10064 matches found
CVE-2025-68145
CVE-2025-68145 affects mcp-server-git. Prior to 2025.12.17, when started with --repository to constrain to a single repo, the server did not validate that repo_path arguments in subsequent tool calls stayed within the configured path, potentially allowing operations on other repositories accessib...
CVE-2025-68144 mcp-server-git argument injection in git_diff and git_checkout functions allows overwriting local files
In mcp-server-git versions prior to 2025.12.17, the gitdiff and gitcheckout functions passed user-controlled arguments directly to git CLI commands without sanitization. Flag-like values e.g., --output=/path/to/file for gitdiff would be interpreted as command-line options rather than git refs,...
CVE-2025-68144
CVE-2025-68144 affects mcp-server-git. In versions prior to 2025.12.17, the git_diff and git_checkout functions forward user-controlled arguments directly to the git CLI without sanitization. This allows flag-like values (for example, --output=/path/to/file) to be interpreted as git options rathe...
CVE-2025-68144 mcp-server-git argument injection in git_diff and git_checkout functions allows overwriting local files
In mcp-server-git versions prior to 2025.12.17, the gitdiff and gitcheckout functions passed user-controlled arguments directly to git CLI commands without sanitization. Flag-like values e.g., --output=/path/to/file for gitdiff would be interpreted as command-line options rather than git refs,...
EUVD-2025-203936
Model Context Protocol Servers is a collection of reference implementations for the model context protocol MCP. In mcp-server-git versions prior to 2025.9.25, the gitinit tool accepted arbitrary filesystem paths and created Git repositories without validating the target location. Unlike other too...
CVE-2025-68143 mcp-server-git's unrestricted git_init tool allows repository creation at arbitrary filesystem locations
Model Context Protocol Servers is a collection of reference implementations for the model context protocol MCP. In mcp-server-git versions prior to 2025.9.25, the gitinit tool accepted arbitrary filesystem paths and created Git repositories without validating the target location. Unlike other too...
CVE-2025-68143 mcp-server-git's unrestricted git_init tool allows repository creation at arbitrary filesystem locations
Model Context Protocol Servers is a collection of reference implementations for the model context protocol MCP. In mcp-server-git versions prior to 2025.9.25, the gitinit tool accepted arbitrary filesystem paths and created Git repositories without validating the target location. Unlike other too...
CVE-2025-68143
The CVE-2025-68143 issue affects mcp-server-git: prior to 2025.9.25, the git_init tool accepts arbitrary filesystem paths and can create Git repositories without validating the target location. This means the server could operate on any directory accessible to the process, enabling repository cre...
GHSA-5CGR-J3JF-JW3V mcp-server-git's unrestricted git_init tool allows repository creation at arbitrary filesystem locations
In mcp-server-git versions prior to 2025.9.25, the gitinit tool accepted arbitrary filesystem paths and created Git repositories without validating the target location. Unlike other tools which required an existing repository, gitinit could operate on any directory accessible to the server proces...
mcp-server-git's unrestricted git_init tool allows repository creation at arbitrary filesystem locations
In mcp-server-git versions prior to 2025.9.25, the gitinit tool accepted arbitrary filesystem paths and created Git repositories without validating the target location. Unlike other tools which required an existing repository, gitinit could operate on any directory accessible to the server proces...
ProbeSuite
text...
CVE-2025-67640
Jenkins Git client Plugin 6.4.0 and earlier does not not correctly escape the path to the workspace directory as part of an argument in a temporary shell script generated by the plugin, allowing attackers able to control the workspace directory name to inject arbitrary OS commands...
Model Context Protocol Servers 参数注入漏洞
Model Context Protocol Servers is a large model context protocol server from Model Context Protocol open source. A parameter injection vulnerability exists in versions of Model Context Protocol Servers prior to 2025.12.17, which stems from the gitdiff and gitcheckout functions passing...
PT-2025-51937
Name of the Vulnerable Software and Affected Versions mcp-server-git versions prior to 2025.12.17 Description The git diff and git checkout functions in mcp-server-git did not properly sanitize user-supplied arguments before passing them to git CLI commands. Specifically, flag-like values, such a...
PT-2025-51936
Name of the Vulnerable Software and Affected Versions mcp-server-git versions prior to 2025.9.25 mcp-server-git versions prior to 2025.12.18 Description The Model Context Protocol Servers, specifically the mcp-server-git component, contains a flaw in the git init tool. Prior to version 2025.9.25,...
PYSEC-2025-231
Weblate is a web based localization tool. The Create Component functionality in Weblate allows authorized users to add new translation components by specifying both a version control system and a source code repository URL to pull from. However, prior to version 5.15, the repository URL field is...
CVE-2025-66407
Weblate is a web based localization tool. The Create Component functionality in Weblate allows authorized users to add new translation components by specifying both a version control system and a source code repository URL to pull from. However, prior to version 5.15, the repository URL field is...
Debian: Security Advisory (DLA-4406-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
PT-2025-51337
Name of the Vulnerable Software and Affected Versions Weblate versions prior to 5.15 Description Weblate is a web-based localization tool. The Create Component functionality allows authorized users to add new translation components by specifying a version control system and a source code reposito...
DLA-4406-1 ruby-git - security update
Bulletin has no description...