Skip to main content

Cli

6 CVEs product

Monthly

CVE-2026-59831 MEDIUM This Month

Command execution via URI injection in GitHub CLI's `gh codespace jupyter` subcommand (versions 2.10.0-2.95.0) allows an attacker who controls a Codespace to redirect a connecting developer's VS Code instance into executing arbitrary protocol handler actions. The CLI passes a JupyterLab URL sourced from a process inside the Codespace directly to the OS without validating that the URL is a loopback HTTP or HTTPS address, enabling substitution with a crafted `vscode://` or `vscode-insiders://` URI. No public exploit has been identified at time of analysis and this CVE is not listed in CISA's Known Exploited Vulnerabilities catalog, but the scope-change characteristic (S:C) means local VS Code extension execution is a realistic downstream impact.

Information Disclosure Cli
NVD GitHub VulDB
CVSS 3.1
4.4
EPSS
0.2%
CVE-2026-56236 npm MEDIUM PATCH This Month

Symlink-following vulnerabilities in Capgo CLI before version 12.128.2 (npm @capgo/cli < 7.84.6) allow an attacker who controls a repository to overwrite arbitrary files on a developer's machine and expose sensitive signing credentials when the developer runs CLI login or build credential operations inside that repository. Three distinct issues are present: unsafe writeFileSync on .capgo and .capgo-credentials.json without symlink validation, and global credential files written with world-readable 664 permissions instead of the required 0600. A proof-of-concept demonstrating the .capgo clobber is publicly documented in the GitHub Security Advisory GHSA-8mpm-q7mh-8fvh. No CISA KEV listing exists at time of analysis, but exploitability is straightforward given the PoC and low attack complexity.

Information Disclosure Cli
NVD GitHub VulDB
CVSS 4.0
6.8
EPSS
0.1%
CVE-2026-45803 Go LOW PATCH GHSA Monitor

Terminal escape sequence injection in GitHub CLI 1.6.0 through 2.91.x allows authenticated attackers with pull request creation rights to inject malicious terminal control sequences into Actions workflow logs. When victims execute 'gh run view --log' or 'gh run view --log-failed' to inspect workflow runs, unsanitized escape sequences replay in their terminal, enabling window title manipulation, on-screen content alteration, or arbitrary command execution in vulnerable emulators like GNU screen. The attack requires low complexity and user interaction (victim must view logs), with impact limited to terminal integrity. CVSS score of 3.5 reflects low-severity integrity impact, though real-world risk varies significantly by terminal emulator capabilities. No active exploitation confirmed at time of analysis.

Code Injection Cli
NVD GitHub VulDB
CVSS 3.1
3.5
EPSS
0.0%
CVE-2024-52308 Go CRITICAL PATCH Act Now

The GitHub CLI version 2.6.1 and earlier are vulnerable to remote code execution through a malicious codespace SSH server when using `gh codespace ssh` or `gh codespace logs` commands. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Cli
NVD GitHub
CVSS 3.1
9.6
EPSS
0.9%
CVE-2022-40764 npm HIGH POC PATCH This Week

Snyk CLI before 1.996.0 allows arbitrary command execution, affecting Snyk IDE plugins and the snyk npm package. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Command Injection Node.js Cli Golang Cli
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2014-3342 MEDIUM This Month

The CLI in Cisco IOS XR allows remote authenticated users to obtain sensitive information via unspecified commands, aka Bug IDs CSCuq42336, CSCuq76853, CSCuq76873, and CSCuq45383. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Information Disclosure Cli Ios Xr
NVD
CVSS 2.0
4.0
EPSS
0.2%
EPSS 0% CVSS 4.4
MEDIUM This Month

Command execution via URI injection in GitHub CLI's `gh codespace jupyter` subcommand (versions 2.10.0-2.95.0) allows an attacker who controls a Codespace to redirect a connecting developer's VS Code instance into executing arbitrary protocol handler actions. The CLI passes a JupyterLab URL sourced from a process inside the Codespace directly to the OS without validating that the URL is a loopback HTTP or HTTPS address, enabling substitution with a crafted `vscode://` or `vscode-insiders://` URI. No public exploit has been identified at time of analysis and this CVE is not listed in CISA's Known Exploited Vulnerabilities catalog, but the scope-change characteristic (S:C) means local VS Code extension execution is a realistic downstream impact.

Information Disclosure Cli
NVD GitHub VulDB
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Symlink-following vulnerabilities in Capgo CLI before version 12.128.2 (npm @capgo/cli < 7.84.6) allow an attacker who controls a repository to overwrite arbitrary files on a developer's machine and expose sensitive signing credentials when the developer runs CLI login or build credential operations inside that repository. Three distinct issues are present: unsafe writeFileSync on .capgo and .capgo-credentials.json without symlink validation, and global credential files written with world-readable 664 permissions instead of the required 0600. A proof-of-concept demonstrating the .capgo clobber is publicly documented in the GitHub Security Advisory GHSA-8mpm-q7mh-8fvh. No CISA KEV listing exists at time of analysis, but exploitability is straightforward given the PoC and low attack complexity.

Information Disclosure Cli
NVD GitHub VulDB
EPSS 0% CVSS 3.5
LOW PATCH Monitor

Terminal escape sequence injection in GitHub CLI 1.6.0 through 2.91.x allows authenticated attackers with pull request creation rights to inject malicious terminal control sequences into Actions workflow logs. When victims execute 'gh run view --log' or 'gh run view --log-failed' to inspect workflow runs, unsanitized escape sequences replay in their terminal, enabling window title manipulation, on-screen content alteration, or arbitrary command execution in vulnerable emulators like GNU screen. The attack requires low complexity and user interaction (victim must view logs), with impact limited to terminal integrity. CVSS score of 3.5 reflects low-severity integrity impact, though real-world risk varies significantly by terminal emulator capabilities. No active exploitation confirmed at time of analysis.

Code Injection Cli
NVD GitHub VulDB
EPSS 1% CVSS 9.6
CRITICAL PATCH Act Now

The GitHub CLI version 2.6.1 and earlier are vulnerable to remote code execution through a malicious codespace SSH server when using `gh codespace ssh` or `gh codespace logs` commands. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Cli
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

Snyk CLI before 1.996.0 allows arbitrary command execution, affecting Snyk IDE plugins and the snyk npm package. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Command Injection Node.js Cli +1
NVD GitHub
EPSS 0% CVSS 4.0
MEDIUM This Month

The CLI in Cisco IOS XR allows remote authenticated users to obtain sensitive information via unspecified commands, aka Bug IDs CSCuq42336, CSCuq76853, CSCuq76873, and CSCuq45383. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Cisco Information Disclosure +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy