Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Github Security Blog
Github Security Blogadded 2025/12/17 10:50 p.m.10 views

mcp-server-git argument injection in git_diff and git_checkout functions allows overwriting local files

In mcp-server-git versions prior to 2025.12.18, the gitdiff and gitcheckout functions passed user-controlled arguments directly to git CLI commands without sanitization. Flag-like values e.g., --output=/path/to/file for gitdiff would be interpreted as command-line options rather than git refs,...

7.1CVSS7.3AI score0.00015EPSS
Exploits0References3Affected Software1
Veracode
Veracodeadded 2025/10/17 5:36 p.m.3 views

Command Injection

interactive-git-checkout is vulnerable to Command Injection. The vulnerability is due to the application passing unsanitized branch names directly to the git checkout command using Node.js’s exec function, which allows an attacker to inject malicious commands and execute arbitrary code on the...

9.8CVSS8.3AI score0.00463EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVEadded 2025/09/11 11:24 p.m.6 views

CVE-2025-59046

The npm package interactive-git-checkout is an interactive command-line tool that allows users to checkout a git branch while it prompts for the branch name on the command-line. It is available as an npm package and can be installed via npm install -g interactive-git-checkout. Versions up to and...

9.8CVSS7.6AI score0.00463EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2025/09/09 12:0 a.m.3 views

PT-2025-36999

Name of the Vulnerable Software and Affected Versions: interactive-git-checkout versions up to and including 1.1.4 Description: The interactive-git-checkout tool is an interactive command-line utility for checking out Git branches. Versions up to and including 1.1.4 are susceptible to a command...

9.8CVSS6.8AI score0.00463EPSS
Exploits0References8
GithubExploit
GithubExploitadded 2025/07/25 1:10 p.m.100 views

Exploit for Improper Input Validation in Jenkins Git_Parameter

CVE-2025-53652: Jenkins Git Parameter Plugin Unvalidated Input...

8.2CVSS10AI score0.00068EPSS
Exploits1
Github Security Blog
Github Security Blogadded 2022/06/09 11:48 p.m.24 views

OS Command Injection in cookiecutter

The package cookiecutter before 2.1.1 is vulnerable to Command Injection via hg argument injection. When calling the cookiecutter function from Python code with the checkout parameter, it is passed to the hg checkout command in a way that additional flags can be set. The additional flags can be...

9.8CVSS2.4AI score0.02224EPSS
Exploits1References8Affected Software1
UbuntuCve
UbuntuCveadded 2022/06/08 8:15 a.m.21 views

CVE-2022-24065

The package cookiecutter before 2.1.1 are vulnerable to Command Injection via hg argument injection. When calling the cookiecutter function from Python code with the checkout parameter, it is passed to the hg checkout command in a way that additional flags can be set. The additional flags can be...

9.8CVSS7.2AI score0.02224EPSS
Exploits1References4
Rows per page
Query Builder