Malicious code in @kmmao/happy-coder (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c4478b22a21a87a37250e86ef25639330f79b779e5793f642eaf7ddaafd975d4 This package is a near-verbatim fork of the upstream happy-coder/happy-cli references to slopus/happy-cli and happy.engineering are retained througho...

CVE-2026-5007

Affects kazuph mcp-docs-rag up to 0.5.0. The vulnerable component is the cloneRepository function in src/index.ts (add_git_repository/add_text_file). The issue is OS command injection, exploitable locally. An exploit is publicly available, and the project was informed via an issue report but has ...

CLSA-2026-1768392809 git: Fix of CVE-2024-32021

CVE-2024-32021: fix symlink vulnerability allowing creation of hardlinks to arbitrary files in local source repository cloning...

Acunetix_vulnerability_assessment_tool

Acunetixvulnerabilityassessmenttool !imagehttp...

EUVD-2023-34065

Malicious code in bioql PyPI...

PT-2024-40274 · Saltcorn · Saltcorn

Name of the Vulnerable Software and Affected Versions: Saltcorn versions prior to the fixed version Description: The issue arises from the use of user-controlled data in the git clone command without proper validation, leading to a command injection vulnerability. This allows an attacker with adm...

git: insecure hardlinks

A vulnerability was found in Git. This flaw allows an unauthenticated attacker to place a specialized repository on their target's local system. For performance reasons, Git uses hardlinks when cloning a repository located on the same disk. However, if the repo being cloned is owned by a differen...

PT-2020-3658 · Microsoft · Visual Studio Code

Name of the Vulnerable Software and Affected Versions: Visual Studio Code affected versions not specified Description: A remote code execution issue exists when Visual Studio Code processes environment variables after opening a project. An attacker who successfully exploits this could run arbitra...