10097 matches found
check-branches is vulnerable to command Injection
All versions of the package check-branches are vulnerable to Command Injection. check-branches is a command-line tool that is interacted with locally, or via CI, to confirm no conflicts exist in git branches. However, the library follows these conventions which can be abused: 1. It trusts branch...
CVE-2025-11148
All versions of the package check-branches are vulnerable to Command Injection check-branches is a command-line tool that is interacted with locally, or via CI, to confirm no conflicts exist in git branches. However, the library follows these conventions which can be abused: 1. It trusts branch...
CVE-2025-11148
All versions of the package check-branches are vulnerable to Command Injection check-branches is a command-line tool that is interacted with locally, or via CI, to confirm no conflicts exist in git branches. However, the library follows these conventions which can be abused: 1. It trusts branch...
CVE-2025-11148
All versions of the package check-branches are vulnerable to Command Injection check-branches is a command-line tool that is interacted with locally, or via CI, to confirm no conflicts exist in git branches. However, the library follows these conventions which can be abused: 1. It trusts branch...
CVE-2025-61659
bash-git-prompt 2.6.1 through 2.7.1 insecurely uses the /tmp/git-index-private$$ file, which has a predictable name...
PT-2025-40040
All versions of the package check-branches are vulnerable to Command Injection. check-branches is a command-line tool that is interacted with locally, or via CI, to confirm no conflicts exist in git branches. However, the library follows these conventions which can be abused: 1. It trusts branch...
check-branches 安全漏洞
check-branches is a branch conflict checking tool by the individual developer Pablo Schaffner. A security vulnerability exists in check-branches that stems from trusting branch names and splicing user input to execute git commands, which could lead to a command injection attack...
PT-2025-39958
Name of the Vulnerable Software and Affected Versions check-branches affected versions not specified Description The software is susceptible to a command injection issue. The tool trusts branch names without sanitization and constructs git commands by concatenating user input. This allows attacke...
CVE-2025-61659
bash-git-prompt 2.6.1 through 2.7.1 insecurely uses the /tmp/git-index-private$$ file, which has a predictable name...
CVE-2025-61659
bash-git-prompt 2.6.1 through 2.7.1 insecurely uses the /tmp/git-index-private$$ file, which has a predictable name...
Advisory ROSA-SA-2025-3019
software: git 2.51.0 WASP: ROSA-CHROME unaffected versions = git-2.51.0-1 affected versions git-2.51.0-1 CVE-ID: CVE-2025-48384 BDU-ID: 2025-08691 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Git distributed version control system of the Microsoft Visual Studio software development tool is...
Informative git prompt for bash and fish 安全漏洞
Informative git prompt for bash and fish is a bash prompt for Git users from the personal developer Martin Gondermann. A security vulnerability exists in Informative git prompt for bash and fish 2.7.1 and prior versions, which stems from a predictable filename in /tmp/git-index-private$$ that cou...
CVE-2025-61659
bash-git-prompt 2.6.1 through 2.7.1 insecurely uses the /tmp/git-index-private$$ file, which has a predictable name...
CVE-2025-61659
CVE-2025-61659 affects bash-git-prompt versions 2.6.1 through 2.7.1. The root cause is insecure handling of a temporary file in /tmp, using a filename with a predictable pattern (/tmp/git-index-private$$). This can enable unsafe operations due to filename predictability. OpenSUSE/SUSE advisories ...
PT-2025-39840
Name of the Vulnerable Software and Affected Versions bash-git-prompt versions 2.6.1 through 2.7.1 Description The software uses the /tmp/git-index-private$$ file in a manner that results in a predictable filename. Recommendations Update to a version later than 2.7.1...
CVE-2025-61659
bash-git-prompt 2.6.1 through 2.7.1 insecurely uses the /tmp/git-index-private$$ file, which has a predictable name...
CVE-2025-59831
git-commiters is a Node.js function module providing committers stats for their git repository. Prior to version 0.1.2, there is a command injection vulnerability in git-commiters. This vulnerability manifests with the library's primary exported API: gitCommitersoptions, callback which allows...
CVE-2025-59831
git-commiters is a Node.js function module providing committers stats for their git repository. Prior to version 0.1.2, there is a command injection vulnerability in git-commiters. This vulnerability manifests with the library's primary exported API: gitCommitersoptions, callback which allows...
CVE-2025-59831
CVE-2025-59831 affects the Node.js package git-commiters. The vulnerability stems from the gitCommiters(options, callback) API path where user-controlled options (e.g., cwd and revisionRange) were not properly sanitized and were concatenated into command execution, enabling potential command inje...
CVE-2025-59831 `git-comiters` Command Injection vulnerability
git-commiters is a Node.js function module providing committers stats for their git repository. Prior to version 0.1.2, there is a command injection vulnerability in git-commiters. This vulnerability manifests with the library's primary exported API: gitCommitersoptions, callback which allows...