HIGH8.0CVE-2024-52308Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computer in github.com/cli/cli from 0, < 2.62.0
HIGH8.0CVE-2024-52308Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computer in github.com/cli/cli from 0, < 2.62.0
HIGH7.4CVE-2026-48501GitHub CLI has an incorrect authorization header in API requests to TUF repository mirrors via `gh attestation`, `gh release verify`, and `gh release verify-asset` commands from 0, < 2.93.0
MEDIUM6.5Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts in github.com/cli/cli
from 0, < 2.63.0
MEDIUM6.5Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts in github.com/cli/cli
from 0, < 2.63.0
MEDIUM6.3`gh attestation verify` returns incorrect exit code during verification if no attestations are present in github.com/cli/cli
>= 2.49.0, < 2.67.0
MEDIUM6.3`gh attestation verify` returns incorrect exit code during verification if no attestations are present in github.com/cli/cli
>= 2.49.0, < 2.67.0
LOW3.5GitHub CLI: GitHub Actions log output in `gh run view` allows terminal escape sequence injection
from 0, < 2.92.0
—Downloading malicious GitHub Actions workflow artifact results in path traversal vulnerability in github.com/cli/cli
from 0, < 2.63.1
—Downloading malicious GitHub Actions workflow artifact results in path traversal vulnerability in github.com/cli/cli
from 0, < 2.63.1