EUVD-2026-25639

Versions of the package simple-git before 3.36.0 are vulnerable to Remote Code Execution RCE due to an incomplete fix for CVE-2022-25912 that blocks the -c option but not the equivalent --config form. If untrusted input can reach the options argument passed to simple-git, an attacker may still...

CVE-2026-6951

CVE-2026-6951 affects the Node.js package “simple-git.” The vulnerability lies in versions before 3.36.0, due to an incomplete fix for CVE-2022-25912 that blocks the -c option but not the equivalent --config form. If untrusted input reaches the options argument, an attacker could achieve remote c...

CVE-2026-6951

Versions of the package simple-git before 3.36.0 are vulnerable to Remote Code Execution RCE due to an incomplete fix for CVE-2022-25912 that blocks the -c option but not the equivalent --config form. If untrusted input can reach the options argument passed to simple-git, an attacker may still...

CVE-2026-6951

Versions of the package simple-git before 3.36.0 are vulnerable to Remote Code Execution RCE due to an incomplete fix for CVE-2022-25912 that blocks the -c option but not the equivalent --config form. If untrusted input can reach the options argument passed to simple-git, an attacker may still...

PT-2026-37179

Name of the Vulnerable Software and Affected Versions GitPython versions 3.1.30 through 3.1.46 Description GitPython fails to properly validate certain Python keyword arguments, allowing a bypass of the safety checks intended to block dangerous Git options. While the library blocks options like...

PT-2026-35132

Versions of the package simple-git before 3.36.0 are vulnerable to Remote Code Execution RCE due to an incomplete fix for CVE-2022-25912 that blocks the -c option but not the equivalent --config form. If untrusted input can reach the options argument passed to simple-git, an attacker may still...

PT-2026-37191

Name of the Vulnerable Software and Affected Versions GitPython versions prior to 3.1.47 Description GitPython is a Python library used to interact with Git repositories. The clone function validates the multi options variable as an original list but then executes shlex.split" ".joinmulti options...

Malicious code in @frengki0707/google-cloud-clone (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a278202a1e4a54c185b707e1eeed0b0df0438168bcec4a2a5b5741bcbd8a5e5c The package @frengki0707/google-cloud-clone was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-3060 Malicious code in @frengki0707/google-cloud-clone (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a278202a1e4a54c185b707e1eeed0b0df0438168bcec4a2a5b5741bcbd8a5e5c The package @frengki0707/google-cloud-clone was found to contain malicious code. Source: ossf-package-analysis...

SUSE CVE-2026-31471

In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: only publish modedata after clone setup iptfsclonestate stores x-modedata before allocating the reorder window. If that allocation fails, the code frees the cloned state and returns -ENOMEM, leaving x-modedata pointi...

MAL-2026-2999 Malicious code in pypdf-fork (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c3a651b0cc8ca7cc4fcae91ff3160af205a97d0aacacd8e88d76c04ce013bd02 During importing the module, package sends a beacon notification to the owner. The package has no other differences from the original legitimate "pypdf". ---...

EUVD-2026-24821

In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: only publish modedata after clone setup iptfsclonestate stores x-modedata before allocating the reorder window. If that allocation fails, the code frees the cloned state and returns -ENOMEM, leaving x-modedata pointi...

CVE-2026-31471

In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: only publish modedata after clone setup iptfsclonestate stores x-modedata before allocating the reorder window. If that allocation fails, the code frees the cloned state and returns -ENOMEM, leaving x-modedata pointi...

CVE-2026-31471

In CVE-2026-31471, the Linux kernel’s xfrm: iptfs path had a use-after-free-like issue during IPTFS clone state setup. iptfs_clone_state() stored x->mode_data before allocating the reorder window; if allocation failed, the code freed the cloned state but left x->mode_data pointing at freed ...

CVE-2026-31471 xfrm: iptfs: only publish mode_data after clone setup

In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: only publish modedata after clone setup iptfsclonestate stores x-modedata before allocating the reorder window. If that allocation fails, the code frees the cloned state and returns -ENOMEM, leaving x-modedata pointi...

PT-2026-34376

In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: only publish mode data after clone setup iptfs clone state stores x-mode data before allocating the reorder window. If that allocation fails, the code frees the cloned state and returns -ENOMEM, leaving x-mode data...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013566)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013566 advisory. In the Linux kernel, the following vulnerability has been resolved: net: hsr: avoid possible NULL deref in skbclone syzbot got a crash 1 in skbclone, caused by a bug...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from storing x-modedata before the cloning process is completed. This could lead to accessing released...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013578)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013578 advisory. In the Linux kernel, the following vulnerability has been resolved: dm clone: Fix UAF in clonedtr Dmclone also has the same UAF problem when dmresume and dmdestroy a...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013474)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013474 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapo: release elements in clone only from destroy path Clone already always...