Browse all 6 CVE security advisories affecting cli. AI-powered Chinese analysis, POCs, and references for each vulnerability.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-48938 | Prevent GitHub CLI and extensions from executing arbitrary commands from compromised GitHub Enterprise Server — go-ghCWE-501 | 9.8AI | CriticalAI | 2025-05-30 |
| CVE-2025-25204 | `gh attestation verify` returns incorrect exit code during verification if no attestations are present — cliCWE-390 | 6.3 | Medium | 2025-02-14 |
| CVE-2024-54132 | GitHub CLI allows downloading malicious GitHub Actions workflow artifact to result in path traversal vulnerability — cliCWE-22 | 6.5 | - | 2024-12-04 |
| CVE-2024-53858 | Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts in the gh cli — cliCWE-200 | 6.5 | Medium | 2024-11-27 |
| CVE-2024-53859 | go-gh `auth.TokenForHost` violates GitHub host security boundary within a codespace — go-ghCWE-200 | 6.5 | Medium | 2024-11-27 |
| CVE-2024-52308 | Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computer — cliCWE-77 | 8.0 | High | 2024-11-14 |
This page lists every published CVE security advisory associated with cli. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.