RSEC-2025-0

See a problem?

Import Source

https://github.com/RConsortium/r-advisory-database/blob/main/vulns/gh/RSEC-2025-0.yaml

JSON Data

https://api.osv.dev/v1/vulns/RSEC-2025-0

Upstream

CVE-2025-54956

Published

2025-07-31T15:00:00Z

Modified

2025-08-04T20:30:50.487870Z

Summary

Arbitrary Code Execution (ACE) Vulnerability

Details

A bug was identified in releases of the GH R package prior to version 1.5. This flaw could expose sensitive information, such as authentication tokens, through request headers during its operation if responses were cached to disk. We issued a Posit Security Advisory with the 1.5 release and attributed the submitter in the release notes.

References

https://github.com/r-lib/gh/issues/222
https://nvd.nist.gov/vuln/detail/CVE-2025-54956

Affected packages

CRAN / gh

Package

Name: gh
Purl: pkg:cran/gh

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.1.0

Fixed

1.5.0

Affected versions

1.*

1.1.0

1.2.0

1.2.1

1.3.0

1.3.1

1.4.0

1.4.1