CVE-2026-11572

Versions of the package degit before 2.8.6, from 3.0.0 and before 3.3.1 are vulnerable to Command Injection due to improper sanitisation of user input for git shell commands directly invoked with exec method by cloneWithGit and fetchRefs functions. An attacker can execute arbitrary operating syst...

EUVD-2026-34880

HAX CMS helps manage microsite universe with PHP or NodeJs backends. The PHP version of HAX CMS prior to version 26.0.0 has an authenticated file overwrite vulnerability. An attacker can exploit this vulnerability to configure malicious Git filter commands and achieve code execution on the HAX CM...

willitmerge has a Command Injection vulnerability

willitmerge describes itself as a command line tool to check if pull requests are mergeable. There is a Command Injection vulnerability in version [email protected]. Resources: Project's GitHub source code: https://github.com/shama/willitmerge/ Project's npm package:...

EUVD-2021-26231

Malware in sbrugna...

EUVD-2017-2982

Malware in sbrugna...

EUVD-2025-31701

Malicious code in bioql PyPI...

GHSA-9C4G-FP4R-PRRV check-branches is vulnerable to command Injection

All versions of the package check-branches are vulnerable to Command Injection. check-branches is a command-line tool that is interacted with locally, or via CI, to confirm no conflicts exist in git branches. However, the library follows these conventions which can be abused: 1. It trusts branch...

check-branches is vulnerable to command Injection

All versions of the package check-branches are vulnerable to Command Injection. check-branches is a command-line tool that is interacted with locally, or via CI, to confirm no conflicts exist in git branches. However, the library follows these conventions which can be abused: 1. It trusts branch...

CVE-2025-11148

All versions of the package check-branches are vulnerable to Command Injection check-branches is a command-line tool that is interacted with locally, or via CI, to confirm no conflicts exist in git branches. However, the library follows these conventions which can be abused: 1. It trusts branch...

CVE-2025-11148

All versions of the package check-branches are vulnerable to Command Injection check-branches is a command-line tool that is interacted with locally, or via CI, to confirm no conflicts exist in git branches. However, the library follows these conventions which can be abused: 1. It trusts branch...

CVE-2025-11148

All versions of the package check-branches are vulnerable to Command Injection check-branches is a command-line tool that is interacted with locally, or via CI, to confirm no conflicts exist in git branches. However, the library follows these conventions which can be abused: 1. It trusts branch...

PT-2025-40040

All versions of the package check-branches are vulnerable to Command Injection. check-branches is a command-line tool that is interacted with locally, or via CI, to confirm no conflicts exist in git branches. However, the library follows these conventions which can be abused: 1. It trusts branch...

check-branches 安全漏洞

check-branches is a branch conflict checking tool by the individual developer Pablo Schaffner. A security vulnerability exists in check-branches that stems from trusting branch names and splicing user input to execute git commands, which could lead to a command injection attack...

PT-2025-39958

Name of the Vulnerable Software and Affected Versions check-branches affected versions not specified Description The software is susceptible to a command injection issue. The tool trusts branch names without sanitization and constructs git commands by concatenating user input. This allows attacke...

Linux Distros Unpatched Vulnerability : CVE-2022-42906

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - powerline-gitstatus aka Powerline Gitstatus before 1.3.2 allows arbitrary code execution. git repositories can contain per-repository configuration that changes...

Linux Distros Unpatched Vulnerability : CVE-2021-39874

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In all versions of GitLab CE/EE since version 11.0, the requirement to enforce 2FA is not honored when using git commands. CVE-2021-39874 Note that Nessus relie...

CVE-2021-39874

In all versions of GitLab CE/EE since version 11.0, the requirement to enforce 2FA is not honored when using git commands...

GHSA-6729-95V3-PJC2 HL7 FHIR IG Publisher potentially exposes GitHub repo user and credential information

Impact In CI contexts, the IG Publisher CLI uses git commands to determine the URL of the originating repo. If the repo was cloned, or otherwise set to use a repo that uses a username and credential based URL, the entire URL will be included in the built Implementation Guide, exposing username an...

CVE-2025-24363 The HL7 FHIR IG publisher may potentially expose GitHub repo user and credential information

The HL7 FHIR IG publisher is a tool to take a set of inputs and create a standard FHIR IG. Prior to version 1.8.9, in CI contexts, the IG Publisher CLI uses git commands to determine the URL of the originating repo. If the repo was cloned, or otherwise set to use a repo that uses a username and...

SUSE CVE-2022-36070

Poetry is a dependency manager for Python. To handle dependencies that come from a Git repository, Poetry executes various commands, e.g. git config. These commands are being executed using the executable's name and not its absolute path. This can lead to the execution of untrusted code due to th...