Packistry 代码问题漏洞

Packistry is an open-source, self-hosted Composer repository developed by Packistry. Versions of Packistry prior to 0.13.0 had code-related vulnerabilities. These vulnerabilities stemmed from the lack of enforcement of token expiration checks, which could lead to unauthorized access...

CVE-2026-27735

CVE-2026-27735 affects the Model Context Protocol Servers (mcp-server-git) prior to version 2026.1.14. The git_add tool did not validate that file paths in the files argument stay within the repository, because it used GitPython's repo.index.add() instead of the Git CLI. This allowed relative pat...

CVE-2026-27735 mcp-server-git : Path traversal in git_add allows staging files outside repository boundaries

Model Context Protocol Servers is a collection of reference implementations for the model context protocol MCP. In mcp-server-git versions prior to 2026.1.14, the gitadd tool did not validate that file paths provided in the files argument were within the repository boundaries. Because the tool us...

CVE-2026-27735

Model Context Protocol Servers is a collection of reference implementations for the model context protocol MCP. In mcp-server-git versions prior to 2026.1.14, the gitadd tool did not validate that file paths provided in the files argument were within the repository boundaries. Because the tool us...

CVE-2026-27735 mcp-server-git : Path traversal in git_add allows staging files outside repository boundaries

Model Context Protocol Servers is a collection of reference implementations for the model context protocol MCP. In mcp-server-git versions prior to 2026.1.14, the gitadd tool did not validate that file paths provided in the files argument were within the repository boundaries. Because the tool us...

CVE-2026-27735 mcp-server-git : Path traversal in git_add allows staging files outside repository boundaries

Model Context Protocol Servers is a collection of reference implementations for the model context protocol MCP. In mcp-server-git versions prior to 2026.1.14, the gitadd tool did not validate that file paths provided in the files argument were within the repository boundaries. Because the tool us...

Malicious Package

Overview chai-as-utils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

USN-5376-4: Git regression

USN-5376-1 fixed a vulnerability in Git. It was discovered that the safety checks introduced in the update were not able to be set using the command line, contrary to expectations. This update fixes the problem. We apologize for the inconvenience. Original advisory details: 俞晨东 discovered that Gi...

CVE-2026-3051

A vulnerability has been found in DataLinkDC dinky up to 1.2.5. The affected element is the function getProjectDir of the file dinky-admin/src/main/java/org/dinky/utils/GitRepository.java of the component Project Name Handler. Such manipulation of the argument projectName leads to path traversal...

CVE-2025-69253

free5GC is an open-source project for 5th generation 5G mobile core networks. Versions up to and including 1.4.1 of the User Data Repository are affected by Improper Error Handling with Information Exposure. The NEF component reliably leaks internal parsing error details e.g., invalid character '...

PT-2026-21840

Repostat is a React component to fetch and display GitHub repository info. Prior to version 1.0.1, the RepoCard component is vulnerable to Reflected Cross-Site Scripting XSS. The vulnerability occurs because the component uses React's dangerouslySetInnerHTML to render the repository name repo pro...

PT-2026-22055

Name of the Vulnerable Software and Affected Versions mcp-server-git versions prior to 2026.1.14 Description The Model Context Protocol Servers software contains an issue where the git add tool does not properly validate file paths provided in the files argument. This allows relative paths...

repostat 跨站脚本漏洞

“Repostat” is a component used by DenPiligrim’s individual developers to retrieve repository information. Versions of “repostat” prior to 1.0.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from the RepoCard component using “dangerouslySetInnerHTML” to render the...

CVE-2025-69208

free5GC UDR is the user data repository UDR for free5GC, an an open-source project for 5th generation 5G mobile core networks. Versions prior to 1.4.1 contain an Improper Error Handling vulnerability with Information Exposure. All deployments of free5GC using the NnefPfdManagement service may be...

CVE-2026-21420

Dell Repository Manager DRM, versions prior to 3.4.8, contains an Uncontrolled Search Path Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution and escalation of privileges...

Security Bulletin: Vulnerability in IBM® Java SDK affects WebSphere Service Registry and Repository due to CVE-2026-1188

Summary A buffer overflow vulnerability in IBM® SDK, Java™ Technology Edition affects IBM WebSphere Service Registry and Repository. This issue is also addressed by WebSphere Application Server shipped with WebSphere Service Registry and Repository. Vulnerability Details CVEID:CVE-2026-1188...

NULL Pointer Dereference

Overview Magick.NET-Q16-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

NULL Pointer Dereference

Overview Magick.NET-Q16-HDRI-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...

CVE-2025-69253

free5GC is an open-source project for 5th generation 5G mobile core networks. Versions up to and including 1.4.1 of the User Data Repository are affected by Improper Error Handling with Information Exposure. The NEF component reliably leaks internal parsing error details e.g., invalid character '...

CVE-2026-3051

DataLinkDC dinky (up to 1.2.5) is affected by CVE-2026-3051. The vulnerability is in the getProjectDir function of git-related code (dinky-admin/src/main/java/org/dinky/utils/GitRepository.java, Project Name Handler). Improper handling of the projectName argument enables path traversal, with remo...