← Back to feed
Security patch:
[LOW] GHSA-crc3-h8v6-qh57: GitHub CLI: GitHub Actions log output in `gh run view` allows terminal escape sequence injection
GitHub Security Advisory·Security·SecurityFix·5/19/2026
### Summary A security vulnerability has been identified in GitHub CLI that could allow terminal escape sequence injection when users view GitHub Actions workflow logs using `gh run view --log` or `gh run view --log-failed`. ### Details The vulnerability stems from the way GitHub CLI handles raw
Why it matters → A security vulnerability was patched. Upgrade affected versions to mitigate risk.
Who should care → Anyone running affected versions in production.
github.com/cli/cli
View original source ↗Source payload preview
{
"ghsaId": "GHSA-crc3-h8v6-qh57",
"summary": "GitHub CLI: GitHub Actions log output in `gh run view` allows terminal escape sequence injection",
"severity": "LOW",
"updatedAt": "2026-05-19T19:37:03Z",
"references": [
{
"url": "https://github.com/cli/cli/security/advisories/GHSA-crc3-h8v6-qh57"
},
{
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45803"
},
{
"url": "https://github.com/advisories/GHSA-crc3-h8v6-qh57"
}
],
"description": "### Summary\n\nA security vulnerability has been identified in GitHub CLI that could allow terminal escape sequence injection when users view GitHub Actions workflow logs using `gh run view --log` or `gh run view --log-failed`.\n\n### Details\n\nThe vulnerability stems from the way GitHub CLI handles
…