Open
Description
While working on the gh-dash project, we identified a critical vulnerability CVE-2025-48938 in the go-gh package (this dependency used by gh-dash). This issue allows arbitrary command execution via improperly handled URLs in the Browser.Browse() function. The vulnerability can be exploited when interacting with a compromised GitHub Enterprise Server that returns malicious API responses.