-
Notifications
You must be signed in to change notification settings - Fork 6.8k
Security: cli/cli
Security Navigation
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
`gh attestation verify` returns incorrect exit code during verification when predicate types mismatchGHSA-fgw4-v983-mgp8 published
Feb 14, 2025 by BagToadModerate -
Downloading malicious GitHub Actions workflow artifact results in path traversal vulnerabilityGHSA-2m9h-r57g-45pj published
Dec 3, 2024 by jtmcgLow -
Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computerGHSA-p2h2-3vg9-4p87 published
Nov 14, 2024 by andyfellerHigh -
Recursive repository cloning can leak authentication tokens to non-GitHub submodule hostsGHSA-jwcm-9g39-pmcw published
Nov 27, 2024 by andyfellerModerate -
GitHub CLI can execute a git binary from the current directoryGHSA-fqfh-778m-2v32 published
Nov 11, 2020 by mislavModerate