Lucene search
K

5 matches found

NVD
NVD
added yesterday5 views

CVE-2026-49988

Repomix is a tool that packs repositories into AI-friendly files. Prior to 1.14.1, the Repomix MCP server attachpackedoutput and readrepomixoutput flow can register and read arbitrary local .json, .txt, .md, or .xml files without the filesystemreadfile runSecretLint safety check or Repomix...

6.8CVSS0.00028EPSS
Exploits0References3
CVE
CVE
added yesterday19 views

CVE-2026-49988

Repomix’s MCP server flow attach_packed_output followed by read_repomix_output can register and expose arbitrary local files (.json/.txt/.md/.xml) without running the secret-scan check, bypassing the file_system_read_file boundary. The root cause is that this path validates only by extension/form...

6.8CVSS6.2AI score0.00028EPSS
Exploits0References3
Snyk
Snyk
added 2026/07/01 7:1 p.m.6 views

Unprotected Alternate Channel

Overview repomix is an A tool to pack repository contents to single file for AI consumption Affected versions of this package are vulnerable to Unprotected Alternate Channel through the attachpackedoutput process. An attacker can access sensitive information from arbitrary local .json, .txt, .md,...

6.9CVSS6AI score0.00028EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/07/01 7:1 p.m.5 views

NPM: repomix: attach_packed_output can bypass file-read secret scanning for supported local files

NPM: repomix: attachpackedoutput can bypass file-read secret scanning for supported local files vulnerability discovered by ? in WordPress Npm repomix versions = 1.14.0...

6.8CVSS5.9AI score0.00028EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/21 10:23 p.m.5 views

CVE-2026-3307 Authorization bypass in GitHub Enterprise Server secret scanning push protection allows cross-repository modification of delegated bypass reviewers

An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed an attacker with admin access on one repository to modify the secret scanning push protection delegated bypass reviewer list on another repository by manipulating the ownerid parameter in the request bod...

5.3CVSS5.9AI score0.0027EPSS
Exploits0References7
Rows per page
Query Builder