Security: ghostty-org/ghostty
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
Arbitrary command execution via control characters in paste and drag-and-drop operationsGHSA-4jxv-xgrp-5m3r published
Mar 9, 2026 by mitchellhModerate -
Ghostty can be used as a vector for privilege escalation from other vulnerable or malicious sourcesGHSA-q9fg-cpmh-c78x published
Sep 15, 2025 by mitchellhLow -
File descriptors leaked to shellGHSA-98wc-794w-gjx3 published
Jan 30, 2025 by mitchellhLow -
The file created by `write_*_file` actions have global read permissionsGHSA-hfg5-8q2c-crhc published
Dec 31, 2024 by mitchellhLow -
Improper handling of window title sequences can lead to arbitrary command executionGHSA-5hcq-3j4q-4v6p published
Dec 31, 2024 by mitchellhModerate