GHSA-F9F4-5859-29MF sqls-server/sqls is vulnerable to command injection in the config command

sqls-server/sqls 0.2.28 is vulnerable to command injection in the config command because the openEditor function passes the EDITOR environment variable and config file path to sh -c without sanitization, allowing attackers to execute arbitrary commands. This issue has been patched via commit...

sqls-server/sqls is vulnerable to command injection in the config command

sqls-server/sqls 0.2.28 is vulnerable to command injection in the config command because the openEditor function passes the EDITOR environment variable and config file path to sh -c without sanitization, allowing attackers to execute arbitrary commands. This issue has been patched via commit...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the openEditor function when the EDITOR environment variable and configuration file path that are passed unsanitized to a shell command. An attacker can execute arbitrary system commands by manipulating the EDITOR...

EUVD-2025-37048

An arbitrary file upload vulnerability in the Data Preparation function of AIxBlock commit f60975 allows attackers to execute arbitrary code via a crafted SVG file...

CVE-2025-63885

A stored cross-site scripting XSS vulnerability in AIxBlock commit 04f305 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the modeldesc field...

CVE-2025-62726

n8n is an open source workflow automation platform. Prior to 1.113.0, a remote code execution vulnerability exists in the Git Node component available in both Cloud and Self-Hosted versions of n8n. When a malicious actor clones a remote repository containing a pre-commit hook, the subsequent use ...

CVE-2025-60950

An arbitrary file upload vulnerability in the Data Preparation function of AIxBlock commit f60975 allows attackers to execute arbitrary code via a crafted SVG file...

Unsafe Dependency Resolution

Amendment This issue was found to be a duplicate. The original vulnerability with details can be found here. Credit: Assaf Levkovich...

EUVD-2025-37026

n8n Vulnerable to Remote Code Execution via Git Node Pre-Commit Hook...

n8n Vulnerable to Remote Code Execution via Git Node Pre-Commit Hook

Impact A remote code execution vulnerability exists in the Git Node component available in both Cloud and Self-Hosted versions of n8n. When a malicious actor clones a remote repository containing a pre-commit hook, the subsequent use of the Commit operation in the Git Node can inadvertently trigg...

GHSA-XGP7-7QJQ-VG47 n8n Vulnerable to Remote Code Execution via Git Node Pre-Commit Hook

Impact A remote code execution vulnerability exists in the Git Node component available in both Cloud and Self-Hosted versions of n8n. When a malicious actor clones a remote repository containing a pre-commit hook, the subsequent use of the Commit operation in the Git Node can inadvertently trigg...

CVE-2025-62726 n8n Vulnerable to Remote Code Execution via Git Node Pre-Commit Hook

n8n is an open source workflow automation platform. Prior to 1.113.0, a remote code execution vulnerability exists in the Git Node component available in both Cloud and Self-Hosted versions of n8n. When a malicious actor clones a remote repository containing a pre-commit hook, the subsequent use ...

CVE-2025-62726

The CVE-2025-62726 entry concerns n8n (Cloud and Self-Hosted) with a remote code execution vulnerability in the Git Node prior to 1.113.0. When cloning a remote repository containing a pre-commit hook, a subsequent Commit operation can trigger the hook, allowing arbitrary code execution in the n8...

CVE-2025-62726 n8n Vulnerable to Remote Code Execution via Git Node Pre-Commit Hook

n8n is an open source workflow automation platform. Prior to 1.113.0, a remote code execution vulnerability exists in the Git Node component available in both Cloud and Self-Hosted versions of n8n. When a malicious actor clones a remote repository containing a pre-commit hook, the subsequent use ...

CVE-2025-62726 n8n Vulnerable to Remote Code Execution via Git Node Pre-Commit Hook

n8n is an open source workflow automation platform. Prior to 1.113.0, a remote code execution vulnerability exists in the Git Node component available in both Cloud and Self-Hosted versions of n8n. When a malicious actor clones a remote repository containing a pre-commit hook, the subsequent use ...

CVE-2025-40087

In the Linux kernel, the following vulnerability has been resolved: NFSD: Define a proclayoutcommit for the FlexFiles layout type Avoid a crash if a pNFS client should happen to send a LAYOUTCOMMIT operation on a FlexFiles layout...

CVE-2025-40087 NFSD: Define a proc_layoutcommit for the FlexFiles layout type

In the Linux kernel, the following vulnerability has been resolved: NFSD: Define a proclayoutcommit for the FlexFiles layout type Avoid a crash if a pNFS client should happen to send a LAYOUTCOMMIT operation on a FlexFiles layout...

PT-2025-44432

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.113.0 Description n8n is a workflow automation platform with a remote code execution issue in the Git Node component, affecting both Cloud and Self-Hosted versions. A malicious actor can exploit this by cloning a...

CVE-2025-63885

A stored cross-site scripting XSS vulnerability in AIxBlock commit 04f305 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the modeldesc field...

n8n 安全漏洞

n8n is a scalable workflow automation tool from n8n open source. A security vulnerability exists in versions prior to n8n 1.113.0 that originates when the Git Node component triggers execution when cloning remote repositories containing pre-commit hooks, which could lead to remote code execution...