CVE-2026-6951

Versions of the package simple-git before 3.36.0 are vulnerable to Remote Code Execution RCE due to an incomplete fix for CVE-2022-25912 that blocks the -c option but not the equivalent --config form. If untrusted input can reach the options argument passed to simple-git, an attacker may still...

CVE-2022-29167

Hawk is an HTTP authentication scheme providing mechanisms for making authenticated HTTP requests with partial cryptographic verification of the request and response, covering the HTTP method, request URI, host, and optionally the request payload. Hawk used a regular expression to parse Host HTTP...

Cross site request forgery (csrf)

Hawk is an HTTP authentication scheme providing mechanisms for making authenticated HTTP requests with partial cryptographic verification of the request and response, covering the HTTP method, request URI, host, and optionally the request payload. Hawk used a regular expression to parse Host HTTP...

CVE-2022-29167 ReDoS vulnerability in header parsing in hawk

Hawk is an HTTP authentication scheme providing mechanisms for making authenticated HTTP requests with partial cryptographic verification of the request and response, covering the HTTP method, request URI, host, and optionally the request payload. Hawk used a regular expression to parse Host HTTP...

GHSA-W24H-V9QH-8GXJ SQL Injection in Django

A SQL injection issue was discovered in QuerySet.explain in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary with dictionary expansion as the options argument, and placing the injection payload in an option name...

OS Command Injection in install-package

install-package through 0.4.0 is vulnerable to Command Injection. It allows execution of arbitrary commands via the options argument...

GHSA-6HR9-4692-FCH9 Withdrawn Advisory: OS Command Injection in effect

Withdrawn Advisory This advisory has been withdrawn because the npm package effect, for which alerts were issued, does not correspond with https://github.com/Javascipt/effect, the repository with the vulnerable code. https://github.com/Javascipt/effect is not in any supported ecosystem...

GHSA-CQR2-XHG6-P268 OS Command Injection in node-mpv

node-mpv through 1.4.3 is vulnerable to Command Injection. It allows execution of arbitrary commands via the options argument...

CVE-2020-7632

node-mpv through 1.4.3 is vulnerable to Command Injection. It allows execution of arbitrary commands via the options argument...

CVE-2020-7635

compass-compile through 0.0.1 is vulnerable to Command Injection.It allows execution of arbitrary commands via tha options argument...

Command injection

node-mpv through 1.4.3 is vulnerable to Command Injection. It allows execution of arbitrary commands via the options argument...

CVE-2020-7635

compass-compile through 0.0.1 is vulnerable to Command Injection.It allows execution of arbitrary commands via tha options argument...

CVE-2020-7629

install-package through 0.4.0 is vulnerable to Command Injection. It allows execution of arbitrary commands via the options argument...

CVE-2020-7624

effect through 1.0.4 is vulnerable to Command Injection. It allows execution of arbitrary command via the options argument...

CVE-2020-7624

effect through 1.0.4 is vulnerable to Command Injection. It allows execution of arbitrary command via the options argument...

Command injection

install-package through 0.4.0 is vulnerable to Command Injection. It allows execution of arbitrary commands via the options argument...

Command injection

effect through 1.0.4 is vulnerable to Command Injection. It allows execution of arbitrary command via the options argument...