{"id":"GO-2025-3732","summary":"GitHub CLI and extensions can execute arbitrary commands on compromised GitHub Enterprise Server in github.com/cli/go-gh","details":"GitHub CLI and extensions can execute arbitrary commands on compromised GitHub Enterprise Server in github.com/cli/go-gh","aliases":["CVE-2025-48938","GHSA-g9f5-x53j-h563"],"modified":"2026-02-04T02:31:40.639125Z","published":"2025-06-03T17:28:53Z","related":["CGA-rr3v-6hvw-xv36"],"database_specific":{"url":"https://pkg.go.dev/vuln/GO-2025-3732","review_status":"REVIEWED"},"references":[{"type":"ADVISORY","url":"https://github.com/cli/go-gh/security/advisories/GHSA-g9f5-x53j-h563"},{"type":"FIX","url":"https://github.com/cli/go-gh/commit/a08820a13f257d6c5b4cb86d37db559ec6d14577"}],"affected":[{"package":{"name":"github.com/cli/go-gh/v2","ecosystem":"Go","purl":"pkg:golang/github.com/cli/go-gh/v2"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"2.12.1"}]}],"ecosystem_specific":{"imports":[{"symbols":["Browser.Browse","Browser.browse"],"path":"github.com/cli/go-gh/v2/pkg/browser"}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2025-3732.json"}}],"schema_version":"1.7.3"}