Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

10 matches found

Snyk
Snykadded 2026/04/25 11:42 p.m.4 views

Command Injection

Overview GitPython is a python library used to interact with Git repositories Affected versions of this package are vulnerable to Command Injection via the uploadpack or receivepack kwargs in the Repo.clonefrom, Remote.fetch, Remote.pull, or Remote.push functions. An attacker can execute arbitrar...

8.8CVSS5.9AI score0.0003EPSS
Exploits1References2
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2025-15953

Malicious code in bioql PyPI...

9.4CVSS6.3AI score0.00063EPSS
Exploits0References4
SUSE CVE
SUSE CVEadded 2023/02/15 6:7 a.m.1 views

SUSE CVE-2008-4297

Mercurial before 1.0.2 does not enforce the allowpull permission setting for a pull operation from hgweb, which allows remote attackers to read arbitrary files from a repository via an "hg pull" request...

5CVSS6.9AI score0.00756EPSS
Exploits0References4
SUSE CVE
SUSE CVEadded 2023/02/15 5:4 a.m.1 views

SUSE CVE-2016-3630

The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a 1 clone, 2 push, or 3 pull command, related to a a list sizing rounding error and b short records...

8.8CVSS9.1AI score0.05192EPSS
Exploits0References7
SUSE CVE
SUSE CVEadded 2023/02/15 3:46 a.m.1 views

SUSE CVE-2021-21272

ORAS is open source software which enables a way to push OCI Artifacts to OCI Conformant registries. ORAS is both a CLI for initial testing and a Go Module. In ORAS from version 0.4.0 and before version 0.9.0, there is a "zip-slip" vulnerability. The directory support feature allows the downloade...

7.7CVSS6.9AI score0.00304EPSS
Exploits0References4
Snyk
Snykadded 2022/12/20 1:16 p.m.1 views

Remote Code Execution (RCE)

Overview simple-git is a light weight interface for running git commands in any node.js application. Affected versions of this package are vulnerable to Remote Code Execution RCE via the clone, pull, push and listRemote methods, due to improper input sanitization. This vulnerability exists due to...

9.8CVSS7.6AI score0.41149EPSS
Exploits2References2
OSV
OSVadded 2019/12/17 6:15 p.m.0 views

UBUNTU-CVE-2014-8179

Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to inject new attributes in a JSON object and bypass pull-by-digest validation...

7.5CVSS7.1AI score0.01596EPSS
Exploits0References2
OSV
OSVadded 2014/12/12 3:59 p.m.1 views

DEBIAN-CVE-2014-6407

Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a 1 symlink or 2 hard link attack in an image archive in a a pull or b load operation...

7.5CVSS7.9AI score0.05856EPSS
Exploits0References1
Prion
Prionadded 2014/12/12 3:59 p.m.19 views

Hardcoded credentials

Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a 1 symlink or 2 hard link attack in an image archive in a a pull or b load operation...

7.5CVSS8AI score0.05856EPSS
Exploits0References6Affected Software1
RedHat Linux
RedHat Linuxadded 2014/12/10 11:38 a.m.1 views

docker: symbolic and hardlink issues leading to privilege escalation

Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a 1 symlink or 2 hard link attack in an image archive in a a pull or b load operation...

7.5CVSS7.5AI score0.05856EPSS
Exploits0References4
Rows per page
Query Builder