willitmerge has a Command Injection vulnerability

willitmerge describes itself as a command line tool to check if pull requests are mergeable. There is a Command Injection vulnerability in version [email protected]. Resources: Project's GitHub source code: https://github.com/shama/willitmerge/ Project's npm package:...

EUVD-2021-26231

Malware in sbrugna...

EUVD-2017-2982

Malware in sbrugna...

EUVD-2025-31701

Malicious code in bioql PyPI...

check-branches is vulnerable to command Injection

All versions of the package check-branches are vulnerable to Command Injection. check-branches is a command-line tool that is interacted with locally, or via CI, to confirm no conflicts exist in git branches. However, the library follows these conventions which can be abused: 1. It trusts branch...

GHSA-9C4G-FP4R-PRRV check-branches is vulnerable to command Injection

All versions of the package check-branches are vulnerable to Command Injection. check-branches is a command-line tool that is interacted with locally, or via CI, to confirm no conflicts exist in git branches. However, the library follows these conventions which can be abused: 1. It trusts branch...

CVE-2025-11148

All versions of the package check-branches are vulnerable to Command Injection check-branches is a command-line tool that is interacted with locally, or via CI, to confirm no conflicts exist in git branches. However, the library follows these conventions which can be abused: 1. It trusts branch...

CVE-2025-11148

All versions of the package check-branches are vulnerable to Command Injection check-branches is a command-line tool that is interacted with locally, or via CI, to confirm no conflicts exist in git branches. However, the library follows these conventions which can be abused: 1. It trusts branch...

CVE-2025-11148

All versions of the package check-branches are vulnerable to Command Injection check-branches is a command-line tool that is interacted with locally, or via CI, to confirm no conflicts exist in git branches. However, the library follows these conventions which can be abused: 1. It trusts branch...

PT-2025-40040

All versions of the package check-branches are vulnerable to Command Injection. check-branches is a command-line tool that is interacted with locally, or via CI, to confirm no conflicts exist in git branches. However, the library follows these conventions which can be abused: 1. It trusts branch...

check-branches 安全漏洞

check-branches is a branch conflict checking tool by the individual developer Pablo Schaffner. A security vulnerability exists in check-branches that stems from trusting branch names and splicing user input to execute git commands, which could lead to a command injection attack...

PT-2025-39958

Name of the Vulnerable Software and Affected Versions check-branches affected versions not specified Description The software is susceptible to a command injection issue. The tool trusts branch names without sanitization and constructs git commands by concatenating user input. This allows attacke...

Linux Distros Unpatched Vulnerability : CVE-2022-42906

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - powerline-gitstatus aka Powerline Gitstatus before 1.3.2 allows arbitrary code execution. git repositories can contain per-repository configuration that changes...

Linux Distros Unpatched Vulnerability : CVE-2021-39874

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In all versions of GitLab CE/EE since version 11.0, the requirement to enforce 2FA is not honored when using git commands. CVE-2021-39874 Note that Nessus relie...

CVE-2021-39874

In all versions of GitLab CE/EE since version 11.0, the requirement to enforce 2FA is not honored when using git commands...

GHSA-6729-95V3-PJC2 HL7 FHIR IG Publisher potentially exposes GitHub repo user and credential information

Impact In CI contexts, the IG Publisher CLI uses git commands to determine the URL of the originating repo. If the repo was cloned, or otherwise set to use a repo that uses a username and credential based URL, the entire URL will be included in the built Implementation Guide, exposing username an...

CVE-2025-24363 The HL7 FHIR IG publisher may potentially expose GitHub repo user and credential information

The HL7 FHIR IG publisher is a tool to take a set of inputs and create a standard FHIR IG. Prior to version 1.8.9, in CI contexts, the IG Publisher CLI uses git commands to determine the URL of the originating repo. If the repo was cloned, or otherwise set to use a repo that uses a username and...

SUSE CVE-2022-36070

Poetry is a dependency manager for Python. To handle dependencies that come from a Git repository, Poetry executes various commands, e.g. git config. These commands are being executed using the executable's name and not its absolute path. This can lead to the execution of untrusted code due to th...

Argument Injection

github.com/hashicorp/go-getter library is vulnerable to Argument Injection. The vulnerability is due to improper handling of user input in the file getgit.go, which allows for the injection of malicious arguments into Git commands during branch discovery...

CVE-2023-29011 Git for Windows's config file of `connect.exe` is susceptible to malicious placing

Git for Windows, the Windows port of Git, ships with an executable called connect.exe, which implements a SOCKS5 proxy that can be used to connect e.g. to SSH servers via proxies when certain ports are blocked for outgoing connections. The location of connect.exe's config file is hard-coded as...