CVE-2026-3515

A vulnerability in the GitHubRepository block of the prefect-github integration in Prefect version 3.6.18 allows an attacker to inject arbitrary git command-line options via the reference field. The reference field is concatenated directly into a git clone command string without proper...

SUSE CVE-2026-26194

Gogs is an open source self-hosted Git service. Prior to version 0.14.2, there's a security issue in gogs where deleting a release can fail if a user controlled tag name is passed to git without the right separator, this lets git options get injected and mess with the process. This issue has been...

EUVD-2026-9852

Gogs: Release tag option injection in release deletion...

Gogs: Release tag option injection in release deletion

Summary There is a security issue in Gogs where deleting a release can fail if a user-controlled tag name is passed to Git without the right separator, allowing Git option injection and therefore interfering with the process. Affected Component - internal/database/release.go process.ExecDir...,...

CVE-2026-26194

Gogs is an open source self-hosted Git service. Prior to version 0.14.2, there's a security issue in gogs where deleting a release can fail if a user controlled tag name is passed to git without the right separator, this lets git options get injected and mess with the process. This issue has been...

CVE-2026-26194

Gogs prior to v0.14.2 contains a vulnerability where deleting a release can fail when a user-controlled tag name is passed to git without the proper separator. This allows git options to be injected and can disrupt the process, impacting availability (and to a lesser extent confidentiality/integr...

CVE-2026-26194

Gogs is an open source self-hosted Git service. Prior to version 0.14.2, there's a security issue in gogs where deleting a release can fail if a user controlled tag name is passed to git without the right separator, this lets git options get injected and mess with the process. This issue has been...