Browse all 12 CVE security advisories affecting charmbracelet. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Charmbracelet is a Go-based command-line tool for building interactive CLI applications with features like prompts, spinners, and progress bars. Historically, it has been susceptible to multiple remote code execution vulnerabilities due to unsafe input handling in interactive components, cross-site scripting flaws in terminal output rendering, and privilege escalation through improper access controls. The project maintains 12 CVE records, with several critical RCE issues stemming from unsanitized user input in prompt handlers and insecure terminal escape sequence processing. While no major public security incidents have been documented, the consistent pattern of input validation vulnerabilities suggests developers should implement strict sanitization when using user-provided data in charmbracelet's interactive features.
CVE-2026-222532026-01-20CVE-2026-222532026-01-20CVE-2025-645222025-11-11GHSA-fv2r-r8mp-pg482025-11-09Showing up to 20 recent security advisories. View all →
This page lists every published CVE security advisory associated with charmbracelet. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.