[Git][security-tracker-team/security-tracker][master] Add CVE-2026-45803/golang-github-cli-go-gh
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat May 16 08:39:24 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0c227778 by Salvatore Bonaccorso at 2026-05-16T09:39:02+02:00
Add CVE-2026-45803/golang-github-cli-go-gh
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -215,7 +215,8 @@ CVE-2026-46360 (phpMyFAQ before 4.1.2 contains a stored cross-site scripting vul
CVE-2026-46359 (phpMyFAQ before 4.1.2 contains a sql injection vulnerability in Curren ...)
NOT-FOR-US: phpMyFAQ
CVE-2026-45803 (`gh` is GitHub\u2019s official command line tool. From 1.6.0 to before ...)
- TODO: check
+ - golang-github-cli-go-gh <unfixed>
+ NOTE: https://github.com/cli/cli/security/advisories/GHSA-crc3-h8v6-qh57
CVE-2026-45800 (Vvveb is a powerful and easy to use CMS with page builder to build web ...)
NOT-FOR-US: Vvveb
CVE-2026-45773 (Turborepo is a high-performance build system for JavaScript and TypeSc ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0c2277781bc9772a4e4e56056b51006f92c9b49e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0c2277781bc9772a4e4e56056b51006f92c9b49e
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260516/3c6e8916/attachment.htm>
More information about the debian-security-tracker-commits
mailing list