CVE-2025-59046

The CVE-2025-59046 entry concerns the npm package interactive-git-checkout. Affected versions (up to and including 1.1.4) are vulnerable because the code passes the user-provided branch name directly to git checkout via Node.js child_process.exec() without input validation or sanitization, enabli...

CVE-2025-59046 interactive-git-checkout has Command Injection vulnerability

The npm package interactive-git-checkout is an interactive command-line tool that allows users to checkout a git branch while it prompts for the branch name on the command-line. It is available as an npm package and can be installed via npm install -g interactive-git-checkout. Versions up to and...

CVE-2025-54994

@akoskm/create-mcp-server-stdio is an MCP server starter kit that uses the StdioServerTransport. Prior to version 0.0.13, the MCP Server is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. The MCP...

@akoskm/create-mcp-server-stdio is vulnerable to MCP Server Command Injection through `exec` API

Command Injection in MCP Server The MCP Server at https://github.com/akoskm/create-mcp-server-stdio is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. Vulnerable tool The MCP Server exposes the to...

CVE-2025-54994 @akoskm/create-mcp-server-stdio has Command Injection in MCP Server due to unsafe `exec` API

@akoskm/create-mcp-server-stdio is an MCP server starter kit that uses the StdioServerTransport. Prior to version 0.0.13, the MCP Server is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. The MCP...

CVE-2025-54994

CVE-2025-54994 affects the MCP Server Starter kit @akoskm/create-mcp-server-stdio. The vulnerable component is the which-app-on-port tool that uses Node.js child_process.exec, exposing command-injection risk when user input is unsafely concatenated into shell commands. Affected versions precede 0...

CVE-2025-54994 @akoskm/create-mcp-server-stdio has Command Injection in MCP Server due to unsafe `exec` API

@akoskm/create-mcp-server-stdio is an MCP server starter kit that uses the StdioServerTransport. Prior to version 0.0.13, the MCP Server is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. The MCP...

PT-2025-36603

Command Injection in MCP Server The MCP Server at https://github.com/akoskm/create-mcp-server-stdio is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. Vulnerable tool The MCP Server exposes the to...

PT-2025-36503

Name of the Vulnerable Software and Affected Versions: @akoskm/create-mcp-server-stdio versions prior to 0.0.13 Description: The @akoskm/create-mcp-server-stdio package, a MCP server starter kit utilizing the StdioServerTransport, contains a command injection issue in versions prior to 0.0.13. Th...

Malicious code in gravity-exec-geochemistry-jwt (npm)

The package gravity-exec-geochemistry-jwt was found to contain malicious code...

Malicious code in local-release-it-exec-graphql (npm)

The package local-release-it-exec-graphql was found to contain malicious code...

Malicious code in rigel-exec-ichnology-playwright (npm)

The package rigel-exec-ichnology-playwright was found to contain malicious code...

MAL-2025-45057 Malicious code in local-release-it-exec-graphql (npm)

The package local-release-it-exec-graphql was found to contain malicious code...

MAL-2025-44464 Malicious code in gravity-exec-geochemistry-jwt (npm)

The package gravity-exec-geochemistry-jwt was found to contain malicious code...

MAL-2025-44193 Malicious code in exec-exoplanetology-hercules-titan (npm)

The package exec-exoplanetology-hercules-titan was found to contain malicious code...

MAL-2025-45847 Malicious code in rigel-exec-ichnology-playwright (npm)

The package rigel-exec-ichnology-playwright was found to contain malicious code...

MAL-2025-45615 Malicious code in publish-exec-quasar-puppeteer (npm)

The package publish-exec-quasar-puppeteer was found to contain malicious code...

RCE-Foryou

RCE-Foryou Python tool for safely testing and exploiting RCE v...

Unsanitized NUL in environment variables on Windows in syscall and os/exec

...

Linux Distros Unpatched Vulnerability : CVE-2022-31212

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in dbus-broker before 31. It depends on c-uitl/c-shquote to parse the DBus service's Exec line. c-shquote contains a stack-based buffer...