Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

24 matches found

ATTACKERKB
ATTACKERKBadded 2026/03/05 9:59 p.m.4 views

CVE-2026-28484

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

5.7AI score0.00049EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/03/05 9:59 p.m.27 views

CVE-2026-28484

...

0.00049EPSS
Exploits0
CVE
CVEadded 2026/03/05 9:59 p.m.19 views

CVE-2026-28484

OpenClaw contains an option-injection vulnerability in the git-hooks/pre-commit hook in versions prior to 2026.2.15. The hook fails to use a -- separator when piping filenames through xargs to git add, enabling an attacker to inject git flags by supplying maliciously-named files beginning with da...

5.9AI score0.00049EPSS
Exploits0
Veracode
Veracodeadded 2026/02/28 5:13 a.m.8 views

Path Traversal

mcp-server-git is vulnerable to Path Traversal. The vulnerability is due to the gitadd tool not validating file paths, where relative paths containing ../ sequences that resolve outside the repository were accepted and staged into the Git index, and attackers can exploit this to potentially...

6.5CVSS5.7AI score0.00287EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVEadded 2026/02/27 4:13 a.m.6 views

CVE-2026-27735

Model Context Protocol Servers is a collection of reference implementations for the model context protocol MCP. In mcp-server-git versions prior to 2026.1.14, the gitadd tool did not validate that file paths provided in the files argument were within the repository boundaries. Because the tool us...

6.4CVSS5.4AI score0.00287EPSS
Exploits0References1
Snyk
Snykadded 2026/02/26 3:16 p.m.4 views

Directory Traversal

Overview mcp-server-git is an A Model Context Protocol server providing tools to read, search, and manipulate Git repositories programmatically via LLMs Affected versions of this package are vulnerable to Directory Traversal via the gitadd function. An attacker can access and stage files outside...

9.3CVSS6.5AI score0.00287EPSS
Exploits0References2
Github Security Blog
Github Security Blogadded 2026/02/26 3:16 p.m.39 views

mcp-server-git : Path traversal in git_add allows staging files outside repository boundaries

In mcp-server-git versions prior to 2026.1.14, the gitadd tool did not validate that file paths provided in the files argument were within the repository boundaries. The tool used GitPython's repo.index.add, which did not enforce working-tree boundary checks for relative paths. As a result,...

6.5CVSS5.4AI score0.00287EPSS
Exploits0References5Affected Software1
NVD
NVDadded 2026/02/26 12:16 a.m.8 views

CVE-2026-27735

Model Context Protocol Servers is a collection of reference implementations for the model context protocol MCP. In mcp-server-git versions prior to 2026.1.14, the gitadd tool did not validate that file paths provided in the files argument were within the repository boundaries. Because the tool us...

6.5CVSS0.00287EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/02/25 11:45 p.m.6 views

CVE-2026-27735

Model Context Protocol Servers is a collection of reference implementations for the model context protocol MCP. In mcp-server-git versions prior to 2026.1.14, the gitadd tool did not validate that file paths provided in the files argument were within the repository boundaries. Because the tool us...

6.4CVSS5.7AI score0.00287EPSS
Exploits0References3Affected Software1
Cvelist
Cvelistadded 2026/02/25 11:45 p.m.23 views

CVE-2026-27735 mcp-server-git : Path traversal in git_add allows staging files outside repository boundaries

Model Context Protocol Servers is a collection of reference implementations for the model context protocol MCP. In mcp-server-git versions prior to 2026.1.14, the gitadd tool did not validate that file paths provided in the files argument were within the repository boundaries. Because the tool us...

6.4CVSS0.00287EPSS
Exploits0References2
CVE
CVEadded 2026/02/25 11:45 p.m.11 views

CVE-2026-27735

CVE-2026-27735 affects the Model Context Protocol Servers (mcp-server-git) prior to version 2026.1.14. The git_add tool did not validate that file paths in the files argument stay within the repository, because it used GitPython's repo.index.add() instead of the Git CLI. This allowed relative pat...

6.5CVSS5.4AI score0.00287EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologiesadded 2026/02/25 12:0 a.m.5 views

PT-2026-22055

Name of the Vulnerable Software and Affected Versions mcp-server-git versions prior to 2026.1.14 Description The Model Context Protocol Servers software contains an issue where the git add tool does not properly validate file paths provided in the files argument. This allows relative paths...

6.5CVSS5.8AI score0.00287EPSS
Exploits0References13
RedhatCVE
RedhatCVEadded 2026/01/09 9:57 a.m.4 views

CVE-2020-7630

git-add-remote through 1.0.0 is vulnerable to Command Injection. It allows execution of arbitrary commands via the name argument...

9.8CVSS7.3AI score0.04118EPSS
Exploits1References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2022-1039

Malicious code in bioql PyPI...

9.8CVSS9.3AI score0.04118EPSS
Exploits1References4
vulnersOsv
vulnersOsvadded 2022/02/10 11:47 p.m.1 views

generate-gh-repo (=1.1.0), generate-project (>=0.7.0 <=1.0.0) +1 more potentially affected by CVE-2020-7630 via git-add-remote (=1.0.0)

git-add-remote NPM version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on git-add-remote and may be impacted: - generate-gh-repo =1.1.0 - generate-project =0.7.0, =1.0.4, =1.0.6 Source cves: CVE-2020-7630 Source advisory: OSV:GHSA-H9V8-RM3M-5H5...

9.8CVSS7.2AI score0.04118EPSS
Exploits1
OSV
OSVadded 2022/02/10 11:47 p.m.1 views

GHSA-H9V8-RM3M-5H5F OS Command Injection in git-add-remote

git-add-remote through 1.0.0 is vulnerable to Command Injection. It allows execution of arbitrary commands via the name argument...

9.8CVSS6.2AI score0.04118EPSS
Exploits1References3
Github Security Blog
Github Security Blogadded 2022/02/10 11:47 p.m.34 views

OS Command Injection in git-add-remote

git-add-remote through 1.0.0 is vulnerable to Command Injection. It allows execution of arbitrary commands via the name argument...

9.8CVSS9.3AI score0.04118EPSS
Exploits1References4Affected Software1
CNVD
CNVDadded 2020/04/03 12:0 a.m.2 views

git-add-remote command injection vulnerability

git-add-remote is a package for adding Git remote repositories. An injection vulnerability exists in git-add-remote 1.0.0 and earlier versions, which stems from a lack of proper validation of user input. A remote attacker can exploit this vulnerability by sending a specially crafted 'name'...

9.8CVSS7.8AI score0.04118EPSS
Exploits1References1
NVD
NVDadded 2020/04/02 10:15 p.m.11 views

CVE-2020-7630

git-add-remote through 1.0.0 is vulnerable to Command Injection. It allows execution of arbitrary commands via the name argument...

9.8CVSS9.7AI score0.04118EPSS
Exploits1References2
Cvelist
Cvelistadded 2020/04/02 9:41 p.m.12 views

CVE-2020-7630

git-add-remote through 1.0.0 is vulnerable to Command Injection. It allows execution of arbitrary commands via the name argument...

9.8AI score0.04118EPSS
Exploits1References2
Rows per page
Query Builder