Security: Eugeny/tabby
Security
No security policy detected
This project has not set up a SECURITY.md file yet.
Report a vulnerability-
Drag-and-drop path injection still allows RCE via shell command substitution (incomplete fix for GHSA-m937-jm93-pfp6)GHSA-mq9v-2pgm-fxgh published
May 17, 2026 by EugenyHigh -
Tabby auto-confirms ZMODEM detection on terminal output, leading to shell command execution from displayed file content under fish, bash, and zshGHSA-qr3x-j8g9-xhf6 published
May 7, 2026 by EugenyHigh -
Unsafe protocol handler execution via terminal linkifier allows arbitrary OS protocol invocationGHSA-cmpc-v2x9-j9x9 published
May 4, 2026 by EugenyHigh -
RCE via `tabby://run` URL SchemeGHSA-hf8h-rjrf-3jg6 published
May 7, 2026 by EugenyCritical -
Dragging and Dropping a File into Tabby Can Lead to Code ExecutionGHSA-m937-jm93-pfp6 published
May 7, 2026 by EugenyHigh -
TCC Bypass via Misconfigured Node FusesGHSA-prcj-7rvc-26h4 published
Jan 8, 2025 by EugenyHigh -
TCC Bypass via Unnecessary Permissive Entitlements in TabbyGHSA-jx33-9jc7-24gc published
Dec 25, 2024 by EugenyHigh
Learn more about advisories related to Eugeny/tabby in the GitHub Advisory Database