EUVD-2026-30549

GitHub CLI: GitHub Actions log output in gh run view allows terminal escape sequence injection...

Arbitrary Command Execution

github.com/cli/go-gh is vulnerable to Arbitrary command execution. The vulnerability is due to unsafe handling of GitHub-provided URLs, allowing an attacker-controlled GitHub Enterprise Server to replace HTTP URLs with local file paths that could be executed on the user's machine...

CVE-2025-48938 Prevent GitHub CLI and extensions from executing arbitrary commands from compromised GitHub Enterprise Server

go-gh is a collection of Go modules to make authoring GitHub CLI extensions easier. A security vulnerability has been identified in versions prior to 2.12.1 where an attacker-controlled GitHub Enterprise Server could result in executing arbitrary commands on a user's machine by replacing HTTP URL...

Authentication Token Leakage

github.com/cli/cli is vulnerable to authentication token leakage. The vulnerability is due to improper handling of the credential.helper configuration when cloning repositories with git submodules hosted outside of GitHub.com and ghe.com, causing authentication tokens to be exposed...

CBL Mariner 2.0 Security Update: gh (CVE-2024-54132)

The version of gh installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-54132 advisory. - The GitHub CLI is GitHub's official command line tool. A security vulnerability has been identified in GitHub CL...

DEBIAN-CVE-2024-54132

The GitHub CLI is GitHub’s official command line tool. A security vulnerability has been identified in GitHub CLI that could create or overwrite files in unintended directories when users download a malicious GitHub Actions workflow artifact through gh run download. This vulnerability stems from ...

GitHub CLI 路径遍历漏洞

GitHub CLI is the GitHub CLI open source for GitHub on the command line. A path traversal vulnerability exists in GitHub CLI version 2.63.0 and earlier, which stems from the possibility that files may be created or overwritten in unintended directories when a user downloads a malicious GitHub...

PT-2024-35955

Name of the Vulnerable Software and Affected Versions: GitHub CLI versions prior to 2.63.0 Description: A security issue has been identified in the GitHub CLI that could leak authentication tokens when cloning repositories containing git submodules hosted outside of GitHub.com and ghe.com. This...

Ubuntu 24.04 LTS / 24.10 : GitHub CLI vulnerability (USN-7130-1)

The remote Ubuntu 24.04 LTS / 24.10 host has a package installed that is affected by a vulnerability as referenced in the USN-7130-1 advisory. It was discovered that GitHub CLI incorrectly handled username validation. An attacker could possibly use this issue to perform remote code execution if t...