github.com/cli/cli (Go) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Go package github.com/cli/cli, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (6)
CVE-2024-52308 — CVSS 8.0 (high): The GitHub CLI version 2.6.1 and earlier are vulnerable to remote code execution through a malicious codespace SSH server when using `gh…
CVE-2026-48501 — CVSS 7.4 (high): GitHub CLI (gh) is GitHub’s official command line tool. Prior to 2.93.0, GitHub CLI incorrectly includes authorization header in API…
CVE-2024-53858 — CVSS 6.5 (medium): The gh cli is GitHub’s official command line tool. A security vulnerability has been identified in the GitHub CLI that could leak…
CVE-2024-54132: The GitHub CLI is GitHub’s official command line tool. A security vulnerability has been identified in GitHub CLI that could create or…
CVE-2025-25204 — CVSS 6.3 (medium): `gh` is GitHub’s official command line tool. Starting in version 2.49.0 and prior to version 2.67.0, under certain conditions, a bug in…
CVE-2026-45803 — CVSS 3.5 (low): `gh` is GitHub’s official command line tool. From 1.6.0 to before 2.92.0, a security vulnerability has been identified in GitHub CLI that…