Browse all 5 CVE security advisories affecting ohmyzsh. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Ohmyzsh serves as a popular open-source shell framework enhancing command-line interfaces for Unix-like systems. Historically, it has faced vulnerabilities including remote code execution (RCE) through malicious theme installations, cross-site scripting (XSS) in web-based components, and privilege escalation via path manipulation flaws. The project maintains a moderate security posture with five CVEs recorded, primarily stemming from input validation weaknesses and insecure default configurations. While no major incidents have been widely documented, the project's extensive user base makes it a potential target for exploitation. Regular updates and community contributions help address security concerns, though users should remain vigilant about theme installations and configuration hardening.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2021-3769 | OS Command Injection in ohmyzsh/ohmyzsh — ohmyzsh/ohmyzshCWE-78 | 7.5 | High | 2021-11-30 |
| CVE-2021-3727 | OS Command Injection in ohmyzsh/ohmyzsh — ohmyzsh/ohmyzshCWE-78 | 7.5 | High | 2021-11-30 |
| CVE-2021-3726 | OS Command Injection in ohmyzsh/ohmyzsh — ohmyzsh/ohmyzshCWE-78 | 7.5 | High | 2021-11-30 |
| CVE-2021-3725 | OS Command Injection in ohmyzsh/ohmyzsh — ohmyzsh/ohmyzshCWE-78 | 7.5 | High | 2021-11-30 |
| CVE-2021-3934 | OS Command Injection in ohmyzsh/ohmyzsh — ohmyzsh/ohmyzshCWE-78 | 7.4 | - | 2021-11-12 |
This page lists every published CVE security advisory associated with ohmyzsh. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.