RHSA-2026:3932 Red Hat Security Advisory: git-lfs security update

Bulletin has no description...

RHSA-2026:3930 Red Hat Security Advisory: git-lfs security update

Bulletin has no description...

RHSA-2026:3931 Red Hat Security Advisory: git-lfs security update

Bulletin has no description...

RHSA-2026:3929 Red Hat Security Advisory: git-lfs security update

Bulletin has no description...

RHSA-2026:3928 Red Hat Security Advisory: git-lfs security update

Bulletin has no description...

Malicious Package

Overview @mosfe/beam-git-util is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

PT-2026-23710

Name of the Vulnerable Software and Affected Versions Anthropic Git MCP server affected versions not specified Description The Anthropic Git MCP server contains an argument injection flaw that allows for Remote Code Execution RCE. The issue was identified in Anthropic’s own implementation of the...

RHEL 9 : git-lfs (RHSA-2026:3930)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:3930 advisory. Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while...

RockyLinux 9 : git-lfs (RLSA-2026:3928)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:3928 advisory. crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate CVE-2025-61729 golang: net/url: Memory exhaustion in...

PT-2026-23793

Name of the Vulnerable Software and Affected Versions Soft Serve versions 0.6.0 through 0.11.3 Description Soft Serve, a self-hostable Git server, contains a server-side request forgery SSRF issue. An authenticated SSH user can manipulate the server to make HTTP requests to internal or private IP...

RHEL 9 : git-lfs (RHSA-2026:3928)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:3928 advisory. Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while...

CVE-2026-28484

...

CVE-2026-28484

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2026-28484

OpenClaw contains an option-injection vulnerability in the git-hooks/pre-commit hook in versions prior to 2026.2.15. The hook fails to use a -- separator when piping filenames through xargs to git add, enabling an attacker to inject git flags by supplying maliciously-named files beginning with da...

Arbitrary Argument Injection

Overview Affected versions of this package are vulnerable to Arbitrary Argument Injection via the tag deletion. An attacker can execute arbitrary git options by supplying a crafted tag name when triggering the deletion, potentially causing unintended behavior or disruption of the underlying...

EUVD-2026-9852

Gogs: Release tag option injection in release deletion...

GHSA-V9VM-R24H-6RQM Gogs: Release tag option injection in release deletion

Summary There is a security issue in Gogs where deleting a release can fail if a user-controlled tag name is passed to Git without the right separator, allowing Git option injection and therefore interfering with the process. Affected Component - internal/database/release.go process.ExecDir...,...

Gogs: Release tag option injection in release deletion

Summary There is a security issue in Gogs where deleting a release can fail if a user-controlled tag name is passed to Git without the right separator, allowing Git option injection and therefore interfering with the process. Affected Component - internal/database/release.go process.ExecDir...,...

CVE-2026-26194

Gogs is an open source self-hosted Git service. Prior to version 0.14.2, there's a security issue in gogs where deleting a release can fail if a user controlled tag name is passed to git without the right separator, this lets git options get injected and mess with the process. This issue has been...

CVE-2026-26194 Gogs: Release tag option injection in release deletion

Gogs is an open source self-hosted Git service. Prior to version 0.14.2, there's a security issue in gogs where deleting a release can fail if a user controlled tag name is passed to git without the right separator, this lets git options get injected and mess with the process. This issue has been...