✅ Check your installed version
All known vulnerabilities
CRITICAL9.8CVE-2022-31180Shescape vulnerable to insufficient escaping of whitespace >= 1.4.0, < 1.5.8
HIGH8.6CVE-2023-40185Shescape on Windows escaping may be bypassed in threaded context from 0, < 1.7.4
HIGH8.1CVE-2022-31179Shescape prior to 1.5.8 vulnerable to insufficient escaping of line feeds for CMD from 0, < 1.5.8
HIGH7.5CVE-2022-25918Inefficient Regular Expression Complexity in shescape >= 1.5.10, < 1.6.1
from 0, < 1.1.3
MEDIUM5.5CVE-2022-24725Exposure of home directory through shescape on Unix with Bash >= 1.4.0, < 1.5.1
LOW3.1CVE-2023-35931Shescape potential environment variable exposure on Windows with CMD from 0, < 1.7.1
—CVE-2026-32094Shescape escape() leaves bracket glob expansion active on Bash, BusyBox, and Dash from 0, < 2.1.10
—CVE-2026-30916Withdrawn Advisory: Shescape has possible misidentification of shell due to link chains from 0, < 2.1.9
—CVE-2025-30222Shescape has potential environment variable exposure on Windows with CMD >= 1.7.2, < 2.1.2