Browse all 6 CVE security advisories affecting cli. AI-powered Chinese analysis, POCs, and references for each vulnerability.
CLI serves as a fundamental interface for interacting with operating systems and applications through text commands, enabling efficient system administration and automation. Historically, common vulnerabilities include remote code execution through command injection, cross-site scripting in web-based CLIs, and privilege escalation via misconfigured permissions or insecure default settings. Notable security characteristics often involve reliance on secure input validation and proper privilege management. While no major public incidents are widely documented, the presence of six CVEs highlights ongoing security concerns, particularly around command handling and access control in various implementations.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-25204 | `gh attestation verify` returns incorrect exit code during verification if no attestations are present — cliCWE-390 | 6.3 | Medium | 2025-02-14 |
| CVE-2024-54132 | GitHub CLI allows downloading malicious GitHub Actions workflow artifact to result in path traversal vulnerability — cliCWE-22 | 6.5 | - | 2024-12-04 |
| CVE-2024-53858 | Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts in the gh cli — cliCWE-200 | 6.5 | Medium | 2024-11-27 |
| CVE-2024-52308 | Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computer — cliCWE-77 | 8.0 | High | 2024-11-14 |
This page lists every published CVE security advisory associated with cli. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.