CRITICAL9.8CVE-2022-31180Shescape vulnerable to insufficient escaping of whitespace >= 1.4.0, < 1.5.8
HIGH8.6CVE-2023-40185Shescape on Windows escaping may be bypassed in threaded context from 0, < 1.7.4
HIGH8.1Shescape prior to 1.5.8 vulnerable to insufficient escaping of line feeds for CMD
from 0, < 1.5.8
HIGH7.5Inefficient Regular Expression Complexity in shescape
>= 1.5.10, < 1.6.1
MEDIUM6.3Null characters not escaped
from 0, < 1.1.3
MEDIUM5.5Exposure of home directory through shescape on Unix with Bash
>= 1.4.0, < 1.5.1
LOW3.1Shescape potential environment variable exposure on Windows with CMD
from 0, < 1.7.1
—Shescape escape() leaves bracket glob expansion active on Bash, BusyBox, and Dash
from 0, < 2.1.10
—Withdrawn Advisory: Shescape has possible misidentification of shell due to link chains
from 0, < 2.1.9
—Shescape has potential environment variable exposure on Windows with CMD
>= 1.7.2, < 2.1.2