EUVD-2025-199412

Malicious code in @voiceflow/git-branch-check npm...

Command Injection

check-branches is vulnerable to command injection.The vulnerability is due to the tool trusting branch names as plain text and concatenating them into git commands, which allows an attacker to craft malicious branch names to execute arbitrary system commands...

CVE-2025-64688

In JetBrains YouTrack before 2025.3.104432 missing VCS URL validation allowed delegation to unauthorized repositories from the Junie widget...

EUVD-2025-44049

In JetBrains YouTrack before 2025.3.104432 missing VCS URL validation allowed delegation to unauthorized repositories from the Junie widget...

CVE-2025-64688

...

CVE-2025-64688

CVE-2025-64688 is rejected/not used per the initial description.

编号撤回

JetBrains YouTrack is a browser-based bug tracking and project management software from the Czech company JetBrains. The software features bug tracking, creating workflows and monitoring project progress. A security vulnerability exists in versions prior to JetBrains YouTrack 2025.3.104432, which...

PT-2025-46157

Name of the Vulnerable Software and Affected Versions JetBrains YouTrack versions prior to 2025.3.104432 Description A missing VCS URL validation in JetBrains YouTrack allows delegation to unauthorized repositories through the Junie widget. This issue affects versions prior to 2025.3.104432...

CVE-2025-64112

Statmatic is a Laravel and Git powered content management system CMS. Stored XSS vulnerabilities in Collections and Taxonomies allow authenticated users with content creation permissions to inject malicious JavaScript that executes when viewed by higher-privileged users. This vulnerability is fix...

BIT-GIT-LFS-2025-26625 Git LFS may write to arbitrary files via crafted symlinks

Git LFS is a Git extension for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git repository's working tree with the contents of Git LFS objects, certain Git LFS commands may write to files visible outside the current Git working tree if symbolic or hard links...

EUVD-2025-35053

An arbitrary code execution vulnerability exists in the git functionality of Truffle Security Co. TruffleHog 3.90.2. A specially crafted repository can lead to a arbitrary code execution. An attacker can provide a malicious respository to trigger this vulnerability...

Ensuring Safe and Reliable Updates with Qualys TruRisk™ Manifest Version Control

The Fragility of “One Bad Update” In cybersecurity, speed is non-negotiable. New vulnerabilities surface daily, and enterprises expect coverage the moment exploits are in the wild. For years, the mantra was simple: push signatures fast, and you reduce risk. Faster updates meant faster protection...

EUVD-2017-14864

Malware in sbrugna...

EUVD-2016-9363

Malware in sbrugna...

EUVD-2016-9361

Malware in sbrugna...

EUVD-2016-9362

Malware in sbrugna...

EUVD-2005-2078

Malware in sbrugna...

EUVD-2018-17198

Malware in sbrugna...

EUVD-2006-5285

Malware in sbrugna...

EUVD-2008-0714

Malware in sbrugna...