38 matches found
OPENSUSE-SU-2026:20902-1 Security update for keybase-client
This update for keybase-client fixes the following issues: Changes in keybase-client: - golang.org/x/crypto/ssh: Fixed multiple issues: CVE-2026-39827, CVE-2026-39834, CVE-2026-39828, CVE-2026-39829, CVE-2026-39831, CVE-2026-42508, CVE-2026-39833, CVE-2026-39830, CVE-2026-39832, CVE-2026-46597,...
CVE-2026-25244
WebdriverIO is a test automation framework for unit, e2e and component testing using WebDriver, WebDriver BiDi and Appium. Versions below 9.24.0 contain a command injection vulnerability leading to remote code execution RCE in test orchestration. Git permits branch names containing shell...
CVE-2026-25244 WebdriverIO has Command Injection in the BrowserStack Service
WebdriverIO is a test automation framework for unit, e2e and component testing using WebDriver, WebDriver BiDi and Appium. Versions below 9.24.0 contain a command injection vulnerability leading to remote code execution RCE in test orchestration. Git permits branch names containing shell...
EUVD-2026-30805
WebdriverIO is a test automation framework for unit, e2e and component testing using WebDriver, WebDriver BiDi and Appium. Versions below 9.24.0 contain a command injection vulnerability leading to remote code execution RCE in test orchestration. Git permits branch names containing shell...
CVE-2026-25244
WebdriverIO is a test automation framework for unit, e2e and component testing using WebDriver, WebDriver BiDi and Appium. Versions below 9.24.0 contain a command injection vulnerability leading to remote code execution RCE in test orchestration. Git permits branch names containing shell...
OS Command Injection
@siteboon/claude-code-ui is vulnerable to OS Command Injection. The vulnerability is due to the use of execAsync with string interpolation of user-controlled Git parameters such as file, branch, message, and commit, which allows an authenticated attacker to execute arbitrary OS commands...
Malicious code in git-branch-selector (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dab170d586455af0816362e715de0907ddaa19adb87c68ef59255139322dde69 The package git-branch-selector was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3503 Malicious code in git-branch-selector (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dab170d586455af0816362e715de0907ddaa19adb87c68ef59255139322dde69 The package git-branch-selector was found to contain malicious code. Source: ghsa-malware...
WebdriverIO BrowserStack Service has a Command Injection issue
Summary A command injection vulnerability exists in @wdio/browserstack-service that allows remote code execution RCE when processing git branch names in test orchestration. An attacker can exploit this by providing a malicious git repository with a branch name containing shell command injection...
GHSA-5C46-X3QW-Q7J7 WebdriverIO BrowserStack Service has a Command Injection issue
Summary A command injection vulnerability exists in @wdio/browserstack-service that allows remote code execution RCE when processing git branch names in test orchestration. An attacker can exploit this by providing a malicious git repository with a branch name containing shell command injection...
PT-2026-39872
Name of the Vulnerable Software and Affected Versions WebdriverIO versions prior to 9.24.0 Description A command injection issue exists in @wdio/browserstack-service that allows remote code execution. The problem occurs during test orchestration when processing git branch names. An attacker can...
CVE-2026-27113 Liquid Prompt arbitrary command injection via crafted Git branch names in gitstatusd backend
Liquid Prompt is an adaptive prompt for Bash and Zsh. Starting in commit cf3441250bb5d8b45f6f8b389fcdf427a99ac28a and prior to commit a4f6b8d8c90b3eaa33d13dfd1093062ab9c4b30c on the master branch, arbitrary command injection can lead to code execution when a user enters a directory in a Git...
MAL-2025-191350 Malicious code in @voiceflow/git-branch-check (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 374d8cf65cd8bf44935889995a1fe36af800d8f570be40b594fa1b3bca1c184d The package @voiceflow/git-branch-check was found to contain malicious code. Source: ghsa-malware...
EUVD-2024-1909
Malicious code in bioql PyPI...
CVE-2025-58763
Tautulli is a Python based monitoring and tracking tool for Plex Media Server. A command injection vulnerability in Tautulli v2.15.3 and prior allows attackers with administrative privileges to obtain remote code execution on the application server. This vulnerability requires the application to...
CVE-2025-59046
The CVE-2025-59046 entry concerns the npm package interactive-git-checkout. Affected versions (up to and including 1.1.4) are vulnerable because the code passes the user-provided branch name directly to git checkout via Node.js child_process.exec() without input validation or sanitization, enabli...
Linux Distros Unpatched Vulnerability : CVE-2024-3817
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HashiCorp's go-getter library is vulnerable to argument injection when executing Git to discover remote branches. This vulnerability does not affect the...
event-driven-ansible: Template Injection via Git Branch and Refspec in EDA Projects
A flaw was found in the EDA component of the Ansible Automation Platform, where user-supplied Git branch or refspec values are evaluated as Jinja2 templates. This vulnerability allows authenticated users to inject expressions that execute commands or access sensitive files on the EDA worker. In...
CVE-2025-49521 Event-driven-ansible: template injection via git branch and refspec in eda projects
A flaw was found in the EDA component of the Ansible Automation Platform, where user-supplied Git branch or refspec values are evaluated as Jinja2 templates. This vulnerability allows authenticated users to inject expressions that execute commands or access sensitive files on the EDA worker. In...
CVE-2025-49521 Event-driven-ansible: template injection via git branch and refspec in eda projects
A flaw was found in the EDA component of the Ansible Automation Platform, where user-supplied Git branch or refspec values are evaluated as Jinja2 templates. This vulnerability allows authenticated users to inject expressions that execute commands or access sensitive files on the EDA worker. In...