Important: git-lfs

Issue Overview: Git LFS is a Git extension for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git repository's working tree with the contents of Git LFS objects, certain Git LFS commands may write to files visible outside the current Git working tree if symboli...

Exploit for Link Following in Git-Scm Git

PoC for CVE-2025-48384 See CVE-2025-48384https://dgl.cx/20...

CVE-2025-64494

Soft Serve is a self-hostable Git server for the command line. In versions prior to 0.10.0, there are several places where the user can insert data e.g. names and ANSI escape sequences are not being removed, which can then be used, for example, to show fake alerts. In the same token, git messages...

CVE-2025-64494 Soft Serve does not sanitize ANSI escape sequences in user input

Soft Serve is a self-hostable Git server for the command line. In versions prior to 0.10.0, there are several places where the user can insert data e.g. names and ANSI escape sequences are not being removed, which can then be used, for example, to show fake alerts. In the same token, git messages...

CVE-2025-64494 Soft Serve does not sanitize ANSI escape sequences in user input

Soft Serve is a self-hostable Git server for the command line. In versions prior to 0.10.0, there are several places where the user can insert data e.g. names and ANSI escape sequences are not being removed, which can then be used, for example, to show fake alerts. In the same token, git messages...

CVE-2025-64494

Soft Serve (Charmbracelet/soft-serve) does not sanitize ANSI escape sequences in user input, and does not sanitize git messages in some UI paths. Affected versions are prior to 0.10.0. The issue can enable fake-alert-like output due to unsanitized input, with related cleanup needed in printed git...

CVE-2025-64494 Soft Serve does not sanitize ANSI escape sequences in user input

Soft Serve is a self-hostable Git server for the command line. In versions prior to 0.10.0, there are several places where the user can insert data e.g. names and ANSI escape sequences are not being removed, which can then be used, for example, to show fake alerts. In the same token, git messages...

Soft Serve 安全漏洞

Soft Serve is a self-hostable command-line Git server from Charm Open Source. A security vulnerability exists in Soft Serve versions prior to 0.10.0, which stems from not removing ANSI escape sequences and not cleaning up git messages, which could lead to a fake alert attack...

CLSA-2025-1762539123 git-lfs: Fix of 6 CVEs

Rebuild with golang = 1.22.5.tuxcare.els7 to fix CVE-2024-24790, CVE-2024-34156, CVE-2023-45288, CVE-2023-39322, CVE-2023-39321, CVE-2024-24788...

Soft Serve does not sanitize ANSI escape sequences in user input

Impact In several places where the user can insert data e.g. names, ANSI escape sequences are not being removed, which can then be used, for example, to show fake alerts. In the same token, git messages, when printed, are also not being sanitized. Places in which this was found: 1. Repository...

PT-2025-45442

Name of the Vulnerable Software and Affected Versions Soft Serve versions prior to 0.10.0 Description Soft Serve is a self-hostable Git server for the command line. Versions prior to 0.10.0 do not remove ANSI escape sequences from user-supplied data, such as names, potentially allowing for the...

Command Injection

git-commiters is vulnerable to command injection. The vulnerability is due to improper input sanitization in the gitCommitersoptions, callback function, which allows an attacker to inject arbitrary commands through unsanitized parameters such as cwd or revisionRange...

[SECURITY] Fedora 43 Update: uv-0.9.5-1.fc43

An extremely fast Python package installer and resolver, written in Rust. Designed as a drop-in replacement for common pip and pip-tools workflows. Highlights: =E2=80=A2 =E2=9A=96=EF=B8=8F Drop-in replacement for common pip, pip-tools, and virtualenv commands. =E2=80=A2 =E2=9A=A1=EF=B8=8F 10-100x...

RHSA-2025:19601 Red Hat Security Advisory: git security update

Bulletin has no description...

Low: Red Hat Security Advisory: git security update

An update for git is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

git: Git does not sanitize URLs when asking for credentials interactively

A flaw was found in Git. This vulnerability occurs when Git requests credentials via a terminal prompt, for example, without the use of a credential helper. During this process, Git displays the host name for which the credentials are needed, but any URL-encoded parts are decoded and displayed...

RHEL 9 : git (RHSA-2025:19601)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:19601 advisory. Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-serv...

TencentOS Server 4: git-lfs (TSSA-2025:0846)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0846 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

Exploit for CVE-2025-62726

N8N Remote Code Execution CVE-2025-62726 POC/Exploit This vul...

[SECURITY] Fedora 41 Update: uv-0.9.5-1.fc41

An extremely fast Python package installer and resolver, written in Rust. Designed as a drop-in replacement for common pip and pip-tools workflows. Highlights: =E2=80=A2 =E2=9A=96=EF=B8=8F Drop-in replacement for common pip, pip-tools, and virtualenv commands. =E2=80=A2 =E2=9A=A1=EF=B8=8F 10-100x...