27 matches found
CVE-2026-39409 vulnerabilities
Vulnerabilities for packages: langfuse-fips, opensearch-dashboards-fips, langfuse, kibana, librechat, opensearch-dashboards, gemini-cli...
CVE-2026-39407 vulnerabilities
Vulnerabilities for packages: langfuse-fips, opensearch-dashboards-fips, langfuse, kibana, librechat, opensearch-dashboards, gemini-cli...
CVE-2025-64340 FastMCP has a Command Injection vulnerability - Gemini CLI
FastMCP is the standard framework for building MCP applications. Prior to version 3.2.0, server names containing shell metacharacters e.g., & can cause command injection on Windows when passed to fastmcp install claude-code or fastmcp install gemini-cli. These install paths use subprocess.run wit...
GHSA-M8X7-R2RG-VH5G FastMCP has a Command Injection vulnerability - Gemini CLI
Server names containing shell metacharacters e.g., & can cause command injection on Windows when passed to fastmcp install claude-code or fastmcp install gemini-cli. These install paths use subprocess.run with a list argument, but on Windows the target CLIs often resolve to .cmd wrappers that are...
CVE-2026-4923 vulnerabilities
Vulnerabilities for packages: langfuse-fips, opensearch-dashboards-fips, redisinsight, code-server, tileserver-gl, langfuse, vitess, wazuh-dashboard, kibana, tileserver-gl-fips, thingsboard, opensearch-dashboards, saf, gemini-cli...
GHSA-27V5-C462-WPQ7 vulnerabilities
Vulnerabilities for packages: langfuse-fips, opensearch-dashboards-fips, redisinsight, code-server, tileserver-gl, langfuse, vitess, wazuh-dashboard, kibana, tileserver-gl-fips, thingsboard, opensearch-dashboards, saf, gemini-cli...
CVE-2026-4926 vulnerabilities
Vulnerabilities for packages: langfuse-fips, opensearch-dashboards-fips, redisinsight, code-server, tileserver-gl, langfuse, vitess, wazuh-dashboard, kibana, tileserver-gl-fips, thingsboard, opensearch-dashboards, saf, gemini-cli...