10041 matches found
USN-5376-6 git regression
USN-5376-4 fixed a regression in Git. This update provides the corresponding update for Ubuntu 18.04 LTS. We apologize for the inconvenience. Original advisory details: 俞晨东 discovered that Git incorrectly handled certain repository paths in platforms with multiple users support. An attacker could...
Ubuntu: Security Advisory (USN-5376-4)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Path Traversal
mcp-server-git is vulnerable to Path Traversal. The vulnerability is due to the gitadd tool not validating file paths, where relative paths containing ../ sequences that resolve outside the repository were accepted and staged into the Git index, and attackers can exploit this to potentially...
EUVD-2026-9092
Statmatic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.11 and 6.4.0, when Glide image manipulation is used in insecure mode which is not the default, the image proxy can be abused by an unauthenticated user to make the server send HTTP requests to arbitrary...
USN-5376-5 git regression
USN-5376-4 fixed a regression in Git. The update introduced a regression when specifying configuration includes due to additional restrictions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: 俞晨东 discovered that Git incorrectly handled certain...
USN-5376-5: Git regression
USN-5376-4 fixed a regression in Git. The update introduced a regression when specifying configuration includes due to additional restrictions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: 俞晨东 discovered that Git incorrectly handled certain...
CVE-2026-27735
Model Context Protocol Servers is a collection of reference implementations for the model context protocol MCP. In mcp-server-git versions prior to 2026.1.14, the gitadd tool did not validate that file paths provided in the files argument were within the repository boundaries. Because the tool us...
CVE-2026-27498
n8n is an open source workflow automation platform. Prior to versions 2.2.0 and 1.123.8, an authenticated user with permission to create or modify workflows could chain the Read/Write Files from Disk node with git operations to achieve remote code execution. By writing to specific configuration...
CLEANSTART-2026-LS98939 go-git is a highly extensible git implementation library written in pure Go
Multiple security vulnerabilities affect the argo-cd-fips package. go-git is a highly extensible git implementation library written in pure Go. See references for individual vulnerability details...
CLEANSTART-2026-YW12690 go-git is a highly extensible git implementation library written in pure Go
Multiple security vulnerabilities affect the argo-cd-fips package. go-git is a highly extensible git implementation library written in pure Go. See references for individual vulnerability details...
CLEANSTART-2026-DZ05206 go-git is a highly extensible git implementation library written in pure Go
Multiple security vulnerabilities affect the argo-cd-fips package. go-git is a highly extensible git implementation library written in pure Go. See references for individual vulnerability details...
CLEANSTART-2026-AC12204 go-git is a highly extensible git implementation library written in pure Go
Multiple security vulnerabilities affect the argo-cd-fips package. go-git is a highly extensible git implementation library written in pure Go. See references for individual vulnerability details...
CLEANSTART-2026-FF98917 go-git is a highly extensible git implementation library written in pure Go
Multiple security vulnerabilities affect the argo-cd package. go-git is a highly extensible git implementation library written in pure Go. See references for individual vulnerability details...
CLEANSTART-2026-ER93728 go-git is a highly extensible git implementation library written in pure Go
Multiple security vulnerabilities affect the argo-cd-fips package. go-git is a highly extensible git implementation library written in pure Go. See references for individual vulnerability details...
Security update for docker-stable (moderate)
openSUSE security update: security update for docker-stable ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20262-1 Rating: moderate References: bsc1250508 bsc1250596 bsc1252290 Affected Products: openSUSE Leap 16.0...
Directory Traversal
Overview mcp-server-git is an A Model Context Protocol server providing tools to read, search, and manipulate Git repositories programmatically via LLMs Affected versions of this package are vulnerable to Directory Traversal via the gitadd function. An attacker can access and stage files outside...
mcp-server-git : Path traversal in git_add allows staging files outside repository boundaries
In mcp-server-git versions prior to 2026.1.14, the gitadd tool did not validate that file paths provided in the files argument were within the repository boundaries. The tool used GitPython's repo.index.add, which did not enforce working-tree boundary checks for relative paths. As a result,...
GHSA-VJQX-CFC4-9H6V mcp-server-git : Path traversal in git_add allows staging files outside repository boundaries
In mcp-server-git versions prior to 2026.1.14, the gitadd tool did not validate that file paths provided in the files argument were within the repository boundaries. The tool used GitPython's repo.index.add, which did not enforce working-tree boundary checks for relative paths. As a result,...
Improper Configuration Control
weblate is vulnerable to improper configuration control. The vulnerability is due to the ability to remotely overwrite Git configuration, which allows an attacker to modify repository behavior and potentially manipulate project operations...
CVE-2026-27735
Model Context Protocol Servers is a collection of reference implementations for the model context protocol MCP. In mcp-server-git versions prior to 2026.1.14, the gitadd tool did not validate that file paths provided in the files argument were within the repository boundaries. Because the tool us...