[SECURITY] Fedora 42 Update: glow-2.1.2-1.fc42

Glow is a terminal based markdown reader designed from the ground up to bring out the beauty=E2=80=94and power=E2=80=94of the CLI. Use it to discover mark down files, read documentation directly on the command line. Glow will find local markdown files in subdirectories or a local Git repository...

CVE-2025-61260

A vulnerability was identified in OpenAI Codex CLI v0.23.0 and before that enables code execution through malicious MCP Model Context Protocol configuration files. The attack is triggered when a user runs the codex command inside a malicious or compromised repository. Codex automatically loads...

CVE-2025-61260

A vulnerability was identified in OpenAI Codex CLI v0.23.0 and before that enables code execution through malicious MCP Model Context Protocol configuration files. The attack is triggered when a user runs the codex command inside a malicious or compromised repository. Codex automatically loads...

Linux Distros Unpatched Vulnerability : CVE-2026-34165

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - go-git is an extensible git implementation library written in pure Go. From version 5.0.0 to before version 5.17.1, a vulnerability has been identified in which...

CVE-2026-34165

go-git is an extensible git implementation library written in pure Go. From version 5.0.0 to before version 5.17.1, a vulnerability has been identified in which a maliciously crafted .idx file can cause asymmetric memory consumption, potentially exhausting available memory and resulting in a...

Malicious code in tui-ascii-art (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4358458e150317ab394c6dd2d0137a8c395a32bae309cc1bfd829f123dab1393 These packages are used as build dependencies of malicious packages in newer waves of the campaign 2026-02-urllib-slim. They are used to split the malicious...

CLSA-2026-1768392809 git: Fix of CVE-2024-32021

CVE-2024-32021: fix symlink vulnerability allowing creation of hardlinks to arbitrary files in local source repository cloning...

EUVD-2024-29858

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2024-32004

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can prepare a local repository in su...

GO-2025-3521 Kubernetes GitRepo Volume Inadvertent Local Repository Access in k8s.io/kubernetes

Kubernetes GitRepo Volume Inadvertent Local Repository Access in k8s.io/kubernetes...

GHSA-3WGM-2GW2-VH5M Kubernetes GitRepo Volume Inadvertent Local Repository Access

A security vulnerability was discovered in Kubernetes that could allow a user with create pod permission to exploit gitRepo volumes to access local git repositories belonging to other pods on the same node. This CVE only affects Kubernetes clusters that utilize the in-tree gitRepo volume to clone...

CVE-2024-42187

BigFix Patch Download Plug-ins are affected by path traversal vulnerability. The application could allow operators to download files from a local repository which is vulnerable to path traversal attacks...

PT-2025-2634 · Ibm · Bigfix Patch Download Plug-Ins

Name of the Vulnerable Software and Affected Versions: BigFix Patch Download Plug-ins affected versions not specified Description: The issue concerns a path traversal vulnerability. This could allow operators to download files from a local repository that is vulnerable to path traversal attacks...

Huawei EulerOS: Security Advisory for git (EulerOS-SA-2024-2390)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

git: RCE while cloning local repos

A vulnerability was found in Git. This vulnerability can be exploited by an unauthenticated attacker who places a specialized repository on the target's local system. If the victim clones this repository, the attacker can execute arbitrary code...

SUSE CVE-2024-45305

gix-path is a crate of the gitoxide project dealing with git paths and their conversions. gix-path executes git to find the path of a configuration file that belongs to the git installation itself, but mistakenly treats the local repository's configuration as system-wide if no higher scoped...

gix-path uses local config across repos when it is the highest scope

Summary gix-path executes git to find the path of a configuration file that belongs to the git installation itself, but mistakenly treats the local repository's configuration as system-wide if no higher scoped configuration is found. In rare cases, this causes a less trusted repository to be...

CLSA-2024-1725012457 git: Fix of 2 CVEs

CVE-2024-32004: fetch/clone: detect dubious ownership of local repositories - CVE-2024-32465: upload-pack: disable lazy-fetching by default...

git: RCE while cloning local repos

A vulnerability was found in Git. This vulnerability can be exploited by an unauthenticated attacker who places a specialized repository on the target's local system. If the victim clones this repository, the attacker can execute arbitrary code...

git: RCE while cloning local repos

A vulnerability was found in Git. This vulnerability can be exploited by an unauthenticated attacker who places a specialized repository on the target's local system. If the victim clones this repository, the attacker can execute arbitrary code...