Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:npm/%40github/copilot@0.0.414
purl pkg:npm/%40github/copilot@0.0.414
Next non-vulnerable version 0.0.423
Latest non-vulnerable version 1.0.43
Risk 4.0
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-ydpt-fr5c-r3e6
Aliases:
CVE-2026-29783
GHSA-g8r9-g2v8-jv6f
GitHub Copilot CLI Dangerous Shell Expansion Patterns Enable Arbitrary Code Execution A security vulnerability has been identified in GitHub Copilot CLI's shell tool that could allow arbitrary code execution through crafted bash parameter expansion patterns. An attacker who can influence the commands executed by the agent (e.g., via prompt injection through repository files, MCP server responses, or user instructions) can exploit bash parameter transformation operators to execute hidden commands, bypassing the safety assessment that classifies commands as "read-only."
0.0.423
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-06T07:14:18.792383+00:00 GitLab Importer Affected by VCID-ydpt-fr5c-r3e6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/@github/copilot/CVE-2026-29783.yml 38.6.0