CVE-2026-3515 Argument Injection in prefecthq/prefect

A vulnerability in the GitHubRepository block of the prefect-github integration in Prefect version 3.6.18 allows an attacker to inject arbitrary git command-line options via the reference field. The reference field is concatenated directly into a git clone command string without proper...

CVE-2026-3515 Argument Injection in prefecthq/prefect

A vulnerability in the GitHubRepository block of the prefect-github integration in Prefect version 3.6.18 allows an attacker to inject arbitrary git command-line options via the reference field. The reference field is concatenated directly into a git clone command string without proper...

EUVD-2026-31563

A vulnerability in the GitHubRepository block of the prefect-github integration in Prefect version 3.6.18 allows an attacker to inject arbitrary git command-line options via the reference field. The reference field is concatenated directly into a git clone command string without proper...

CVE-2026-3515

A vulnerability in the GitHubRepository block of the prefect-github integration in Prefect version 3.6.18 allows an attacker to inject arbitrary git command-line options via the reference field. The reference field is concatenated directly into a git clone command string without proper...

EUVD-2022-0929

Malicious code in bioql PyPI...

CVE-2025-58763 Tautulli vulnerable to Authenticated Remote Code Execution via Command Injection

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. A command injection vulnerability in Tautulli v2.15.3 and prior allows attackers with administrative privileges to obtain remote code execution on the application server. This vulnerability requires the application to...

CVE-2024-5023 Arbitrary File Read Vulnerability in ConsoleMe via Limited Git command RCE

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Netflix ConsoleMe allows Command Injection.This issue affects ConsoleMe: before 1.4.0...

Rocky Linux 8 : Satellite 6.12 Release (Important) (RLSA-2022:8506)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:8506 advisory. - The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data which affects the allocation size use...

Exploit for Open Redirect in Git-Scm Git

CVE-2017-1000117 借鉴使用github平台的AnonymKing/CVE-2017-1000117仓库 项目简介 + CVE-2017-1000117 漏洞的复现（PoC+Exp） + Git2.12.1 + SSH 漏洞简介： + 漏洞名称： Git命令注入漏洞 + CNNVD编号：CNNVD-201708-670 + 危害等级：中危 + CVE编号：CVE-2017-1000117 + 漏洞类型：命令注入 + 发布时间：2017-08-16...

Github Git 操作系统命令注入漏洞

Github Git is a free, open source distributed version control system. An operating system command injection vulnerability exists in Github Git, which stems from the lack of cleanup functionality in the Git.git method, allowing the execution of operating system commands instead of just the git...

CVE-2021-43809

Bundler is a package for managing application dependencies in Ruby. In bundler versions before 2.2.33, when working with untrusted and apparently harmless Gemfile's, it is not expected that they lead to execution of external code, unless that's explicit in the ruby code inside the Gemfile itself...

Code Injection in keymetrics/vizion

Overview The issue is an RCE triggerable via the module. This is possible because in the https://github.com/keymetrics/vizion/blob/master/lib/git/git.jsL228 line, the git reset --hard command is concatenated with a unsanitized input: js var command = cliCommandargs.folder, "git reset --hard " +...

Command injection

An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths...

FreeBSD : Gitlab -- Multiple Vulnerabilities (b17c86b9-e52e-11e9-86e9-001b217b3468)

SO-AND-SO reports : XSS in Markdown Preview Using Mermaid Bypass Email Verification using Salesforce Authentication Account Takeover using SAML Uncontrolled Resource Consumption in Markdown using Mermaid Disclosure of Private Project Path and Labels Disclosure of Assignees via Milestones Disclosu...

Gitlab -- Multiple Vulnerabilities

The GitLab Team reports: XSS in Markdown Preview Using Mermaid Bypass Email Verification using Salesforce Authentication Account Takeover using SAML Uncontrolled Resource Consumption in Markdown using Mermaid Disclosure of Private Project Path and Labels Disclosure of Assignees via Milestones...

git: Command injection via malicious ssh URLs

A shell command injection flaw related to the handling of "ssh" URLs has been discovered in Git. An attacker could use this flaw to execute shell commands with the privileges of the user running the Git client, for example, when performing a "clone" action on a malicious repository or a legitimat...

Git: Command injection

Background Git is a small and fast distributed version control system designed to handle small and large projects. Description Specially crafted ‘ssh://...’ URLs may allow the owner of the repository to execute arbitrary commands on client’s machine if those commands are already installed on the...

git: Command injection via malicious ssh URLs

A shell command injection flaw related to the handling of "ssh" URLs has been discovered in Git. An attacker could use this flaw to execute shell commands with the privileges of the user running the Git client, for example, when performing a "clone" action on a malicious repository or a legitimat...

git: Command injection via malicious ssh URLs

A shell command injection flaw related to the handling of "ssh" URLs has been discovered in Git. An attacker could use this flaw to execute shell commands with the privileges of the user running the Git client, for example, when performing a "clone" action on a malicious repository or a legitimat...