EUVD-2021-1007

Malware in sbrugna...

EUVD-2022-3166

Malicious code in bioql PyPI...

EUVD-2023-2444

Malicious code in bioql PyPI...

CVE-2023-26143

Versions of the package blamer before 1.0.4 are vulnerable to Arbitrary Argument Injection via the blameByFile API. The library does not sanitize for user input or validate the given file path conforms to a specific schema, nor does it properly pass command-line flags to the git binary using the...

CVE-2020-8137

Code injection vulnerability in blamer 1.0.0 and earlier may result in remote code execution when the input can be controlled by an attacker...

CVE-2019-10807

Blamer versions prior to 1.0.1 allows execution of arbitrary commands. It is possible to inject arbitrary commands as part of the arguments provided to blamer...

Arbitrary Argument Injection

blamer is vulnerable to Arbitrary Argument Injection. The vulnerability is due to blameByFile API not properly sanitizing the user input and validating the give file path. This can be exploited by the attacker by using he double-dash POSIX character -- to pass malicious command line arguments to...

GHSA-6F9P-G466-F8V8 blamer vulnerable to Arbitrary Argument Injection via the blameByFile() API

Versions of the blamer package before 1.0.4 are vulnerable to Arbitrary Argument Injection via the blameByFile API. The library does not sanitize for user input or validate the given file path conforms to a specific schema, nor does it properly pass command-line flags to the git binary using the...

@caiwenshu/cqc (>=0.5.2 <=0.5.3), @dimax-ar/dimax-scripts (>=1.0.0-alpha.1 <=1.0.0-alpha.8) +31 more potentially affected by CVE-2023-26143 via blamer (=0.1.13)

blamer NPM version =0.1.13 is affected by a known vulnerability. The following packages have a transitive dependency on blamer and may be impacted: - @caiwenshu/cqc =0.5.2, =1.0.0-alpha.1, =0.30.66, =1.0.0, =1.0.15, =1.0.5, =1.0.0, =1.0.0, =1.0.5, =1.4.19, =1.0.1, =1.0.0, =0.0.1, =0.0.2 and more...

CVE-2023-26143

Versions of the package blamer before 1.0.4 are vulnerable to Arbitrary Argument Injection via the blameByFile API. The library does not sanitize for user input or validate the given file path conforms to a specific schema, nor does it properly pass command-line flags to the git binary using the...

CVE-2023-26143

Versions of the package blamer before 1.0.4 are vulnerable to Arbitrary Argument Injection via the blameByFile API. The library does not sanitize for user input or validate the given file path conforms to a specific schema, nor does it properly pass command-line flags to the git binary using the...

CVE-2023-26143

CVE-2023-26143 affects the blamer package prior to version 1.0.4. The root cause is an Arbitrary Argument Injection via the blameByFile() API due to insufficient input sanitization and invalid file-path handling, coupled with improper passing of git flags ( -- ) to terminate options. Public analy...

CVE-2023-26143

Versions of the package blamer before 1.0.4 are vulnerable to Arbitrary Argument Injection via the blameByFile API. The library does not sanitize for user input or validate the given file path conforms to a specific schema, nor does it properly pass command-line flags to the git binary using the...

Blamer Parameter Injection Vulnerability

Blamer is a tool for obtaining code author information from a version control system. A security vulnerability exists in Blamer versions prior to 1.0.4, which stems from an arbitrary parameter injection vulnerability in the blameByFile API...

Arbitrary Argument Injection

Overview blamer is a tool for get information about author of code from version control system. Supports git and subversion. Affected versions of this package are vulnerable to Arbitrary Argument Injection via the blameByFile API. The library does not sanitize for user input or validate the given...

GHSA-8CXP-CJM8-FJ36 Improper Neutralization of Special Elements used in an OS Command in Blamer

Blamer versions prior to 1.0.1 allows execution of arbitrary commands. It is possible to inject arbitrary commands as part of the arguments provided to blamer...

@caiwenshu/cqc (>=0.5.2 <=0.5.3), @dimax-ar/dimax-scripts (>=1.0.0-alpha.1 <=1.0.0-alpha.8) +31 more potentially affected by CVE-2019-10807 via blamer (=0.1.13)

blamer NPM version =0.1.13 is affected by a known vulnerability. The following packages have a transitive dependency on blamer and may be impacted: - @caiwenshu/cqc =0.5.2, =1.0.0-alpha.1, =0.30.66, =1.0.0, =1.0.15, =1.0.5, =1.0.0, =1.0.0, =1.0.5, =1.4.19, =1.0.1, =1.0.0, =0.0.1, =0.0.2 and more...

Improper Neutralization of Special Elements used in an OS Command in Blamer

Blamer versions prior to 1.0.1 allows execution of arbitrary commands. It is possible to inject arbitrary commands as part of the arguments provided to blamer...

GHSA-7VM7-J8P7-H346 Code injection in blamer

Code injection vulnerability in blamer 1.0.0 and earlier may result in remote code execution when the input can be controlled by an attacker...

Code injection in blamer

Code injection vulnerability in blamer 1.0.0 and earlier may result in remote code execution when the input can be controlled by an attacker...