CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-48938 – Prevent GitHub CLI and extensions from executing arbitrary commands from compromised GitHub Enterprise Server
https://notcve.org/view.php?id=CVE-2025-48938
30 May 2025 — go-gh is a collection of Go modules to make authoring GitHub CLI extensions easier. A security vulnerability has been identified in versions prior to 2.12.1 where an attacker-controlled GitHub Enterprise Server could result in executing arbitrary commands on a user's machine by replacing HTTP URLs provided by GitHub with local file paths for browsing. In `2.12.1`, `Browser.Browse()` has been enhanced to allow and disallow a variety of scenarios to avoid opening or executing files on the filesystem without u... • https://github.com/cli/go-gh/blob/61bf393cf4aeea6d00a6251390f5f67f5b67e727/pkg/browser/browser.go • CWE-501: Trust Boundary Violation •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-25204 – `gh attestation verify` returns incorrect exit code during verification if no attestations are present
https://notcve.org/view.php?id=CVE-2025-25204
14 Feb 2025 — `gh` is GitHub’s official command line tool. Starting in version 2.49.0 and prior to version 2.67.0, under certain conditions, a bug in GitHub's Artifact Attestation cli tool `gh attestation verify` causes it to return a zero exit status when no attestations are present. This behavior is incorrect: When no attestations are present, `gh attestation verify` should return a non-zero exit status code, thereby signaling verification failure. An attacker can abuse this flaw to, for example, deploy malicious artif... • https://github.com/cli/cli/issues/10418 • CWE-390: Detection of Error Condition Without Action •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54132 – GitHub CLI allows downloading malicious GitHub Actions workflow artifact to result in path traversal vulnerability
https://notcve.org/view.php?id=CVE-2024-54132
04 Dec 2024 — The GitHub CLI is GitHub’s official command line tool. A security vulnerability has been identified in GitHub CLI that could create or overwrite files in unintended directories when users download a malicious GitHub Actions workflow artifact through gh run download. This vulnerability stems from a GitHub Actions workflow artifact named .. when downloaded using gh run download. The artifact name and --dir flag are used to determine the artifact’s download path. When the artifact is named .., the resulting fi... • https://github.com/cli/cli/commit/1136764c369aaf0cae4ec2ee09dc35d871076932 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53858 – Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts in the gh cli
https://notcve.org/view.php?id=CVE-2024-53858
27 Nov 2024 — The gh cli is GitHub’s official command line tool. A security vulnerability has been identified in the GitHub CLI that could leak authentication tokens when cloning repositories containing `git` submodules hosted outside of GitHub.com and ghe.com. This vulnerability stems from several `gh` commands used to clone a repository with submodules from a non-GitHub host including `gh repo clone`, `gh repo fork`, and `gh pr checkout`. These GitHub CLI commands invoke git with instructions to retrieve authentication... • https://git-scm.com/docs/gitcredentials • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53859 – go-gh `auth.TokenForHost` violates GitHub host security boundary within a codespace
https://notcve.org/view.php?id=CVE-2024-53859
27 Nov 2024 — go-gh is a Go module for interacting with the `gh` utility and the GitHub API from the command line. A security vulnerability has been identified in `go-gh` that could leak authentication tokens intended for GitHub hosts to non-GitHub hosts when within a codespace. `go-gh` sources authentication tokens from different environment variables depending on the host involved: 1. `GITHUB_TOKEN`, `GH_TOKEN` for GitHub.com and ghe.com and 2. `GITHUB_ENTERPRISE_TOKEN`, `GH_ENTERPRISE_TOKEN` for GitHub Enterprise Serv... • https://docs.github.com/en/apps/using-github-apps/reviewing-and-revoking-authorization-of-github-apps#reviewing-your-authorized-github-apps • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52308 – Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computer
https://notcve.org/view.php?id=CVE-2024-52308
14 Nov 2024 — The GitHub CLI version 2.6.1 and earlier are vulnerable to remote code execution through a malicious codespace SSH server when using `gh codespace ssh` or `gh codespace logs` commands. This has been patched in the cli v2.62.0. Developers connect to remote codespaces through an SSH server running within the devcontainer, which is generally provided through the [default devcontainer image]( https://docs.github.com/en/codespaces/setting-up-your-project-for-codespaces/adding-a-dev-container-... https://docs.git... • https://github.com/cli/cli/security/advisories/GHSA-p2h2-3vg9-4p87 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.1EPSS: 9%CPEs: 1EXPL: 2CVE-2021-43837 – Template injection in vault-cli
https://notcve.org/view.php?id=CVE-2021-43837
16 Dec 2021 — vault-cli is a configurable command-line interface tool (and python library) to interact with Hashicorp Vault. In versions before 3.0.0 vault-cli features the ability for rendering templated values. When a secret starts with the prefix `!template!`, vault-cli interprets the rest of the contents of the secret as a Jinja2 template. • https://github.com/peopledoc/vault-cli/commit/3ba3955887fd6b7d4d646c8b260f21cebf5db852 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-29504 – Improper Certificate Validation in WP-CLI framework
https://notcve.org/view.php?id=CVE-2021-29504
07 Jun 2021 — WP-CLI is the command-line interface for WordPress. An improper error handling in HTTPS requests management in WP-CLI version 0.12.0 and later allows remote attackers able to intercept the communication to remotely disable the certificate verification on WP-CLI side, gaining full control over the communication content, including the ability to impersonate update servers and push malicious updates towards WordPress instances controlled by the vulnerable WP-CLI agent, or push malicious updates toward WP-CLI i... • https://github.com/wp-cli/checksum-command/pull/86 • CWE-295: Improper Certificate Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-24087 – Azure IoT CLI extension Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-24087
25 Feb 2021 — Azure IoT CLI extension Elevation of Privilege Vulnerability Una Vulnerabilidad de Elevación de Privilegios en la extensión de la CLI Azure IoT • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24087 • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2020-7633
https://notcve.org/view.php?id=CVE-2020-7633
06 Apr 2020 — apiconnect-cli-plugins through 6.0.1 is vulnerable to Command Injection.It allows execution of arbitrary commands via the pluginUri argument. apiconnect-cli-plugins versiones hasta 6.0.1, es vulnerable a una Inyección de Comandos. Permite una ejecución de comandos arbitrarios por medio del argumento pluginUri. • https://openbase.io/js/apiconnect-cli-plugins • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •