Cli Go-Gh vulnerabilities

CVE-2025-48938 [LOW] CWE-501 CVE-2025-48938: go-gh is a collection of Go modules to make authoring GitHub CLI extensions easier. A security vulne go-gh is a collection of Go modules to make authoring GitHub CLI extensions easier. A security vulnerability has been identified in versions prior to 2.12.1 where an attacker-controlled GitHub Enterprise Server could result in executing arbitrary commands on a user's machine by replacing HTTP URLs provided by GitHub with local file paths for browsing.

CVE-2024-53859 [HIGH] CWE-200 CVE-2024-53859: go-gh is a Go module for interacting with the `gh` utility and the GitHub API from the command line. go-gh is a Go module for interacting with the `gh` utility and the GitHub API from the command line. A security vulnerability has been identified in `go-gh` that could leak authentication tokens intended for GitHub hosts to non-GitHub hosts when within a codespace. `go-gh` sources authentication tokens from different environment variables depending on