GHSA-CXQ7-XW9V-RCV3 vulnerabilities

Vulnerabilities for packages: vendir, pvc-autoresizer-fips, nodetaint, volsync-fips, git-sync-fips, spicedb-operator, s5cmd, jsonnet-bundler, kubernetes-secret-generator, spire-controller-manager, cadvisor, crossplane-provider-terraform, distribution-fips, hivemind, sigstore-scaffolding,...

GHSA-9GCR-GP5F-JW27 vulnerabilities

Vulnerabilities for packages: vendir, pvc-autoresizer-fips, git-sync-fips, spicedb-operator, s5cmd, jsonnet-bundler, kubernetes-secret-generator, spire-controller-manager, cadvisor, crossplane-provider-terraform, distribution-fips, hivemind, sigstore-scaffolding, wait-for-port,...

Security update for git-bug (moderate)

openSUSE Security Update: Security update for git-bug Announcement ID: openSUSE-SU-2025:0417-1 Rating: moderate References: 1251463 1251664 Cross-References: CVE-2025-47911 CVE-2025-58190 CVSS scores: CVE-2025-47911 SUSE: 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N...

Security update for git-bug (moderate)

openSUSE Security Update: Security update for git-bug Announcement ID: openSUSE-SU-2025:0418-1 Rating: moderate References: 1251463 1251664 Cross-References: CVE-2025-47911 CVE-2025-58190 CVSS scores: CVE-2025-47911 SUSE: 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N...

CVE-2025-64112

Statmatic is a Laravel and Git powered content management system CMS. Stored XSS vulnerabilities in Collections and Taxonomies allow authenticated users with content creation permissions to inject malicious JavaScript that executes when viewed by higher-privileged users. This vulnerability is fix...

CVE-2025-62726

n8n is an open source workflow automation platform. Prior to 1.113.0, a remote code execution vulnerability exists in the Git Node component available in both Cloud and Self-Hosted versions of n8n. When a malicious actor clones a remote repository containing a pre-commit hook, the subsequent use ...

CVE-2025-62726

n8n is an open source workflow automation platform. Prior to 1.113.0, a remote code execution vulnerability exists in the Git Node component available in both Cloud and Self-Hosted versions of n8n. When a malicious actor clones a remote repository containing a pre-commit hook, the subsequent use ...

Unsafe Dependency Resolution

Amendment This issue was found to be a duplicate. The original vulnerability with details can be found here. Credit: Assaf Levkovich...

EUVD-2025-37026

n8n Vulnerable to Remote Code Execution via Git Node Pre-Commit Hook...

n8n Vulnerable to Remote Code Execution via Git Node Pre-Commit Hook

Impact A remote code execution vulnerability exists in the Git Node component available in both Cloud and Self-Hosted versions of n8n. When a malicious actor clones a remote repository containing a pre-commit hook, the subsequent use of the Commit operation in the Git Node can inadvertently trigg...

GHSA-XGP7-7QJQ-VG47 n8n Vulnerable to Remote Code Execution via Git Node Pre-Commit Hook

Impact A remote code execution vulnerability exists in the Git Node component available in both Cloud and Self-Hosted versions of n8n. When a malicious actor clones a remote repository containing a pre-commit hook, the subsequent use of the Commit operation in the Git Node can inadvertently trigg...

CVE-2025-62726

The CVE-2025-62726 entry concerns n8n (Cloud and Self-Hosted) with a remote code execution vulnerability in the Git Node prior to 1.113.0. When cloning a remote repository containing a pre-commit hook, a subsequent Commit operation can trigger the hook, allowing arbitrary code execution in the n8...

CVE-2025-62726 n8n Vulnerable to Remote Code Execution via Git Node Pre-Commit Hook

n8n is an open source workflow automation platform. Prior to 1.113.0, a remote code execution vulnerability exists in the Git Node component available in both Cloud and Self-Hosted versions of n8n. When a malicious actor clones a remote repository containing a pre-commit hook, the subsequent use ...

CVE-2025-62726 n8n Vulnerable to Remote Code Execution via Git Node Pre-Commit Hook

n8n is an open source workflow automation platform. Prior to 1.113.0, a remote code execution vulnerability exists in the Git Node component available in both Cloud and Self-Hosted versions of n8n. When a malicious actor clones a remote repository containing a pre-commit hook, the subsequent use ...

CVE-2025-62726 n8n Vulnerable to Remote Code Execution via Git Node Pre-Commit Hook

n8n is an open source workflow automation platform. Prior to 1.113.0, a remote code execution vulnerability exists in the Git Node component available in both Cloud and Self-Hosted versions of n8n. When a malicious actor clones a remote repository containing a pre-commit hook, the subsequent use ...

GO-2025-4038 Git LFS may write to arbitrary files via crafted symlinks in github.com/git-lfs/git-lfs

Git LFS may write to arbitrary files via crafted symlinks in github.com/git-lfs/git-lfs...

MAL-2025-49099 Malicious code in @raux/ra-react-big-calendar (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 2a212e56b9bc45f8e1a5ba0e12813f0d333c9d77c3d94b1ec81b8bdd42655580 This package installs a dependency hosted on a custom domain that runs an info stealer during installation. The info stealer focuses on...

Malicious code in @dealmgmt/grid (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 3f1e7bb02af2f24d6a057db349128269908eb7e771722c7cf8aa637d3974058a This package installs a dependency hosted on a custom domain that runs an info stealer during installation. The info stealer focuses on...

Malicious code in @raux/ra-react-big-calendar (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 2a212e56b9bc45f8e1a5ba0e12813f0d333c9d77c3d94b1ec81b8bdd42655580 This package installs a dependency hosted on a custom domain that runs an info stealer during installation. The info stealer focuses on...

PT-2025-44432

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.113.0 Description n8n is a workflow automation platform with a remote code execution issue in the Git Node component, affecting both Cloud and Self-Hosted versions. A malicious actor can exploit this by cloning a...