@github/copilot

npm2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting @github/copilotpage 1 of 1

CVE-2026-29783HIGHCVSS 7.8EG 7.8✓ Fixed in 0.0.423
2026-03-06
The shell tool within GitHub Copilot CLI versions prior to and including 0.0.422 can allow arbitrary code execution through crafted bash parameter expansion patterns. An attacker who can influence the commands executed by the agent (e.g., …
CVE-2026-45033HIGHCVSS 8.5EG 8.5✓ Fixed in 1.0.43
2026-05-13
GitHub Copilot CLI brings AI-powered coding assistance directly to your command line. Prior to 1.0.43, a security vulnerability has been identified in GitHub Copilot CLI where a malicious bare git repository nested inside a project direct…

Check whether @github/copilot is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for @github/copilot CVEs against the assets you own.

Start Free Scan →