Cli

This hub aggregates every CVE we track for Cli, a product in the devtools ci space. Use it to gauge the current risk picture and drill into individual advisories.

DevTools & CI

CVEs tracked

Critical

High

In CISA KEV

Severity distribution

HIGH10MEDIUM9LOW3CRITICAL2

Monthly trend

2024-072026-06

Latest CVEs

See all →

The 15 most recently published vulnerabilities affecting Cli.

CVE-2026-56236Capgo CLI - Arbitrary File Overwrite via Symlink-Following in Local Credential Operations6.1Jun 21, 2026
CVE-2026-48501GitHub CLI tokens leak via `gh attestation` commands7.4May 29, 2026
CVE-2026-45152uniget: Command Injection in tool.Check Leading to Arbitrary Code Execution7.8May 27, 2026
CVE-2026-45803gh: GitHub Actions log output in `gh run view` allows terminal escape sequence injection3.5May 15, 2026
CVE-2026-42994Bitwarden CLI 2026.4.0 from 2026-04-22T21:57Z to 2026-04-22T23:30Z, when obtained from npm, had embedded malicious code. This is related to a Checkmarx supply chain incident.9.8May 1, 2026
CVE-2026-34200Nhost CLI MCP Server: Missing Inbound Authentication on Explicitly Bound Network Port7.5Mar 31, 2026
CVE-2026-29066Arbitrary File Read via Disabled Vite Filesystem Restriction in TinaCMS CLI6.2Mar 12, 2026
CVE-2026-28793Path Traversal Leading to Arbitrary File Read, Write and Delete in TinaCMS8.4Mar 12, 2026
CVE-2026-28792Cross-Origin File Exfiltration via CORS Misconfiguration + Path Traversal in TinaCMS9.6Mar 12, 2026
CVE-2026-0775npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability7.0Jan 23, 2026
CVE-2025-25204`gh attestation verify` returns incorrect exit code during verification if no attestations are present6.3Feb 14, 2025
CVE-2024-54132GitHub CLI allows downloading malicious GitHub Actions workflow artifact to result in path traversal vulnerability3.7Dec 4, 2024
CVE-2024-53858Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts in the gh cli6.5Nov 27, 2024
CVE-2024-52308Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computer8.0Nov 14, 2024
CVE-2022-40764Snyk CLI before 1.996.0 allows arbitrary command execution, affecting Snyk IDE plugins and the snyk npm package. Exploitation could follow from the common practice of viewing untrusted files in the...7.8Oct 3, 2022

Product normalization is registry-driven with AI assist and human review. How it works