EUVD-2024-3287

Malicious code in bioql PyPI...

EUVD-2025-4090

Malicious code in bioql PyPI...

Prevent GitHub CLI and extensions from executing arbitrary commands from compromised GitHub Enterprise Server

...

GO-2025-3732 GitHub CLI and extensions can execute arbitrary commands on compromised GitHub Enterprise Server in github.com/cli/go-gh

GitHub CLI and extensions can execute arbitrary commands on compromised GitHub Enterprise Server in github.com/cli/go-gh...

Arbitrary Command Execution

github.com/cli/go-gh is vulnerable to Arbitrary command execution. The vulnerability is due to unsafe handling of GitHub-provided URLs, allowing an attacker-controlled GitHub Enterprise Server to replace HTTP URLs with local file paths that could be executed on the user's machine...

CVE-2025-48938 Prevent GitHub CLI and extensions from executing arbitrary commands from compromised GitHub Enterprise Server

go-gh is a collection of Go modules to make authoring GitHub CLI extensions easier. A security vulnerability has been identified in versions prior to 2.12.1 where an attacker-controlled GitHub Enterprise Server could result in executing arbitrary commands on a user's machine by replacing HTTP URL...

CVE-2025-48938 Prevent GitHub CLI and extensions from executing arbitrary commands from compromised GitHub Enterprise Server

go-gh is a collection of Go modules to make authoring GitHub CLI extensions easier. A security vulnerability has been identified in versions prior to 2.12.1 where an attacker-controlled GitHub Enterprise Server could result in executing arbitrary commands on a user's machine by replacing HTTP URL...

CVE-2025-48938

go-gh is a collection of Go modules to make authoring GitHub CLI extensions easier. A security vulnerability has been identified in versions prior to 2.12.1 where an attacker-controlled GitHub Enterprise Server could result in executing arbitrary commands on a user's machine by replacing HTTP URL...

CVE-2025-48938 Prevent GitHub CLI and extensions from executing arbitrary commands from compromised GitHub Enterprise Server

go-gh is a collection of Go modules to make authoring GitHub CLI extensions easier. A security vulnerability has been identified in versions prior to 2.12.1 where an attacker-controlled GitHub Enterprise Server could result in executing arbitrary commands on a user's machine by replacing HTTP URL...

GHSA-G9F5-X53J-H563 Prevent GitHub CLI and extensions from executing arbitrary commands from compromised GitHub Enterprise Server

Summary A security vulnerability has been identified in go-gh where an attacker-controlled GitHub Enterprise Server could result in executing arbitrary commands on a user's machine by replacing HTTP URLs provided by GitHub with local file paths for browsing. Details The GitHub CLI and CLI...

Prevent GitHub CLI and extensions from executing arbitrary commands from compromised GitHub Enterprise Server

Summary A security vulnerability has been identified in go-gh where an attacker-controlled GitHub Enterprise Server could result in executing arbitrary commands on a user's machine by replacing HTTP URLs provided by GitHub with local file paths for browsing. Details The GitHub CLI and CLI...

go-gh 安全漏洞

go-gh is a collection of Go modules open sourced from the GitHub CLI. It is used to interact with gh and GitHub APIs from the command line. A security vulnerability exists in go-gh versions prior to 2.12.1, which stems from an attacker-controlled GitHub Enterprise Server could lead to the executi...

OPENSUSE-SU-2025:15158-1 gh-2.73.0-1.1 on GA media

These are all security issues fixed in the gh-2.73.0-1.1 package on the GA media of openSUSE Tumbleweed...

Ubuntu: Security Advisory (USN-7362-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Linux Distros Unpatched Vulnerability : CVE-2024-52308

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The GitHub CLI version 2.6.1 and earlier are vulnerable to remote code execution through a malicious codespace SSH server when using gh codespace ssh or gh...

Linux Distros Unpatched Vulnerability : CVE-2024-54132

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The GitHub CLI is GitHub's official command line tool. A security vulnerability has been identified in GitHub CLI that could create or overwrite files in...

Linux Distros Unpatched Vulnerability : CVE-2024-53858

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The gh cli is GitHub's official command line tool. A security vulnerability has been identified in the GitHub CLI that could leak authentication tokens when...

GO-2025-3467 `gh attestation verify` returns incorrect exit code during verification if no attestations are present in github.com/cli/cli

gh attestation verify returns incorrect exit code during verification if no attestations are present in github.com/cli/cli...

CVE-2025-25204

gh is GitHub’s official command line tool. Starting in version 2.49.0 and prior to version 2.67.0, under certain conditions, a bug in GitHub's Artifact Attestation cli tool gh attestation verify causes it to return a zero exit status when no attestations are present. This behavior is incorrect:...

CVE-2025-25204

The CVE-2025-25204 issue affects GitHub CLI (gh) where, in versions 2.49.0 through 2.66.x, a bug in the Artifact Attestation tool gh attestation verify causes a zero exit status when no attestations are present. This incorrect exit code can enable attackers to deploy malicious artifacts in enviro...