CVE-2026-45803

gh is GitHub’s official command line tool. From 1.6.0 to before 2.92.0, a security vulnerability has been identified in GitHub CLI that could allow terminal escape sequence injection when users view GitHub Actions workflow logs using gh run view --log or gh run view --log-failed. The vulnerabilit...

DEBIAN-CVE-2026-45803

gh is GitHub’s official command line tool. From 1.6.0 to before 2.92.0, a security vulnerability has been identified in GitHub CLI that could allow terminal escape sequence injection when users view GitHub Actions workflow logs using gh run view --log or gh run view --log-failed. The vulnerabilit...

UBUNTU-CVE-2026-45803

gh is GitHub’s official command line tool. From 1.6.0 to before 2.92.0, a security vulnerability has been identified in GitHub CLI that could allow terminal escape sequence injection when users view GitHub Actions workflow logs using gh run view --log or gh run view --log-failed. The vulnerabilit...

CVE-2026-45803 gh: GitHub Actions log output in `gh run view` allows terminal escape sequence injection

gh is GitHub’s official command line tool. From 1.6.0 to before 2.92.0, a security vulnerability has been identified in GitHub CLI that could allow terminal escape sequence injection when users view GitHub Actions workflow logs using gh run view --log or gh run view --log-failed. The vulnerabilit...

CVE-2026-45803

GitHub CLI (gh) vulnerability: from v1.6.0 to before v2.92.0, terminal escape sequences could be injected via workflow logs when using gh run view --log or --log-failed, due to unsanitized raw log output. An attacker controlling Actions logs (e.g., PR-triggered workflows) could cause terminal man...

PT-2026-41313

Name of the Vulnerable Software and Affected Versions gh versions 1.6.0 through 2.91.x Description GitHub CLI allows terminal escape sequence injection when users view GitHub Actions workflow logs. The issue occurs because the 'gh run view --log' and 'gh run view --log-failed' commands stream...

CVE-2026-45803

creationtimestamp| type| source ---|---|--- 2026-05-13 15:20:46+00:00| published-proof-of-concept| https://github.com/cli/cli/security/advisories/GHSA-crc3-h8v6-qh57...

GHSA-PMWQ-PJRM-6P5R vulnerabilities

Vulnerabilities for packages: trivy, spire-server-fips, falcoctl, crossplane-fips, image-factory-fips, skaffold-fips, ratify, trivy-fips, ko-fips, chainloop-cli-fips, docker-compose-fips, kyverno-policy-reporter-plugins-kyverno-fips, kyverno-fips, ko, policy-controller-fips, rekor-fips, tkn,...

CVE-2026-24117 affecting package gh for versions less than 2.62.0-13

CVE-2026-24117 affecting package gh for versions less than 2.62.0-13. A patched version of the package is available...

CVE-2025-47911 affecting package gh for versions less than 2.13.0-26

CVE-2025-47911 affecting package gh for versions less than 2.13.0-26. A patched version of the package is available...

Ubuntu: Security Advisory (USN-8012-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 24.04 LTS : GitHub CLI vulnerabilities (USN-8012-1)

The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8012-1 advisory. It was discovered that GitHub CLI could behave unexpectedly if users downloaded a malicious GitHub Actions workflow artifact through gh run download. An...

USN-8012-1: GitHub CLI vulnerabilities

It was discovered that GitHub CLI could behave unexpectedly if users downloaded a malicious GitHub Actions workflow artifact through gh run download. An attacker could possibly use this issue to create or overwrite files in unintended directories. CVE-2024-54132 It was discovered that GitHub CLI...

USN-8012-1 gh vulnerabilities

It was discovered that GitHub CLI could behave unexpectedly if users downloaded a malicious GitHub Actions workflow artifact through gh run download. An attacker could possibly use this issue to create or overwrite files in unintended directories. CVE-2024-54132 It was discovered that GitHub CLI...

CVE-2026-24117 vulnerabilities

Vulnerabilities for packages: kyverno, spire-server, kyverno-notation-aws, zarf, trivy-operator, trivy, witness, zot, skaffold, kubescape, tflint, gitsign, aactl, slsa-verifier, buildkitd, crossplane, ratify, falcoctl, neuvector-sigstore-interface, tkn, goreleaser, policy-controller, ko, cosign,...

Azure Linux 3.0 Security Update: gh (CVE-2025-48938)

The version of gh installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-48938 advisory. - go-gh is a collection of Go modules to make authoring GitHub CLI extensions easier. A security vulnerability has...

AZL-69200 CVE-2025-58183 affecting package gh for versions less than 2.62.0-10

tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a...

EUVD-2024-3409

Malicious code in bioql PyPI...

EUVD-2024-3397

Malicious code in bioql PyPI...

EUVD-2025-16493

Malicious code in bioql PyPI...