CVE-2025-52569

Name of the Vulnerable Software and Affected Versions: GitForge.jl versions prior to 5.9.1

Description: The issue is related to a lack of input validation for user-provided values in certain functions. Specifically, in the GitHub.repo() function, the repo name field can be set to any string, which is then sent directly to the server without validation or safe encoding. This allows for path traversal patterns, such as ../, to be added to the input, potentially accessing unintended endpoints on api.github.com.

Recommendations: For versions prior to 5.9.1, upgrade immediately to v5.9.1 or later to receive a patch. As a temporary workaround, consider restricting the use of the GitHub.repo() function until a patch is available. Avoid using path traversal patterns like ../ in the repo name field to minimize the risk of exploitation.