56 matches found
Astra Linux – Vulnerability in Git
Git GUI allows you to use Git source control management tools through a graphical interface. When a user clones an untrusted repository and is tricked into editing a file located in a directory with a malicious name in the repository, Git GUI can create and overwrite files for which the user has...
PT-2026-48681
Name of the Vulnerable Software and Affected Versions PDM versions prior to 2.28.0 Description PDM automatically loads project-local plugin paths from .pdm-plugins during Core initialization. This process uses site.addsitedir, which on CPython processes .pth files in the added directory. If a .pt...
CVE-2026-42305
Dulwich is a pure-Python implementation of the Git file formats and protocols. Versions starting with 0.10.0 and prior to 1.2.5 have an arbitrary file write leading to remote code execution when cloning or checking out a malicious Git repository on Windows. Dulwich's path-element validator accept...
Unity Linux 20.1070a Security Update: git (UTSA-2026-021268)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021268 advisory. Git GUI allows you to use the Git source control management tools via a GUI. When a user clones an untrusted repository and is tricked into editing a file located in...
BentoML has Information Disclosure in `bentoml build` via symlink traversal in the build context
Summary BentoML's bentoml build packaging workflow follows attacker-controlled symlinks inside the build context and copies the referenced file contents into the generated Bento artifact. If a victim builds an untrusted repository or other attacker-supplied build context, the attacker can place a...
Symlink Attack
Overview Affected versions of this package are vulnerable to Symlink Attack when processing Git URL fragment subdir components. An attacker can access files outside the intended Git repository root by specifying a crafted subdir value in the URL fragment. Note: This is only exploitable if builds...
CVE-2026-28500 ONNX Untrusted Model Repository Warnings Suppressed by silent=True in onnx.hub.load() — Silent Supply-Chain Attack
Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. In versions up to and including 1.20.1, a security control bypass exists in onnx.hub.load due to improper logic in the repository trust verification mechanism. While the function is designed to warn users...
Resources Downloaded over Insecure Protocol
Overview onnx is an Open Neural Network Exchange Affected versions of this package are vulnerable to Resources Downloaded over Insecure Protocol via the onnx.hub.load function when the silent parameter is set to True. An attacker can bypass repository trust verification and suppress all security...
EulerOS 2.0 SP13 : git (EulerOS-SA-2025-2256)
According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Gitk is a Tcl/Tk based Git history browser. Starting with 1.7.0, when a user clones an untrusted repository and runs gitk without additional command...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: git (UTSA-2025-984673)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-984673 advisory. Git GUI allows you to use the Git source control management tools via a GUI. When a user clones an untrusted repository and is tricked into editing a file located in...
EUVD-2025-21002
Malicious code in bioql PyPI...
EUVD-2024-29844
Malicious code in bioql PyPI...
EUVD-2025-21005
Malicious code in bioql PyPI...
EUVD-2022-54322
Malicious code in bioql PyPI...
TencentOS Server 4: git (TSSA-2025:0605)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0605 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
Linux Distros Unpatched Vulnerability : CVE-2025-27613
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Gitk is a Tcl/Tk based Git history browser. Starting with 1.7.0, when a user clones an untrusted repository and runs gitk without additional command arguments,...
Linux Distros Unpatched Vulnerability : CVE-2025-46835
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Git GUI allows you to use the Git source control management tools via a GUI. When a user clones an untrusted repository and is tricked into editing a file locat...
Amazon Linux 2023 : git, git-all, git-core (ALAS2023-2025-1108)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1108 advisory. When a user clones an untrusted repository and runs Gitk without additional command arguments, any writable file can be created and truncated. The option Support per-file encoding must have be...
Amazon Linux 2 : git (ALAS-2025-2941)
The version of git installed on the remote host is prior to 2.47.3-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2941 advisory. When a user clones an untrusted repository and runs Gitk without additional command arguments, any writable file can be creat...
Google Go 安全漏洞
Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google USA. A security vulnerability exists in Google Go that stems from the execution of unexpected commands in an untrusted VCS repository, which could lead to arbitrary code execution...