802afd97f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Ubuntu: Security Advisory (USN-7362-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-7362-1 golang-github-cli-go-gh-v2 vulnerability
It was discovered that go-gh incorrectly handled authentication tokens. An attacker could possibly use this issue to leak authentication tokens to the wrong host. CVE-2024-53859...
Ubuntu 24.04 LTS / 24.10 : go-gh vulnerability (USN-7362-1)
The remote Ubuntu 24.04 LTS / 24.10 host has a package installed that is affected by a vulnerability as referenced in the USN-7362-1 advisory. It was discovered that go-gh incorrectly handled authentication tokens. An attacker could possibly use this issue to leak authentication tokens to the wro...
CVE-2025-22869 affecting package gh for versions less than 2.62.0-7
CVE-2025-22869 affecting package gh for versions less than 2.62.0-7. A patched version of the package is available...
CVE-2025-25204 affecting package gh for versions less than 2.62.0-6
CVE-2025-25204 affecting package gh for versions less than 2.62.0-6. A patched version of the package is available...
CVE-2025-27144 affecting package gh for versions less than 2.62.0-7
CVE-2025-27144 affecting package gh for versions less than 2.62.0-7. A patched version of the package is available...
MAL-2025-2258 Malicious code in gh-node-module-generatebom (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a04173cc21773450d4bd86768588db1893acb72fbc0336681a1370f3c7e8e781 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in gh-node-module-generatebom (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a04173cc21773450d4bd86768588db1893acb72fbc0336681a1370f3c7e8e781 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Linux Distros Unpatched Vulnerability : CVE-2024-53859
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - go-gh is a Go module for interacting with the gh utility and the GitHub API from the command line. A security vulnerability has been identified in go-gh that...
AZL-57353 CVE-2025-22869 affecting package gh for versions less than 2.62.0-7
SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted...
GHSA-FGW4-V983-MGP8 vulnerabilities
Vulnerabilities for packages: gh...
`gh attestation verify` returns incorrect exit code during verification if no attestations are present
Summary A bug in GitHub's Artifact Attestation CLI tool, gh attestation verify, may return an incorrect zero exit status when no matching attestations are found for the specified --predicate-type or the default https://slsa.dev/provenance/v1 if not specified. This issue only arises if an artifact...
AZL-56885 CVE-2025-25204 affecting package gh for versions less than 2.62.0-6
gh is GitHub’s official command line tool. Starting in version 2.49.0 and prior to version 2.67.0, under certain conditions, a bug in GitHub's Artifact Attestation cli tool gh attestation verify causes it to return a zero exit status when no attestations are present. This behavior is incorrect:...
CVE-2025-25204 vulnerabilities
Vulnerabilities for packages: gh...
CVE-2025-25204 vulnerabilities
Vulnerabilities for packages: gh...
go-gh `auth.TokenForHost` violates GitHub host security boundary within a codespace
...
CVE-2024-53858 affecting package gh for versions less than 2.62.0-5
CVE-2024-53858 affecting package gh for versions less than 2.62.0-5. A patched version of the package is available...
Security update for gh (important)
openSUSE Security Update: Security update for gh Announcement ID: openSUSE-SU-2025:0021-1 Rating: important References: 1233387 Cross-References: CVE-2024-52308 Affected Products: openSUSE Backports SLE-15-SP6 An update that fixes one vulnerability is now available. Description: This update for g...