GitHub CLI 2.74.0
A security vulnerability has been identified in a core gh dependency, go-gh, where an attacker-controlled GitHub Enterprise Server could result in executing arbitrary commands on a user's machine by replacing HTTP URLs provided by GitHub with local file paths for browsing.
This issue is addressed in this gh release by updating go-gh to a fixed version.
For more information, see https://github.com/cli/go-gh/security/advisories/GHSA-g9f5-x53j-h563
preview prompter command by @BagToad in https://github.com/cli/cli/pull/10745--compact flag by @iamazeem in https://github.com/cli/cli/pull/10629gh config --help by @BagToad in https://github.com/cli/cli/pull/11003gh gist edit panic when no file in a gist by @phanen in https://github.com/cli/cli/pull/10627gh attestation commands by @malancas in https://github.com/cli/cli/pull/10943RenderJobs and RenderJobsCompact by @babakks in https://github.com/cli/cli/pull/11013--head option to pr list docs by @babakks in https://github.com/cli/cli/pull/10979pr create will print the created PR's URL by @babakks in https://github.com/cli/cli/pull/10980go-gh to v2.12.1 by @BagToad in https://github.com/cli/cli/pull/11043Full Changelog: https://github.com/cli/cli/compare/v2.73.0...v2.74.0
Fetched April 8, 2026