CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11 matches found

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2023-0667

Malicious code in bioql PyPI...

7.8CVSS7.4AI score0.01078EPSS

Exploits1References5

RedhatCVE•added 2023/02/07 4:26 a.m.•30 views

CVE-2022-25853

All versions of the package semver-tags are vulnerable to Command Injection via the getGitTagsRemote function due to improper input sanitization...

7.4CVSS7.9AI score0.01078EPSS

Exploits1References3

vulnersOsv•added 2023/02/06 6:30 a.m.•4 views

@braira/changelog (>=1.0.0 <=1.0.4), grunt-ivantage-svn-changelog (>=0.3.0 <=0.4.1) potentially affected by CVE-2022-25853 via semver-tags (>=0.1.5 <=0.4.10)

semver-tags NPM version =0.1.5, =1.0.0, =0.3.0, =0.4.1 Source cves: CVE-2022-25853 Source advisory: OSV:GHSA-8H3G-HCWP-6HXQ...

7.8CVSS7.1AI score0.01078EPSS

Exploits1

OSV•added 2023/02/06 6:30 a.m.•1 views

GHSA-8H3G-HCWP-6HXQ semver-tags is vulnerable to Command Injection via the getGitTagsRemote function

All versions of the package semver-tags are vulnerable to Command Injection via the getGitTagsRemote function due to improper input sanitization...

7.8CVSS7.1AI score0.01078EPSS

Exploits1References5

Github Security Blog•added 2023/02/06 6:30 a.m.•21 views

semver-tags is vulnerable to Command Injection via the getGitTagsRemote function

All versions of the package semver-tags are vulnerable to Command Injection via the getGitTagsRemote function due to improper input sanitization...

7.8CVSS6AI score0.01078EPSS

Exploits1References5Affected Software1

OSV•added 2023/02/06 5:15 a.m.•0 views

CVE-2022-25853

All versions of the package semver-tags are vulnerable to Command Injection via the getGitTagsRemote function due to improper input sanitization...

7.8CVSS5.8AI score0.01078EPSS

Exploits1References2

Prion•added 2023/02/06 5:15 a.m.•11 views

Command injection

All versions of the package semver-tags are vulnerable to Command Injection via the getGitTagsRemote function due to improper input sanitization...

4.3CVSS7.9AI score0.01078EPSS

Exploits1References2

Vulnrichment•added 2023/02/06 5:0 a.m.•5 views

CVE-2022-25853

All versions of the package semver-tags are vulnerable to Command Injection via the getGitTagsRemote function due to improper input sanitization...

7.4CVSS7.6AI score0.01078EPSS

Exploits1References2

CNNVD•added 2023/02/06 12:0 a.m.•1 views

semver-tags 安全漏洞

semver-tags is jtrussell's personal developer's tool for obtaining semver tags for repos. A security vulnerability exists in semver-tags, which stems from improper cleaning of user input. An attacker can exploit this vulnerability to perform command injection via the getGitTagsRemote function...

7.8CVSS7.4AI score0.01078EPSS

Exploits1References4

vulnersOsv•added 2022/12/19 10:47 a.m.•3 views

@braira/changelog (>=1.0.0 <=1.0.4), grunt-ivantage-svn-changelog (>=0.3.0 <=0.4.1) potentially affected by CVE-2022-25853 via semver-tags (>=0.1.5 <=0.4.10)

semver-tags NPM version =0.1.5, =1.0.0, =0.3.0, =0.4.1 Source cves: CVE-2022-25853 Source advisory: SNYK:JS-SEMVERTAGS-3175612...

7.8CVSS7.1AI score0.01078EPSS

Exploits1

Snyk•added 2022/12/19 10:47 a.m.•1 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the getGitTagsRemote function due to improper input sanitization. PoC js var r = require"semver-tags" opt = "repoType":"git","repoPath":"";touch EXPLOITED;"" finalCb = console.log ropt,finalCb Remediation There is...

7.8CVSS7.3AI score0.01078EPSS

Exploits1References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by