Command Injection

interactive-git-checkout is vulnerable to Command Injection. The vulnerability is due to the application passing unsanitized branch names directly to the git checkout command using Node.js’s exec function, which allows an attacker to inject malicious commands and execute arbitrary code on the...

EUVD-2025-27514

Malicious code in bioql PyPI...

CVE-2025-59046

The npm package interactive-git-checkout is an interactive command-line tool that allows users to checkout a git branch while it prompts for the branch name on the command-line. It is available as an npm package and can be installed via npm install -g interactive-git-checkout. Versions up to and...

Arbitrary Command Injection

Overview interactive-git-checkout is a CLI for simple branch switching Affected versions of this package are vulnerable to Arbitrary Command Injection due to using exec function without proper input validation or sanitization. An attacker can execute arbitrary system commands by supplying special...

GHSA-4WCM-7HJF-6XW5 interactive-git-checkout has a Command Injection vulnerability

The npm package interactive-git-checkout is an interactive command-line tool that allows users to checkout a git branch while it prompts for the branch name on the command-line. It is available as an npm package and can be installed via npm install -g interactive-git-checkout. Resources: Project'...

CVE-2025-59046

The CVE-2025-59046 entry concerns the npm package interactive-git-checkout. Affected versions (up to and including 1.1.4) are vulnerable because the code passes the user-provided branch name directly to git checkout via Node.js child_process.exec() without input validation or sanitization, enabli...

CVE-2025-59046 interactive-git-checkout has Command Injection vulnerability

The npm package interactive-git-checkout is an interactive command-line tool that allows users to checkout a git branch while it prompts for the branch name on the command-line. It is available as an npm package and can be installed via npm install -g interactive-git-checkout. Versions up to and...

interactive-git-checkout 命令注入漏洞

interactive-git-checkout is a branch switching software by the individual developer Nino Filiu. A command injection vulnerability exists in interactive-git-checkout 1.1.4 and earlier versions, which stems from a failure to validate input or clean up branch names, which could lead to a command...