Affected by GO-2024-3269
and 5 other vulnerabilities
GO-2024-3269: Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computer in github.com/cli/cli
GO-2024-3296: Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts in github.com/cli/cli
GO-2024-3310: Downloading malicious GitHub Actions workflow artifact results in path traversal vulnerability in github.com/cli/cli
GO-2025-3467: `gh attestation verify` returns incorrect exit code during verification if no attestations are present in github.com/cli/cli
GO-2026-5271: GitHub CLI has an incorrect authorization header in API requests to TUF repository mirrors via `gh attestation`, `gh release verify`, and `gh release verify-asset` commands in github.com/cli/cli
GO-2026-5335: GitHub CLI: GitHub Actions log output in `gh run view` allows terminal escape sequence injection in github.com/cli/cli