Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Snyk
Snykadded 2026/04/21 2:48 p.m.1 views

Remote Code Execution (RCE)

Overview Affected versions of this package are vulnerable to Remote Code Execution RCE via insufficient sanitization of user inputs to reference, path, and branch parameters when handling git resources in GitJobExecutor. An attacker can inject commands, exposing credentials, removing files, or...

9.9CVSS5.9AI score0.00093EPSS
Exploits0References2
Github Security Blog
Github Security Blogadded 2026/04/21 2:48 p.m.5 views

Spinnaker: RCE when using gitrepo artifact types due to improper sanitization of user input on branch and paths

Spinnaker is an open source, multi-cloud continuous delivery platform. In versions prior to 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2, a bad actor can execute arbitrary commands very simply on the clouddriver pods. This can expose credentials, remove files, or inject resources easily. Versions...

9.9CVSS5.7AI score0.00093EPSS
Exploits0References8Affected Software1
OSV
OSVadded 2025/09/09 10:33 p.m.1 views

CVE-2025-59046 interactive-git-checkout has Command Injection vulnerability

The npm package interactive-git-checkout is an interactive command-line tool that allows users to checkout a git branch while it prompts for the branch name on the command-line. It is available as an npm package and can be installed via npm install -g interactive-git-checkout. Versions up to and...

9.8CVSS7.3AI score0.00463EPSS
Exploits0References4
CVE
CVEadded 2025/09/09 10:33 p.m.19 views

CVE-2025-59046

The CVE-2025-59046 entry concerns the npm package interactive-git-checkout. Affected versions (up to and including 1.1.4) are vulnerable because the code passes the user-provided branch name directly to git checkout via Node.js child_process.exec() without input validation or sanitization, enabli...

9.8CVSS7.1AI score0.00463EPSS
Exploits0References2
OSV
OSVadded 2024/10/08 6:30 a.m.1 views

GHSA-62CX-5XJ4-WFM4 ggit is vulnerable to Command Injection via the fetchTags(branch) API

All versions of the package ggit are vulnerable to Command Injection via the fetchTagsbranch API, which allows user input to specify the branch to be fetched and then concatenates this string along with a git command which is then passed to the unsafe exec Node.js child process API...

7.3CVSS5.9AI score0.00364EPSS
Exploits0References4
Oracle linux
Oracle linuxadded 2017/08/07 12:0 a.m.52 views

git security and bug fix update

1.8.3.1-11 - dissalow repo names beginning with dash Resolves: CVE-2017-8386 -1.8.3.1-10 - do not put unsanitized branch names in Resolves: CVE-2014-9938 -1.8.3.1-9 - add control of GSSAPI credential delegation to enable HTTPS-SSO authentication Resolves: 1369173 1.8.3.1-8 - remove needles check ...

10CVSS0.8AI score0.71499EPSS
Exploits3
Rows per page
Query Builder