CVE-2026-3515

A vulnerability in the GitHubRepository block of the prefect-github integration in Prefect version 3.6.18 allows an attacker to inject arbitrary git command-line options via the reference field. The reference field is concatenated directly into a git clone command string without proper...

SUSE CVE-2026-26194

Gogs is an open source self-hosted Git service. Prior to version 0.14.2, there's a security issue in gogs where deleting a release can fail if a user controlled tag name is passed to git without the right separator, this lets git options get injected and mess with the process. This issue has been...

EUVD-2026-9852

Gogs: Release tag option injection in release deletion...

Gogs: Release tag option injection in release deletion

Summary There is a security issue in Gogs where deleting a release can fail if a user-controlled tag name is passed to Git without the right separator, allowing Git option injection and therefore interfering with the process. Affected Component - internal/database/release.go process.ExecDir...,...

CVE-2026-26194

Gogs is an open source self-hosted Git service. Prior to version 0.14.2, there's a security issue in gogs where deleting a release can fail if a user controlled tag name is passed to git without the right separator, this lets git options get injected and mess with the process. This issue has been...

CVE-2026-26194

Gogs prior to v0.14.2 contains a vulnerability where deleting a release can fail when a user-controlled tag name is passed to git without the proper separator. This allows git options to be injected and can disrupt the process, impacting availability (and to a lesser extent confidentiality/integr...

CVE-2026-26194

Gogs is an open source self-hosted Git service. Prior to version 0.14.2, there's a security issue in gogs where deleting a release can fail if a user controlled tag name is passed to git without the right separator, this lets git options get injected and mess with the process. This issue has been...

CVE-2023-26143

Versions of the package blamer before 1.0.4 are vulnerable to Arbitrary Argument Injection via the blameByFile API. The library does not sanitize for user input or validate the given file path conforms to a specific schema, nor does it properly pass command-line flags to the git binary using the...

Bundler 参数注入漏洞

Bundler is a package for managing application dependencies in Ruby. It provides a consistent environment for Ruby projects by tracking and installing the exact gem and version required. Bundler suffers from a code injection vulnerability that stems from the fact that when using Gemfile, an attack...