cbcvebase.

Github.Com Cli Cli V2 vulnerabilities

6 known vulnerabilities affecting github.com/cli_cli_v2.

Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM3LOW1

Vulnerabilities

Page 1 of 1
CVE-2024-52308P2HIGH≥ 0, < 2.62.02024-11-14
CVE-2024-52308 [HIGH] CWE-77 Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computer Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computer ### Summary A security vulnerability has been identified in GitHub CLI that could allow remote code execution (RCE) when users connect to a malicious Codespace SSH server and use the `gh codespace ssh` or `gh codespace logs` commands. ### Details The vulnerability
ghsaosv
CVE-2026-48501P3HIGH≥ 0, < 2.93.02026-05-29
CVE-2026-48501 [HIGH] CWE-863 GitHub CLI has an incorrect authorization header in API requests to TUF repository mirrors via `gh attestation`, `gh release verify`, and `gh release verify-asset` commands GitHub CLI has an incorrect authorization header in API requests to TUF repository mirrors via `gh attestation`, `gh release verify`, and `gh release verify-asset` commands ### Summary GitHub CLI incorrectly includes an authorization header in API requests to TUF repository mirrors via `gh atte
ghsa
CVE-2024-54132P3MEDIUM≥ 0, < 2.63.12024-12-04
CVE-2024-54132 [MEDIUM] CWE-22 Downloading malicious GitHub Actions workflow artifact results in path traversal vulnerability Downloading malicious GitHub Actions workflow artifact results in path traversal vulnerability ### Summary A security vulnerability has been identified in GitHub CLI that could create or overwrite files in unintended directories when users download a malicious GitHub Actions workflow artifact through `gh run download`. ### Details This vulnerability stems from a GitHu
ghsaosv
CVE-2025-25204P3MEDIUM≥ 2.49.0, < 2.67.02025-02-14
CVE-2025-25204 [MEDIUM] CWE-390 `gh attestation verify` returns incorrect exit code during verification if no attestations are present `gh attestation verify` returns incorrect exit code during verification if no attestations are present ### Summary A bug in GitHub's Artifact Attestation CLI tool, `gh attestation verify`, may return an incorrect zero exit status when no matching attestations are found for the specified `--predicate-type ` or the default `https://slsa.dev/provenance/v1` if not
ghsaosv
CVE-2024-53858P4MEDIUM≥ 0, < 2.63.02024-11-27
CVE-2024-53858 [MEDIUM] CWE-200 Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts ### Summary A security vulnerability has been identified in the GitHub CLI that could leak authentication tokens when cloning repositories containing `git` submodules hosted outside of GitHub.com and ghe.com. ### Details This vulnerability stems from several `gh` commands used to clo
ghsaosv
CVE-2026-45803P4LOW≥ 0, < 2.92.02026-05-19
CVE-2026-45803 [LOW] CWE-150 GitHub CLI: GitHub Actions log output in `gh run view` allows terminal escape sequence injection GitHub CLI: GitHub Actions log output in `gh run view` allows terminal escape sequence injection ### Summary A security vulnerability has been identified in GitHub CLI that could allow terminal escape sequence injection when users view GitHub Actions workflow logs using `gh run view --log` or `gh run view --log-failed`. ### Details The vulnerability stems from the way
ghsa
Github.Com Cli Cli V2 vulnerabilities | cvebase