Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

cli — Vulnerabilities & Security Advisories 18

All 18 CVE vulnerabilities found in cli, with AI-generated Chinese analysis, references, and POCs.

This page aggregates Common Weakness Enumeration (CWE) vulnerabilities associated with the command-line interface product, categorized under software vulnerability tags for command-line tools. It compiles a comprehensive list of security issues affecting this software ecosystem, covering reports from 2015 to 2024 to provide a historical perspective on development stability and security response times. By exploring this aggregated data, users can efficiently track vendor advisories related to CLI applications, gain a deeper understanding of prevalent weakness classes within command-line environments, and lookup specific product vulnerability histories to assess long-term risk exposure. The collection focuses on high-impact flaws such as command injection, improper input validation, and privilege escalation errors that frequently impact end-user utility software. This resource is designed for security researchers, system administrators, and developers who require structured visibility into the threat landscape of command-line based products. It enables informed decision-making regarding patch management and security auditing processes. The data reflects publicly disclosed vulnerabilities that have been assigned identifiers and verified through standard reporting channels. Users can filter results by severity, release version, or specific weakness type to tailor their investigation. This centralization aims to reduce the time required to identify potential attack vectors and understand the evolution of security practices in command-line software development. The information presented is derived from official vendor notifications and independent security research disclosures, ensuring accuracy and reliability for professional use cases.

Vendor: npm

CVE IDTitleCVSSSeverityPublished
CVE-2026-59831 GitHub CLI `gh codespace jupyter` could allow remote code execution when connecting to a malicious Codespace CWE-829 4.4 Medium2026-07-09
CVE-2026-56236 Capgo CLI - Arbitrary File Overwrite via Symlink-Following in Local Credential Operations CWE-59 6.1 Medium2026-06-21
CVE-2026-48501 GitHub CLI tokens leak via `gh attestation` commands CWE-863 7.4 High2026-05-29
CVE-2026-45152 uniget: Command Injection in tool.Check Leading to Arbitrary Code Execution CWE-78 7.8 High2026-05-27
CVE-2026-45803 gh: GitHub Actions log output in `gh run view` allows terminal escape sequence injection CWE-150 3.5 Low2026-05-15
CVE-2026-29066 Arbitrary File Read via Disabled Vite Filesystem Restriction in TinaCMS CLI CWE-552 6.2 Medium2026-03-12
CVE-2026-28793 Path Traversal Leading to Arbitrary File Read, Write and Delete in TinaCMS CWE-22 8.4 High2026-03-12
CVE-2026-28792 Cross-Origin File Exfiltration via CORS Misconfiguration + Path Traversal in TinaCMS CWE-22 9.7 Critical2026-03-12
CVE-2026-0775 npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability CWE-732 7.8 -2026-01-23
CVE-2025-25204 `gh attestation verify` returns incorrect exit code during verification if no attestations are present CWE-390 6.3 Medium2025-02-14
CVE-2024-54132 GitHub CLI allows downloading malicious GitHub Actions workflow artifact to result in path traversal vulnerability CWE-22 6.5 -2024-12-04
CVE-2024-53858 Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts in the gh cli CWE-200 6.5 Medium2024-11-27
CVE-2024-52308 Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computer CWE-77 8.0 High2024-11-14
CVE-2021-41092 Docker CLI leaks private registry credentials to registry-1.docker.io CWE-200 5.4 Medium2021-10-04
CVE-2020-15095 Sensitive information exposure through logs in npm cli CWE-532 4.4 Medium2020-07-07
CVE-2019-16777 Arbitrary File Overwrite in npm CLI CWE-22 7.7 High2019-12-13
CVE-2019-16776 Unauthorized File Access in npm CLI before before version 6.13.3 CWE-22 7.7 High2019-12-13
CVE-2019-16775 Unauthorized File Access in npm CLI before before version 6.13.3 CWE-61 7.7 High2019-12-13

All 18 known CVE vulnerabilities affecting cli with full Chinese analysis, references, and POCs where available.