cli — Vulnerabilities & Security Advisories 13

All 13 CVE vulnerabilities found in cli, with AI-generated Chinese analysis, references, and POCs.

Vendor: npm

CVE ID	Title	CVSS	Severity	Paused
CVE-2026-29066	Arbitrary File Read via Disabled Vite Filesystem Restriction in TinaCMS CLI CWE-552	6.2	Medium	2026-03-12
CVE-2026-28793	Path Traversal Leading to Arbitrary File Read, Write and Delete in TinaCMS CWE-22	8.4	High	2026-03-12
CVE-2026-28792	Cross-Origin File Exfiltration via CORS Misconfiguration + Path Traversal in TinaCMS CWE-22	9.7	Critical	2026-03-12
CVE-2026-0775	npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability CWE-732	7.8	-	2026-01-23
CVE-2025-25204	`gh attestation verify` returns incorrect exit code during verification if no attestations are present CWE-390	6.3	Medium	2025-02-14
CVE-2024-54132	GitHub CLI allows downloading malicious GitHub Actions workflow artifact to result in path traversal vulnerability CWE-22	6.5	-	2024-12-04
CVE-2024-53858	Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts in the gh cli CWE-200	6.5	Medium	2024-11-27
CVE-2024-52308	Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computer CWE-77	8.0	High	2024-11-14
CVE-2021-41092	Docker CLI leaks private registry credentials to registry-1.docker.io CWE-200	5.4	Medium	2021-10-04
CVE-2020-15095	Sensitive information exposure through logs in npm cli CWE-532	4.4	Medium	2020-07-07
CVE-2019-16777	Arbitrary File Overwrite in npm CLI CWE-22	7.7	High	2019-12-13
CVE-2019-16776	Unauthorized File Access in npm CLI before before version 6.13.3 CWE-22	7.7	High	2019-12-13
CVE-2019-16775	Unauthorized File Access in npm CLI before before version 6.13.3 CWE-61	7.7	High	2019-12-13

All 13 known CVE vulnerabilities affecting cli with full Chinese analysis, references, and POCs where available.