CVE-2025-65964 n8n Vulnerable to Remote Code Execution via Git Node Custom Pre-Commit Hook

n8n is an open source workflow automation platform. Versions 0.123.1 through 1.119.1 do not have adequate protections to prevent RCE through the project's pre-commit hooks. The Add Config operation allows workflows to set arbitrary Git configuration values, including core.hooksPath, which can poi...

CVE-2025-65964 n8n Vulnerable to Remote Code Execution via Git Node Custom Pre-Commit Hook

n8n is an open source workflow automation platform. Versions 0.123.1 through 1.119.1 do not have adequate protections to prevent RCE through the project's pre-commit hooks. The Add Config operation allows workflows to set arbitrary Git configuration values, including core.hooksPath, which can poi...

EUVD-2025-201815

n8n is an open source workflow automation platform. Versions 0.123.1 through 1.119.1 do not have adequate protections to prevent RCE through the project's pre-commit hooks. The Add Config operation allows workflows to set arbitrary Git configuration values, including core.hooksPath, which can poi...

CVE-2025-65964

Summary: CVE-2025-65964 affects n8n open source workflow automation. Versions 0.123.1 through 1.119.1 allow remote code execution via the Git node’s pre-commit hook handling. The issue arises because Add Config can set arbitrary Git values (e.g., core.hooksPath), enabling a malicious Git hook to ...

CVE-2025-65964 n8n Vulnerable to Remote Code Execution via Git Node Custom Pre-Commit Hook

n8n is an open source workflow automation platform. Versions 0.123.1 through 1.119.1 do not have adequate protections to prevent RCE through the project's pre-commit hooks. The Add Config operation allows workflows to set arbitrary Git configuration values, including core.hooksPath, which can poi...

Unsafe Dependency Resolution

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the Git node process, leading to code execution. A user can execute arbitrary system commands by setting a malicious core.hooksPath configuration and including a...

Unsafe Dependency Resolution

Overview Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the Git node process, leading to code execution. A user can execute arbitrary system commands by setting a malicious core.hooksPath configuration and including a crafted Git hook in a repository, which i...

GHSA-WPQC-H9WP-CHMQ n8n vulnerable to Remote Code Execution via Git Node Custom Pre-Commit Hook

Impact The n8n Git node allows workflows to set arbitrary Git configuration values through the Add Config operation. When an attacker-controlled workflow sets core.hooksPath to a directory within the cloned repository containing a Git hook such as pre-commit, Git executes that hook during...

n8n vulnerable to Remote Code Execution via Git Node Custom Pre-Commit Hook

Impact The n8n Git node allows workflows to set arbitrary Git configuration values through the Add Config operation. When an attacker-controlled workflow sets core.hooksPath to a directory within the cloned repository containing a Git hook such as pre-commit, Git executes that hook during...

PT-2025-49610

Name of the Vulnerable Software and Affected Versions n8n versions 0.123.1 through 1.119.1 Description n8n is an open source workflow automation platform. Versions 0.123.1 through 1.119.1 lack sufficient protections against Remote Code Execution RCE through the project's pre-commit hooks. The Add...

openSUSE 16 Security Update : git-bug (openSUSE-SU-2025-20143-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2025-20143-1 advisory. Changes in git-bug: - Revendor to include fixed version of depending libraries: - GO-2025-4116 CVE-2025-47913, bsc1253506 upgrade...

Exploit for Deserialization of Untrusted Data in Facebook React

Next.js RCE Patcher CVE-2025-55182 A simple, automated tool...

Security update for git-bug (important)

openSUSE security update: security update for git-bug ------------------------------------------------------------- Announcement ID: openSUSE-SU-2025-20143-1 Rating: important References: bsc1234565 bsc1239494 bsc1251463 bsc1251664 bsc1253506 bsc1253930 bsc1254084 Cross-References: CVE-2024-45337...

OPENSUSE-SU-2025:20143-1 Security update for git-bug

This update for git-bug fixes the following issues: Changes in git-bug: - Revendor to include fixed version of depending libraries: - GO-2025-4116 CVE-2025-47913, bsc1253506 upgrade golang.org/x/crypto to v0.43.0 - GO-2025-3900 GHSA-2464-8j7c-4cjm upgrade github.com/go-viper/mapstructure/v2 to...

ROOT-OS-DEBIAN-11-CVE-2024-32020 CVE-2024-32020 in rootio-git - Patched by Root

Root has patched CVE-2024-32020 in the rootio-git package for Root:Debian:11. Multiple fixed versions available...

Exploit for Link Following in Git-Scm Git

PoC for CVE-2025-48384 This is a POC. Don't download it in...

[SECURITY] Fedora 43 Update: forgejo-13.0.3-1.fc43

Forgejo pronounced /for=CB=88d=CD=A1=CA=92e.jo/ is a lightweight software f orge. Use it to host git repositories, track their issues and allow people to contribute to them!...

ROS-20251203-13

A vulnerability in the checkout and pull functions of the Git extension for version control of large Git LFS files is related to incorrect definition of symbolic links during file access. Exploitation of the vulnerability could allow an attacker acting remotely to gain write access to arbitrary...

Advisory ROSA-SA-2025-3087

Software: git 1.8.3.1 OS: rosa-server79 unaffected versions = git-1.8.3.1-25.0.1.res7 affected versions git-1.8.3.1-25.0.1.1.res7 CVE-ID: CVE-2025-48384 BDU-ID: 2025-08691 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Git distributed version control system of the Microsoft Visual Studio softwa...

openSUSE 16 Security Update : bash-git-prompt (openSUSE-SU-2025:20130-1)

The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2025:20130-1 advisory. - CVE-2025-61659: Fixed an issue where predictable files in /tmp were used for a copy of the git index bsc1247489 Tenable has extracted the preceding...