CVE-2025-58158 Harness Affected by Arbitrary File Write in Gitness LFS server

Harness Open Source is an end-to-end developer platform with Source Control Management, CI/CD Pipelines, Hosted Developer Environments, and Artifact Registries. Prior to version 3.3.0, Open Source Harness git LFS server Gitness exposes api to retrieve and upload files via git LFS. Implementation ...

Exploit for Link Following in Git-Scm Git

CVE-2025-48384: Breaking git with a carriage return and clonin...

security update for git, git-lfs, obs-scm-bridge, python-PyYAML

This update for git, git-lfs, obs-scm-bridge, python-PyYAML fixes the following issues: git was updated from version 2.43.0 to 2.51.0 bsc1243197: Security issues fixed: CVE-2025-27613 Fixed arbitrary writable file creation and truncation in Gitkbsc1245938 CVE-2025-27614 Fixed arbitrary script...

SUSE-SU-2025:03012-1 security update for git, git-lfs, obs-scm-bridge, python-PyYAML

This update for git, git-lfs, obs-scm-bridge, python-PyYAML fixes the following issues: git was updated from version 2.43.0 to 2.51.0 bsc1243197: - Security issues fixed: CVE-2025-27613 Fixed arbitrary writable file creation and truncation in Gitkbsc1245938 CVE-2025-27614 Fixed arbitrary script...

CISA Adds Citrix and Git Flaws to KEV Catalogue Amid Active Exploitation

CISA has added three actively exploited vulnerabilities in Citrix and Git to its KEV Catalogue. Federal agencies must…...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to Improper Encoding or Escaping of Output in Git [CVE-2024-52005]

Summary IBM Watson Speech Services Cartridge is vulnerable to Improper Encoding or Escaping of Output in Git, due to a failure to protect against standard error output in ANSI escape sequences CVE-2024-52005. Git is used in our speech service runtimes. This vulnerabilitiy has been addressed. Plea...

📄 Coolify 4.0.0-beta.420.6 Command Injection

Coolify versions prior to and including v4.0.0-beta.420.6 are vulnerable to a critical remote code execution flaw in the project deployment workflow. The platform allows authenticated users, with low-level privileges, to inject arbitrary shell commands via the Git Repository URL field during...

TencentOS Server 4: git (TSSA-2025:0605)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0605 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

CVE-2025-34161

Coolify versions prior to v4.0.0-beta.420.7 are vulnerable to a remote code execution vulnerability in the project deployment workflow. The platform allows authenticated users, with low-level member privileges, to inject arbitrary shell commands via the Git Repository field during project creatio...

CVE-2025-34161

Coolify versions prior to v4.0.0-beta.420.7 are vulnerable to a remote code execution vulnerability in the project deployment workflow. The platform allows authenticated users, with low-level member privileges, to inject arbitrary shell commands via the Git Repository field during project creatio...

CVE-2025-34161

CVE-2025-34161 affects Coolify versions prior to v4.0.0-beta.420.7. A remote code execution flaw exists in the project deployment workflow: authenticated users with low privileges can inject arbitrary shell commands through the Git Repository field during project creation, leading to arbitrary co...

CVE-2025-34161

Coolify versions prior to v4.0.0-beta.420.7 are vulnerable to a remote code execution vulnerability in the project deployment workflow. The platform allows authenticated users, with low-level member privileges, to inject arbitrary shell commands via the Git Repository field during project creatio...

Linux Distros Unpatched Vulnerability : CVE-2024-47516

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in Pagure. An argument injection in Git during retrieval of the repository history leads to remote code execution on the Pagure...

Linux Distros Unpatched Vulnerability : CVE-2024-35241

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the status, reinstall and remove commands with packages installe...

PT-2025-34901

Name of the Vulnerable Software and Affected Versions: Coolify versions prior to v4.0.0-beta.420.7 Description: Coolify is vulnerable to a remote code execution issue in the project deployment workflow. Authenticated users with low-level member privileges can inject arbitrary shell commands via t...

Linux Distros Unpatched Vulnerability : CVE-2022-36069

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Poetry is a dependency manager for Python. When handling dependencies that come from a Git repository instead of a registry, Poetry uses various commands, such ...

Linux Distros Unpatched Vulnerability : CVE-2018-7032

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - webcheckout in myrepos through 1.20171231 does not sanitize URLs that are passed to git clone, allowing a malicious website operator or a MitM attacker to take...

Linux Distros Unpatched Vulnerability : CVE-2022-20001

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fish is a command line shell. fish version 3.1.0 through version 3.3.1 is vulnerable to arbitrary code execution. git repositories can contain per-repository...

Linux Distros Unpatched Vulnerability : CVE-2020-28086

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pass through 1.7.3 has a possibility of using a password for an unintended resource. For exploitation to occur, the user must do a git pull, decrypt a password,...

Linux Distros Unpatched Vulnerability : CVE-2018-10857

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - git-annex is vulnerable to a private data exposure and exfiltration attack. It could expose the content of files located outside the git-annex repository, or...