All Cobra CVEs — Complete Vulnerability History
Cobra is Go's most popular CLI framework, used by kubectl, Hugo, GitHub CLI, and thousands of other tools. Its CVE is a ReDoS in argument parsing.
Go
N/A weekly downloads
1 CVE total
Full CVE history
| CVE | Year | Severity | Description | Fix |
|---|---|---|---|---|
| CVE-2022-32149 | 2022 | HIGH | ReDoS via crafted command-line argument | Fixed v1.7.0 |
Current safe version: v1.8.0
# Before github.com/spf13/cobra v1.6.0
# After github.com/spf13/cobra v1.8.0
Then run: go mod tidy
Paste your manifest — get a fixed version with all CVEs patched in seconds.
Open PackageFix →Free · No signup · No CLI · Runs in your browser
Common questions
Does the Cobra ReDoS affect end users?
It affects CLI applications built with Cobra that accept user-provided arguments. If your CLI tool processes untrusted input from external systems (scripts, CI), update cobra.