GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
5 advisories
Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computer
High
CVE-2024-52308
was published
for
github.com/cli/cli
(Go)
Nov 14, 2024
`auth.TokenForHost` violates GitHub host security boundary when sourcing authentication token within a codespace
Moderate
CVE-2024-53859
was published
for
github.com/cli/go-gh
(Go)
Nov 27, 2024
Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts
Moderate
CVE-2024-53858
was published
for
github.com/cli/cli/v2
(Go)
Nov 27, 2024
Downloading malicious GitHub Actions workflow artifact results in path traversal vulnerability
Moderate
CVE-2024-54132
was published
for
github.com/cli/cli
(Go)
Dec 4, 2024
Prevent GitHub CLI and extensions from executing arbitrary commands from compromised GitHub Enterprise Server
Moderate
CVE-2025-48938
was published
for
github.com/cli/go-gh/v2
(Go)
May 30, 2025
ProTip!
Advisories are also available from the
GraphQL API