gemini-cli

Direct Vulnerabilities

Known vulnerabilities in the gemini-cli package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free
VulnerabilityVulnerable Version
  • L
GHSA-g8m3-5g58-fq7m

<0.49.0-r4
  • L
CVE-2026-11525

<0.49.0-r4
  • L
OS Command Injection

<0.49.0-r4
  • L
CVE-2026-6733

<0.49.0-r4
  • L
GHSA-wphj-fx3q-84ch

<0.49.0-r4
  • L
Race Condition

<0.49.0-r4
  • L
GHSA-8r9q-7v3j-jr4g

<0.49.0-r4
  • L
GHSA-hvx9-hwr7-wjj9

<0.49.0-r4
  • L
GHSA-4992-7rv2-5pvq

<0.49.0-r4
  • L
Inefficient Regular Expression Complexity

<0.49.0-r4
  • L
GHSA-2g4f-4pwh-qvx6

<0.49.0-r4
  • L
Algorithmic Complexity

<0.49.0-r4
  • L
GHSA-p88m-4jfj-68fv

<0.49.0-r4
  • L
GHSA-w7jw-789q-3m8p

<0.49.0-r4
  • L
GHSA-9c88-49p5-5ggf

<0.49.0-r4
  • H
Use of Uninitialized Resource

<0.49.0-r4
  • L
GHSA-vxpw-j846-p89q

<0.49.0-r4
  • L
GHSA-pr7r-676h-xcf6

<0.49.0-r4
  • L
CVE-2026-1527

<0.49.0-r4
  • L
GHSA-vrm6-8vpv-qv8q

<0.49.0-r4
  • L
GHSA-2mjp-6q6p-2qxm

<0.49.0-r4
  • L
GHSA-w48q-cv73-mx4w

<0.49.0-r4
  • L
GHSA-3h5v-q93c-6h6q

<0.49.0-r4
  • L
GHSA-9ppj-qmqm-q256

<0.49.0-r4
  • L
Resource Exhaustion

<0.49.0-r4
  • L
GHSA-v9p9-hfj2-hcw8

<0.49.0-r4
  • L
GHSA-58qx-3vcg-4xpx

<0.49.0-r4
  • L
CVE-2026-9277

<0.49.0-r4
  • L
GHSA-vmf3-w455-68vh

<0.49.0-r4
  • M
Directory Traversal

<0.49.0-r4
  • L
CVE-2026-2229

<0.49.0-r4
  • L
GHSA-qffp-2rhf-9h96

<0.49.0-r4
  • M
Directory Traversal

<0.49.0-r4
  • L
CVE-2026-1526

<0.49.0-r4
  • L
CVE-2026-12151

<0.49.0-r4
  • C
CVE-2026-1525

<0.49.0-r4
  • L
CVE-2026-9678

<0.49.0-r4
  • L
GHSA-f269-vfmq-vjvj

<0.49.0-r4
  • L
CVE-2026-1528

<0.49.0-r4
  • L
GHSA-h67p-54hq-rp68

<0.49.0-r4
  • L
CVE-2026-9679

<0.49.0-r4
  • L
GHSA-5vv4-hvf7-2h46

<0.49.0-r4
  • L
OS Command Injection

<0.49.0-r4
  • L
Interpretation Conflict

<0.49.0-r4
  • L
CVE-2024-37890

<0.49.0-r4
  • H
Allocation of Resources Without Limits or Throttling

<0.49.0-r4
  • H
OS Command Injection

<0.49.0-r4
  • L
OS Command Injection

<0.49.0-r4
  • L
GHSA-g9mf-h72j-4rw9

<0.49.0-r4
  • H
Inefficient Regular Expression Complexity

<0.49.0-r4
  • L
GHSA-345p-7cg4-v4c7

<0.49.0-r4
  • L
GHSA-96hv-2xvq-fx4p

<0.49.0-r4
  • L
GHSA-35p6-xmwp-9g52

<0.49.0-r4
  • H
Insecure Default Initialization of Resource

<0.49.0-r4
  • L
OS Command Injection

<0.49.0-r3
  • L
CVE-2026-6951

<0.49.0-r3
  • L
GHSA-jcxm-m3jx-f287

<0.49.0-r3
  • L
GHSA-r275-fr43-pm7q

<0.49.0-r3
  • L
OS Command Injection

<0.49.0-r3
  • L
GHSA-hffm-xvc3-vprc

<0.49.0-r3
  • L
GHSA-99f4-grh7-6pcq

<0.49.0-r2
  • L
CVE-2026-48069

