3135 matches found
Arbitrary Argument Injection
Overview GitPython is a python library used to interact with Git repositories Affected versions of this package are vulnerable to Arbitrary Argument Injection in the multioptions parameter of the clone function, which may be passed in via the clonefrom, clone, or Submodule.update functions. An...
GHSA-X2QX-6953-8485 GitPython: Unsafe option check validates multi_options before shlex.split transformation
Summary clone validates multioptions as the original list, then executes shlex.split" ".joinmultioptions. A string like "--branch main --config core.hooksPath=/x" passes validation starts with --branch, but after split becomes "--branch", "main", "--config", "core.hooksPath=/x". Git applies the...
GHSA-HFFM-XVC3-VPRC simple-git is vulnerable to Remote Code Execution
Versions of the package simple-git before 3.36.0 are vulnerable to Remote Code Execution RCE due to an incomplete fix for CVE-2022-25912 that blocks the -c option but not the equivalent --config form. If untrusted input can reach the options argument passed to simple-git, an attacker may still...
CVE-2026-6951
Versions of the package simple-git before 3.36.0 are vulnerable to Remote Code Execution RCE due to an incomplete fix for CVE-2022-25912 that blocks the -c option but not the equivalent --config form. If untrusted input can reach the options argument passed to simple-git, an attacker may still...
CVE-2026-6951
Versions of the package simple-git before 3.36.0 are vulnerable to Remote Code Execution RCE due to an incomplete fix for CVE-2022-25912 that blocks the -c option but not the equivalent --config form. If untrusted input can reach the options argument passed to simple-git, an attacker may still...
EUVD-2026-25639
Versions of the package simple-git before 3.36.0 are vulnerable to Remote Code Execution RCE due to an incomplete fix for CVE-2022-25912 that blocks the -c option but not the equivalent --config form. If untrusted input can reach the options argument passed to simple-git, an attacker may still...
CVE-2026-6951
Versions of the package simple-git before 3.36.0 are vulnerable to Remote Code Execution RCE due to an incomplete fix for CVE-2022-25912 that blocks the -c option but not the equivalent --config form. If untrusted input can reach the options argument passed to simple-git, an attacker may still...
CVE-2026-6951
CVE-2026-6951 affects the Node.js package “simple-git.” The vulnerability lies in versions before 3.36.0, due to an incomplete fix for CVE-2022-25912 that blocks the -c option but not the equivalent --config form. If untrusted input reaches the options argument, an attacker could achieve remote c...
PT-2026-37179
Name of the Vulnerable Software and Affected Versions GitPython versions 3.1.30 through 3.1.46 Description GitPython fails to properly validate certain Python keyword arguments, allowing a bypass of the safety checks intended to block dangerous Git options. While the library blocks options like...
PT-2026-37191
Name of the Vulnerable Software and Affected Versions GitPython versions prior to 3.1.47 Description GitPython is a Python library used to interact with Git repositories. The clone function validates the multi options variable as an original list but then executes shlex.split" ".joinmulti options...
PT-2026-35132
Versions of the package simple-git before 3.36.0 are vulnerable to Remote Code Execution RCE due to an incomplete fix for CVE-2022-25912 that blocks the -c option but not the equivalent --config form. If untrusted input can reach the options argument passed to simple-git, an attacker may still...
Malicious code in @frengki0707/google-cloud-clone (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a278202a1e4a54c185b707e1eeed0b0df0438168bcec4a2a5b5741bcbd8a5e5c The package @frengki0707/google-cloud-clone was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-3060 Malicious code in @frengki0707/google-cloud-clone (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a278202a1e4a54c185b707e1eeed0b0df0438168bcec4a2a5b5741bcbd8a5e5c The package @frengki0707/google-cloud-clone was found to contain malicious code. Source: ossf-package-analysis...
SUSE CVE-2026-31471
In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: only publish modedata after clone setup iptfsclonestate stores x-modedata before allocating the reorder window. If that allocation fails, the code frees the cloned state and returns -ENOMEM, leaving x-modedata pointi...
MAL-2026-2999 Malicious code in pypdf-fork (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c3a651b0cc8ca7cc4fcae91ff3160af205a97d0aacacd8e88d76c04ce013bd02 During importing the module, package sends a beacon notification to the owner. The package has no other differences from the original legitimate "pypdf". ---...
EUVD-2026-24821
In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: only publish modedata after clone setup iptfsclonestate stores x-modedata before allocating the reorder window. If that allocation fails, the code frees the cloned state and returns -ENOMEM, leaving x-modedata pointi...
CVE-2026-31471
In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: only publish modedata after clone setup iptfsclonestate stores x-modedata before allocating the reorder window. If that allocation fails, the code frees the cloned state and returns -ENOMEM, leaving x-modedata pointi...
CVE-2026-31471 xfrm: iptfs: only publish mode_data after clone setup
In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: only publish modedata after clone setup iptfsclonestate stores x-modedata before allocating the reorder window. If that allocation fails, the code frees the cloned state and returns -ENOMEM, leaving x-modedata pointi...
CVE-2026-31471
In CVE-2026-31471, the Linux kernel’s xfrm: iptfs path had a use-after-free-like issue during IPTFS clone state setup. iptfs_clone_state() stored x->mode_data before allocating the reorder window; if allocation failed, the code freed the cloned state but left x->mode_data pointing at freed ...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from storing x-modedata before the cloning process is completed. This could lead to accessing released...