CVE-2025-59831 `git-comiters` Command Injection vulnerability

git-commiters is a Node.js function module providing committers stats for their git repository. Prior to version 0.1.2, there is a command injection vulnerability in git-commiters. This vulnerability manifests with the library's primary exported API: gitCommitersoptions, callback which allows...

CVE-2025-59831 `git-comiters` Command Injection vulnerability

git-commiters is a Node.js function module providing committers stats for their git repository. Prior to version 0.1.2, there is a command injection vulnerability in git-commiters. This vulnerability manifests with the library's primary exported API: gitCommitersoptions, callback which allows...

CVE-2025-59831 `git-comiters` Command Injection vulnerability

git-commiters is a Node.js function module providing committers stats for their git repository. Prior to version 0.1.2, there is a command injection vulnerability in git-commiters. This vulnerability manifests with the library's primary exported API: gitCommitersoptions, callback which allows...

git-commiters.js 安全漏洞

git-commiters.js is a js library by Riceball LEE Individual Developers. A security vulnerability exists in git-commiters.js versions prior to 0.1.2, which stems from not cleaning up user input and not securely executing the process API, which could lead to a command injection attack...

CVE-2025-59433

Conventional Changelog generates changelogs and release notes from a project's commit messages and metadata. Prior to version 2.0.0, @conventional-changelog/git-client has an argument injection vulnerability. This vulnerability manifests with the library's getTags API, which allows extra paramete...

Exploit for Link Following in Git

💥 CVE-2024-32002 – Git Submodule Path Injection PoC 🧠 Visã...

CVE-2025-59433

Conventional Changelog generates changelogs and release notes from a project's commit messages and metadata. Prior to version 2.0.0, @conventional-changelog/git-client has an argument injection vulnerability. This vulnerability manifests with the library's getTags API, which allows extra paramete...

Arbitrary Argument Injection

Overview @conventional-changelog/git-client is a Simple git client for conventional changelog packages. Affected versions of this package are vulnerable to Arbitrary Argument Injection via the getTags API which allows specifying extra parameters passed to the git log command. An attacker can...

CVE-2025-59433

The CVE-2025-59433 vulnerability affects the @conventional-changelog/git-client library prior to v2.0.0. Affected API: getTags() does not sanitize or validate user-supplied parameters, allowing crafted arguments to be passed to the underlying git log command (e.g., --output=), which can enable ar...

CVE-2025-59433 @conventional-changelog/git-client has an Argument Injection vulnerability

Conventional Changelog generates changelogs and release notes from a project's commit messages and metadata. Prior to version 2.0.0, @conventional-changelog/git-client has an argument injection vulnerability. This vulnerability manifests with the library's getTags API, which allows extra paramete...

CVE-2025-59433 @conventional-changelog/git-client has an Argument Injection vulnerability

Conventional Changelog generates changelogs and release notes from a project's commit messages and metadata. Prior to version 2.0.0, @conventional-changelog/git-client has an argument injection vulnerability. This vulnerability manifests with the library's getTags API, which allows extra paramete...

Command Injection

Overview git-commiters is a Statistical summary of various infomation about git commiter. Affected versions of this package are vulnerable to Command Injection via the gitCommiters API which allows specifying options such as cwd for current working directory and revisionRange as a revision pointe...

`git-comiters` Command Injection vulnerability

Background on the vulnerability This vulnerability manifests with the library's primary exported API: gitCommitersoptions, callback which allows specifying options such as cwd for current working directory and revisionRange as a revision pointer, such as HEAD. However, the library does not saniti...

GHSA-G38C-WXJF-XRH6 `git-comiters` Command Injection vulnerability

Background on the vulnerability This vulnerability manifests with the library's primary exported API: gitCommitersoptions, callback which allows specifying options such as cwd for current working directory and revisionRange as a revision pointer, such as HEAD. However, the library does not saniti...

@conventional-changelog/git-client has Argument Injection vulnerability

Background on exploitation This vulnerability manifests with the library's getTags API, which allows specifying extra parameters passed to the git log command. In another API by this library - getRawCommits there are secure practices taken to ensure that the extra parameter path is unable to inje...

@akala/semantic-release (>=2.0.11 <=3.0.62), @blinkbooks/types (>=1.0.5 <=1.0.43) +34 more potentially affected by CVE-2025-59433 via @conventional-changelog/git-client (=1.0.1)

@conventional-changelog/git-client NPM version =1.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on @conventional-changelog/git-client and may be impacted: - @akala/semantic-release =2.0.11, =1.0.5, =4.0.0, =1.19.0, =2.10.0, =1.0.0, =1.0.0, =1.0.0,...

GHSA-VH25-5764-9WCR @conventional-changelog/git-client has Argument Injection vulnerability

Background on exploitation This vulnerability manifests with the library's getTags API, which allows specifying extra parameters passed to the git log command. In another API by this library - getRawCommits there are secure practices taken to ensure that the extra parameter path is unable to inje...

SUSE-SU-2025:20721-1 Security update for git

This update for git fixes the following issues: - Update to 2.51.0 - UI, Workflows & Features - Userdiff patterns for the R language have been added. - Documentation for "git send-email" has been updated with a bit more credential helper and OAuth information. - "git cat-file --batch" learns to...

PT-2025-39374

Name of the Vulnerable Software and Affected Versions git-commiters versions prior to 0.1.2 Description git-commiters is a Node.js function module used to provide committers statistics for a git repository. A command injection issue exists due to insufficient input sanitization and insecure proce...

PT-2025-39067

Name of the Vulnerable Software and Affected Versions Conventional Changelog versions prior to 2.0.0 Description The @conventional-changelog/git-client library, versions prior to 2.0.0, contains a flaw in the getTags API that allows for argument injection into the git log command. This occurs...