Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/%40github/copilot@0.0.333-13
Typenpm
Namespace@github
Namecopilot
Version0.0.333-13
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version0.0.423
Latest_non_vulnerable_version1.0.43
Affected_by_vulnerabilities
0
url VCID-ydpt-fr5c-r3e6
vulnerability_id VCID-ydpt-fr5c-r3e6
summary 
GitHub Copilot CLI Dangerous Shell Expansion Patterns Enable Arbitrary Code Execution
A security vulnerability has been identified in GitHub Copilot CLI's shell tool that could allow arbitrary code execution through crafted bash parameter expansion patterns. An attacker who can influence the commands executed by the agent (e.g., via prompt injection through repository files, MCP server responses, or user instructions) can exploit bash parameter transformation operators to execute hidden commands, bypassing the safety assessment that classifies commands as "read-only."
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-29783
reference_id
reference_type
scores
0
value 0.00065
scoring_system epss
scoring_elements 0.20417
published_at 2026-06-06T12:55:00Z
1
value 0.00065
scoring_system epss
scoring_elements 0.20319
published_at 2026-06-09T12:55:00Z
2
value 0.00065
scoring_system epss
scoring_elements 0.20311
published_at 2026-06-08T12:55:00Z
3
value 0.00065
scoring_system epss
scoring_elements 0.20379
published_at 2026-06-07T12:55:00Z
4
value 0.00065
scoring_system epss
scoring_elements 0.20428
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-29783
1
reference_url https://github.com/github/copilot-cli
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/github/copilot-cli
2
reference_url https://github.com/github/copilot-cli/releases/tag/v0.0.423
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-06T18:05:42Z/
url https://github.com/github/copilot-cli/releases/tag/v0.0.423
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-29783
reference_id CVE-2026-29783
reference_type
scores
0
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-29783
4
reference_url https://github.com/advisories/GHSA-g8r9-g2v8-jv6f
reference_id GHSA-g8r9-g2v8-jv6f
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g8r9-g2v8-jv6f
5
reference_url https://github.com/github/copilot-cli/security/advisories/GHSA-g8r9-g2v8-jv6f
reference_id GHSA-g8r9-g2v8-jv6f
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 7.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-06T18:05:42Z/
url https://github.com/github/copilot-cli/security/advisories/GHSA-g8r9-g2v8-jv6f
fixed_packages
0
url pkg:npm/%40github/copilot@0.0.423
purl pkg:npm/%40github/copilot@0.0.423
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540github/copilot@0.0.423
aliases CVE-2026-29783, GHSA-g8r9-g2v8-jv6f
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ydpt-fr5c-r3e6
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/%2540github/copilot@0.0.333-13