Malicious code in mcp-server-git (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4cf54d60f4aeb261f3b4c523293183b728b02bc20255aeab62d7f86c94adc7ed package.json declares postinstall: node index.js. On every npm install, index.js lines 14-29 reads os.hostname, process.cwd, os.platform, the npm...

Directory Traversal

mcp-server-git is vulnerable to Directory Traversal. The vulnerability is due to the gitinit tool accepting arbitrary filesystem paths and creating Git repositories without validating the target location, where an attacker can exploit this to create repositories at arbitrary locations, and...

CVE-2026-27735

Model Context Protocol Servers is a collection of reference implementations for the model context protocol MCP. In mcp-server-git versions prior to 2026.1.14, the gitadd tool did not validate that file paths provided in the files argument were within the repository boundaries. Because the tool us...

GHSA-VJQX-CFC4-9H6V mcp-server-git : Path traversal in git_add allows staging files outside repository boundaries

In mcp-server-git versions prior to 2026.1.14, the gitadd tool did not validate that file paths provided in the files argument were within the repository boundaries. The tool used GitPython's repo.index.add, which did not enforce working-tree boundary checks for relative paths. As a result,...

CVE-2025-68144

In mcp-server-git versions prior to 2025.12.17, the gitdiff and gitcheckout functions passed user-controlled arguments directly to git CLI commands without sanitization. Flag-like values e.g., --output=/path/to/file for gitdiff would be interpreted as command-line options rather than git refs,...

EUVD-2025-204002

mcp-server-git has missing path validation when using --repository flag...

mcp-server-git has missing path validation when using --repository flag

In mcp-server-git versions prior to 2025.12.18, when the server is started with the --repository flag to restrict operations to a specific repository path, it did not validate that repopath arguments in subsequent tool calls were actually within that configured path. This could allow tool calls t...

EUVD-2025-204003

mcp-server-git argument injection in gitdiff and gitcheckout functions allows overwriting local files...

Arbitrary Argument Injection

Overview mcp-server-git is an A Model Context Protocol server providing tools to read, search, and manipulate Git repositories programmatically via LLMs Affected versions of this package are vulnerable to Arbitrary Argument Injection via the gitdiff and gitcheckout functions. An attacker can...

mcp-server-git argument injection in git_diff and git_checkout functions allows overwriting local files

In mcp-server-git versions prior to 2025.12.18, the gitdiff and gitcheckout functions passed user-controlled arguments directly to git CLI commands without sanitization. Flag-like values e.g., --output=/path/to/file for gitdiff would be interpreted as command-line options rather than git refs,...

CVE-2025-68145

The CVE-2025-68145 issue affects mcp-server-git when started with the --repository flag. The root cause is missing validation of repo_path in subsequent tool calls, allowing operations on repositories outside the configured path. The fix adds path validation that resolves both the configured repo...

CVE-2025-68145 mcp-server-git has missing path validation when using --repository flag

In mcp-server-git versions prior to 2025.12.17, when the server is started with the --repository flag to restrict operations to a specific repository path, it did not validate that repopath arguments in subsequent tool calls were actually within that configured path. This could allow tool calls t...

CVE-2025-68144 mcp-server-git argument injection in git_diff and git_checkout functions allows overwriting local files

In mcp-server-git versions prior to 2025.12.17, the gitdiff and gitcheckout functions passed user-controlled arguments directly to git CLI commands without sanitization. Flag-like values e.g., --output=/path/to/file for gitdiff would be interpreted as command-line options rather than git refs,...

CVE-2025-68144

CVE-2025-68144 affects mcp-server-git. In versions prior to 2025.12.17, the git_diff and git_checkout functions forward user-controlled arguments directly to the git CLI without sanitization. This allows flag-like values (for example, --output=/path/to/file) to be interpreted as git options rathe...

CVE-2025-68143

CVE-2025-68143 affects the mcp-server-git component. Prior to 2025.9.25, the git_init tool accepted arbitrary filesystem paths and could create Git repositories in any directory accessible to the server process without validating the target location, enabling repository creation at unintended loc...

GHSA-5CGR-J3JF-JW3V mcp-server-git's unrestricted git_init tool allows repository creation at arbitrary filesystem locations

In mcp-server-git versions prior to 2025.9.25, the gitinit tool accepted arbitrary filesystem paths and created Git repositories without validating the target location. Unlike other tools which required an existing repository, gitinit could operate on any directory accessible to the server proces...