VYPR

CLI

by CLI

Source repositories

CVEs (6)

  • CVE-2026-48501HigMay 29, 2026
    risk 0.41cvss 7.4epss 0.00

    GitHub CLI (gh) is GitHub’s official command line tool. Prior to 2.93.0, GitHub CLI incorrectly includes authorization header in API requests to TUF repository mirrors via gh attestation, gh release verify, and gh release verify-asset commands. The CLI uses a shared HTTP…

  • CVE-2024-53858MedNov 27, 2024
    risk 0.35cvss 6.5epss 0.00

    The gh cli is GitHub’s official command line tool. A security vulnerability has been identified in the GitHub CLI that could leak authentication tokens when cloning repositories containing `git` submodules hosted outside of GitHub.com and ghe.com. This vulnerability stems from…

  • CVE-2025-25204MedFeb 14, 2025
    risk 0.34cvss 6.3epss 0.00

    `gh` is GitHub’s official command line tool. Starting in version 2.49.0 and prior to version 2.67.0, under certain conditions, a bug in GitHub's Artifact Attestation cli tool `gh attestation verify` causes it to return a zero exit status when no attestations are present. This…

  • CVE-2024-54132MedDec 4, 2024
    risk 0.34cvss epss 0.01

    The GitHub CLI is GitHub’s official command line tool. A security vulnerability has been identified in GitHub CLI that could create or overwrite files in unintended directories when users download a malicious GitHub Actions workflow artifact through gh run download. This…

  • CVE-2024-52308Nov 14, 2024
    risk 0.01cvss epss 0.01

    The GitHub CLI version 2.6.1 and earlier are vulnerable to remote code execution through a malicious codespace SSH server when using `gh codespace ssh` or `gh codespace logs` commands. This has been patched in the cli v2.62.0. Developers connect to remote codespaces through an…

  • CVE-2019-12130Mar 19, 2020
    risk 0.00cvss epss 0.02

    In ONAP CLI through Dublin, by accessing an applicable port (30234, 30290, 32010, 30270, 30224, 30281, 30254, 30285, and/or 30271), an attacker gains full access to the respective ONAP services without any authentication. All ONAP Operations Manager (OOM) setups are affected.