CVE-2024-53859

The CVE-2024-53859 issue affects the go-gh Go module used to interact with gh and GitHub, where auth.TokenForHost could pull a token from GITHUB_TOKEN (or GH_TOKEN) for non‑GitHub hosts when running in a codespace prior to version 2.11.1. In 2.11.1, token sourcing is restricted to GitHub.com or g...

CVE-2025-48938

The CVE-2025-48938 issue affects go-gh (Go modules for GitHub CLI extensions). In affected versions before 2.12.1, an attacker-controlled GitHub Enterprise Server could cause arbitrary commands to run on a user’s machine by substituting HTTP URLs from GitHub with local file paths during browsing....