43 matches found
CVE-2026-49465 n8n: Git Node Clone and Push Operations Bypass File Sandbox
n8n is an open source workflow automation platform. Prior to 1.123.48, 2.21.8, and 2.22.4, an authenticated user with permission to create or modify workflows could supply a local filesystem path as the source repository in the Git node's Clone operation, or as the target repository in the Push...
Cursor AI IDE vulnerability allows code execution via hidden Git hooks
Novee researchers find high-severity CVE-2026-26268 flaw in Cursor AI, allowing hackers to run malicious code when developers clone repositories...
CVE-2022-38795
In Gitea through 1.17.1, repo cloning can occur in the migration function...
nuclei_poc
This repository is an offensive tool for Nuclei POCs. It is a Python script that clones GitHub repositories, extracts Nuclei POCs, and organizes them into categorized folders. The script runs automatically every day using GitHub Actions. The primary vulnerability class targeted by this tool is no...
Information Exposure
Overview bbot is an OSINT automation for hackers. Affected versions of this package are vulnerable to Information Exposure via gitclone. An attacker can obtain sensitive information by tricking a user into cloning a repository using a specially crafted URL that causes the API key to be sent to an...
SUSE-SU-2025:20855-1 Security update for git
This update for git fixes the following issues: Update to 2.51.0: - CVE-2025-27613: arbitrary writable file creation and truncation in Gitk bsc1245938 - CVE-2025-27614: arbitrary script execution via repo clonation in gitk bsc1245939 - CVE-2025-46835: untrusted repository cloning can lead to...
EUVD-2024-29858
Malicious code in bioql PyPI...
EUVD-2024-54676
Malicious code in bioql PyPI...
EUVD-2024-29844
Malicious code in bioql PyPI...
gitk: Git file creation flaw
A vulnerability has been identified in the gitk application that could lead to unauthorized file modification or data loss. This flaw manifests in two primary scenarios: - Untrusted Repository Cloning: When a user is tricked into cloning an untrusted Git repository and then uses gitk to visualize...
CVE-2025-27613 Gitk can create and truncate files in the user's home directory
Gitk is a Tcl/Tk based Git history browser. Starting with 1.7.0, when a user clones an untrusted repository and runs gitk without additional command arguments, files for which the user has write permission can be created and truncated. The option Support per-file encoding must have been enabled...
CVE-2025-48385
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When cloning a repository Git knows to optionally fetch a bundle advertised by the remote server, which allows the server-side to...
BIT-GITLAB-2024-9512 Time-of-check Time-of-use (TOCTOU) Race Condition in GitLab
An issue has been discovered in GitLab EE affecting all versions prior to 17.10.8, 17.11 prior to 17.11.4, and 18.0 prior to 18.0.2. It may have been possible for private repository to be cloned in case of race condition when a secondary node is out of sync...
CVE-2024-9512
An issue has been discovered in GitLab EE affecting all versions prior to 17.10.8, 17.11 prior to 17.11.4, and 18.0 prior to 18.0.2. It may have been possible for private repository to be cloned in case of race condition when a secondary node is out of sync...
CVE-2024-9512 Time-of-check Time-of-use (TOCTOU) Race Condition in GitLab
An issue has been discovered in GitLab EE affecting all versions prior to 17.10.8, 17.11 prior to 17.11.4, and 18.0 prior to 18.0.2. It may have been possible for private repository to be cloned in case of race condition when a secondary node is out of sync...
CVE-2024-9512 Time-of-check Time-of-use (TOCTOU) Race Condition in GitLab
An issue has been discovered in GitLab EE affecting all versions prior to 17.10.8, 17.11 prior to 17.11.4, and 18.0 prior to 18.0.2. It may have been possible for private repository to be cloned in case of race condition when a secondary node is out of sync...
CVE-2024-51990
jj, or Jujutsu, is a Git-compatible VCS written in rust. In affected versions specially crafted Git repositories can cause jj to write files outside the clone. This issue has been addressed in version 0.23.0. Users are advised to upgrade. Users unable to upgrade should avoid cloning repos from...
CVE-2023-2589
An issue has been discovered in GitLab EE affecting all versions starting from 12.0 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An attacker can clone a repository from a public project, from a disallowed IP, even after the...
PT-2025-5593 · Unknown · Pwn.College
Name of the Vulnerable Software and Affected Versions: pwn.college affected versions not specified Description: The issue is related to incorrect symlink checks on user-specified dojos, allowing users to perform a Local File Inclusion LFI from the CTFd container without requiring admin privileges...
GO-2024-3296 Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts in github.com/cli/cli
Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts in github.com/cli/cli...