<0.49.0-r2
  • L
CVE-2026-48068

<0.49.0-r2
  • L
GHSA-5375-pq7m-f5r2

<0.49.0-r2
  • L
Allocation of Resources Without Limits or Throttling

<0.49.0-r1
  • L
GHSA-8988-4f7v-96qf

<0.49.0-r1
  • L
GHSA-hmw2-7cc7-3qxx

<0.47.0-r0
  • L
CVE-2026-12143

<0.47.0-r0
  • L
Improper Handling of Unicode Encoding

<0.44.0-r0
  • L
GHSA-2pr8-phx7-x9h3

<0.44.0-r0
  • L
Arbitrary Code Injection

<0.44.0-r0
  • L
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<0.44.0-r0
  • L
Uncontrolled Recursion

<0.44.0-r0
  • H
Uncontrolled Recursion

<0.44.0-r0
  • L
Improper Input Validation

<0.44.0-r0
  • L
GHSA-685m-2w69-288q

<0.44.0-r0
  • H
Arbitrary Code Injection

<0.44.0-r0
  • L
GHSA-xq3m-2v4x-88gg

<0.44.0-r0
  • L
GHSA-jggg-4jg4-v7c6

<0.44.0-r0
  • L
GHSA-fx83-v9x8-x52w

<0.44.0-r0
  • L
GHSA-q6x5-8v7m-xcrf

<0.44.0-r0
  • L
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<0.44.0-r0
  • C
Arbitrary Code Injection

<0.44.0-r0
  • L
GHSA-66ff-xgx4-vchm

<0.44.0-r0
  • L
GHSA-jvwf-75h9-cwgg

<0.44.0-r0
  • L
GHSA-75px-5xx7-5xc7

<0.44.0-r0
  • L
GHSA-vpq2-c234-7xj6

<0.43.0-r0
  • L
CVE-2026-3449

<0.43.0-r0
  • L
Improper Handling of Exceptional Conditions

<0.41.2-r0
  • L
GHSA-q7rr-3cgh-j5r3

<0.41.2-r0
  • M
Cross-site Scripting (XSS)

<0.41.2-r0
  • L
GHSA-v2v4-37r5-5v8g

<0.41.2-r0
  • H
Out-of-bounds Write

<0.41.1-r0
  • L
GHSA-w5hq-g745-h8pq

<0.41.1-r0
  • L
GHSA-wpqr-6v78-jr5g

<0.40.1-r0
  • L
GHSA-xf4j-xp2r-rqqx

<0.37.0-r0
  • L
GHSA-wmmm-f939-6g9c

<0.37.0-r0
  • L
GHSA-26pp-8wgv-hjvm

<0.37.0-r0
  • L
GHSA-r5rp-j6wh-rvv4

<0.37.0-r0
  • M
Incorrect Behavior Order: Validate Before Canonicalize

<0.37.0-r0
  • L
GHSA-xpcf-pg52-r92g

<0.37.0-r0
  • L
Improper Input Validation

<0.37.0-r0
  • L
GHSA-92pp-h63x-v22m

<0.37.0-r0
  • H
Directory Traversal

<0.37.0-r0
  • L
Directory Traversal

<0.37.0-r0
  • M
Directory Traversal

<0.37.0-r0
  • L
GHSA-j3q9-mxjg-w52f

<0.35.3-r0
  • L
GHSA-27v5-c462-wpq7

<0.35.3-r0
  • L
GHSA-c2c7-rcm5-vvqj

<0.35.3-r0
  • L
Inefficient Regular Expression Complexity

<0.35.3-r0
  • L
GHSA-3v7f-55p6-f55p

<0.35.3-r0
  • L
Uncontrolled Recursion

<0.35.3-r0
  • L
GHSA-f886-m6hf-6m8v

<0.35.3-r0
  • H
Resource Exhaustion

<0.35.3-r0
  • L
CVE-2026-4923

<0.35.3-r0
  • L
CVE-2026-4926

<0.35.3-r0
  • L
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<0.35.3-r0
  • L
GHSA-48c2-rrv3-qjmp

<0.35.3-r0
  • L
GHSA-gmq8-994r-jv83

<0.33.2-r0
  • M
Off-by-one Error

<0.33.2-r0
  • H
Inefficient Regular Expression Complexity

<0.30.0-r0
  • L
GHSA-3ppc-4f35-3m26

<0.30.0-r0