CVE-2025-53107 @cyanheads/git-mcp-server vulnerable to command injection in several tools

@cyanheads/git-mcp-server is an MCP server designed to interact with Git repositories. Prior to version 2.1.5, there is a command injection vulnerability caused by the unsanitized use of input parameters within a call to childprocess.exec, enabling an attacker to inject arbitrary system commands...

[SECURITY] Fedora 42 Update: glow-2.1.1-1.fc42

Glow is a terminal based markdown reader designed from the ground up to bring out the beauty=E2=80=94and power=E2=80=94of the CLI. Use it to discover mark down files, read documentation directly on the command line. Glow will find local markdown files in subdirectories or a local Git repository...

CVE-2014-6274

git-annex had a bug in the S3 and Glacier remotes where if embedcreds=yes was set, and the remote used encryption=pubkey or encryption=hybrid, the embedded AWS credentials were stored in the git repository in effectively plaintext, not encrypted as they were supposed to be. This issue affects...

CVE-2014-6274 S3 and Glacier remotes creds embedded in the git repo were not encrypted

git-annex had a bug in the S3 and Glacier remotes where if embedcreds=yes was set, and the remote used encryption=pubkey or encryption=hybrid, the embedded AWS credentials were stored in the git repository in effectively plaintext, not encrypted as they were supposed to be. This issue affects...

CVE-2025-22237

An attacker with access to a minion key can exploit the 'on demand' pillar functionality with a specially crafted git url which could cause and arbitrary command to be run on the master with the same privileges as the master process...

UBUNTU-CVE-2025-22237

An attacker with access to a minion key can exploit the 'on demand' pillar functionality with a specially crafted git url which could cause and arbitrary command to be run on the master with the same privileges as the master process...

CVE-2023-42798

AutomataCI is a template git repository equipped with a native built-in semi-autonomous CI tools. An issue in versions 1.4.1 and below can let a release job reset the git root repository to the first commit. Version 1.5.0 has a patch for this issue. As a workaround, make sure the PROJECTPATHRELEA...

CVE-2019-13915

b3log Wide before 1.6.0 allows three types of attacks to access arbitrary files. First, the attacker can write code in the editor, and compile and run it approximately three times to read an arbitrary file. Second, the attacker can create a symlink, and then place the symlink into a ZIP archive. ...

CVE-2024-4982

A directory traversal vulnerability was discovered in Pagure server. If a malicious user submits a specially cratfted git repository they could discover secrets on the server...

CVE-2024-4982

A directory traversal vulnerability was discovered in Pagure server. If a malicious user submits a specially cratfted git repository they could discover secrets on the server...

CVE-2024-4981

A vulnerability was discovered in Pagure server. If a malicious user were to submit a git repository with symbolic links, the server could unintentionally show incorporate and make visible content from outside the git repo...

DEBIAN-CVE-2024-4981

A vulnerability was discovered in Pagure server. If a malicious user were to submit a git repository with symbolic links, the server could unintentionally show incorporate and make visible content from outside the git repo...

CVE-2024-4981

A vulnerability was discovered in Pagure server. If a malicious user were to submit a git repository with symbolic links, the server could unintentionally show incorporate and make visible content from outside the git repo...

UBUNTU-CVE-2024-4982

A directory traversal vulnerability was discovered in Pagure server. If a malicious user submits a specially cratfted git repository they could discover secrets on the server...

UBUNTU-CVE-2024-4981

A vulnerability was discovered in Pagure server. If a malicious user were to submit a git repository with symbolic links, the server could unintentionally show incorporate and make visible content from outside the git repo...

CVE-2024-4982 Pagure: path traversal in view_issue_raw_file()

A directory traversal vulnerability was discovered in Pagure server. If a malicious user submits a specially cratfted git repository they could discover secrets on the server...

CVE-2024-4982

CVE-2024-4982 affects Pagure server. The credential leakage/secret exposure arises from a directory traversal vulnerability in the view_issue_raw_file() path handling, caused by insufficient input sanitization. This can allow a remote attacker to read arbitrary server files. Public advisories (Ub...

CVE-2024-4982 Pagure: path traversal in view_issue_raw_file()

A directory traversal vulnerability was discovered in Pagure server. If a malicious user submits a specially cratfted git repository they could discover secrets on the server...

CVE-2025-30370 jupyterlab-git has a command injection vulnerability in "Open Git Repository in Terminal"

jupyterlab-git is a JupyterLab extension for version control using Git. On many platforms, a third party can create a Git repository under a name that includes a shell command substitution string in the syntax $. These directory names are allowed in macOS and a majority of Linux distributions. If...

CVE-2025-30370 jupyterlab-git has a command injection vulnerability in "Open Git Repository in Terminal"

jupyterlab-git is a JupyterLab extension for version control using Git. On many platforms, a third party can create a Git repository under a name that includes a shell command substitution string in the syntax $. These directory names are allowed in macOS and a majority of Linux distributions. If...