| CVE-2026-48501 |
critical |
9.1 |
9.1 |
|
|
|
5d ago |
GitHub CLI (gh) is GitHub’s official command line tool. Prior to 2.93.0, GitHub CLI incorrectly includes authorization header in API requests to TUF repository mirrors via gh attestation, gh release … |
| CVE-2026-45803 |
low |
3.5 |
3.5 |
|
|
|
19d ago |
`gh` is GitHub’s official command line tool. From 1.6.0 to before 2.92.0, a security vulnerability has been identified in GitHub CLI that could allow terminal escape sequence injection when users vie… |
| CVE-2025-25204 |
unknown |
— |
— |
|
|
|
1y ago |
`gh` is GitHub’s official command line tool. Starting in version 2.49.0 and prior to version 2.67.0, under certain conditions, a bug in GitHub's Artifact Attestation cli tool `gh attestation verify` … |
| CVE-2024-54132 |
unknown |
— |
— |
|
|
|
2y ago |
The GitHub CLI is GitHub’s official command line tool. A security vulnerability has been identified in GitHub CLI that could create or overwrite files in unintended directories when users download a … |
| CVE-2024-53858 |
unknown |
— |
— |
|
|
|
2y ago |
The gh cli is GitHub’s official command line tool. A security vulnerability has been identified in the GitHub CLI that could leak authentication tokens when cloning repositories containing `git` subm… |
| CVE-2024-52308 |
unknown |
— |
— |
|
|
|
2y ago |
The GitHub CLI version 2.6.1 and earlier are vulnerable to remote code execution through a malicious codespace SSH server when using `gh codespace ssh` or `gh codespace logs` commands. This has been … |
