CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4 matches found

Cvelist•added 2023/06/28 5:0 a.m.•16 views

CVE-2023-26134

Versions of the package git-commit-info before 2.0.2 are vulnerable to Command Injection such that the package-exported method gitCommitInfo fails to sanitize its parameter commit, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands once...

9.8CVSS10AI score0.00309EPSS

Exploits1References3

NVD•added 2022/12/14 5:15 a.m.•9 views

CVE-2022-24377

The package cycle-import-check before 1.3.2 are vulnerable to Command Injection via the writeFileToTmpDirAndOpenIt function due to improper user-input sanitization...

9.8CVSS0.01128EPSS

Exploits1References2

NVD•added 2021/01/20 1:15 p.m.•11 views

CVE-2021-23326

This affects the package @graphql-tools/git-loader before 6.2.6. The use of exec and execSync in packages/loaders/git/src/load-git.ts allows arbitrary command injection...

8.8CVSS7.3AI score0.01502EPSS

Exploits0References5

Cvelist•added 2020/09/04 9:30 a.m.•14 views

CVE-2020-7730 Command Injection

The package bestzip before 2.1.7 are vulnerable to Command Injection via the options param...

9.8CVSS9.8AI score0.10056EPSS

Exploits0References2

Rows per page