pkg:Go/github.com/cli/cli/v2

10 total CVEsHIGH3MEDIUM4LOW1

✅ Check your installed version

All known vulnerabilities

  • HIGH8.0CVE-2024-52308Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computer in github.com/cli/cli
    from 0, < 2.62.0
  • HIGH8.0CVE-2024-52308Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computer in github.com/cli/cli
    from 0, < 2.62.0
  • HIGH7.4CVE-2026-48501GitHub CLI has an incorrect authorization header in API requests to TUF repository mirrors via `gh attestation`, `gh release verify`, and `gh release verify-asset` commands
    from 0, < 2.93.0
  • MEDIUM6.5CVE-2024-53858Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts in github.com/cli/cli
    from 0, < 2.63.0
  • MEDIUM6.5CVE-2024-53858Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts in github.com/cli/cli
    from 0, < 2.63.0
  • MEDIUM6.3CVE-2025-25204`gh attestation verify` returns incorrect exit code during verification if no attestations are present
    >= 2.49.0, < 2.67.0
  • MEDIUM6.3CVE-2025-25204`gh attestation verify` returns incorrect exit code during verification if no attestations are present
    >= 2.49.0, < 2.67.0
  • LOW3.5CVE-2026-45803GitHub CLI: GitHub Actions log output in `gh run view` allows terminal escape sequence injection
    from 0, < 2.92.0
  • CVE-2024-54132Downloading malicious GitHub Actions workflow artifact results in path traversal vulnerability in github.com/cli/cli
    from 0, < 2.63.1
  • CVE-2024-54132Downloading malicious GitHub Actions workflow artifact results in path traversal vulnerability in github.com/cli/cli
    from 0, < 2.63.1
Go/github.com/cli/cli/v2 — 10 CVEs · VulnScope