OPENSUSE-SU-2026:20777-1 Security update for python-GitPython

This update for python-GitPython fixes the following issues - CVE-2026-42215: command injection via Git options bypass bsc1264604. - CVE-2026-42284: unsafe option check validates multioptions before shlex.split transforms it bsc1264605. - CVE-2026-44243: path traversal in GitPython reference APIs...

SUSE-SU-2026:21813-1 Security update for python-GitPython

This update for python-GitPython fixes the following issues - CVE-2026-42215: command injection via Git options bypass bsc1264604. - CVE-2026-42284: unsafe option check validates multioptions before shlex.split transforms it bsc1264605. - CVE-2026-44243: path traversal in GitPython reference APIs...

CVE-2026-44290

CVE-2026-44290 affects protobufjs, where certain schema option paths could traverse inherited properties during option processing, potentially corrupting process-wide built-in functionality. This vulnerability exists in versions prior to 7.5.6 and 8.0.2 and can enable a crafted protobuf schema or...

CVE-2026-44290 protobufjs: Process-wide denial of service through unsafe option paths

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs allowed certain schema option paths to traverse through inherited object properties while applying options. A crafted protobuf schema or JSON descriptor could cause option handling to write...

CVE-2026-44290 protobufjs: Process-wide denial of service through unsafe option paths

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs allowed certain schema option paths to traverse through inherited object properties while applying options. A crafted protobuf schema or JSON descriptor could cause option handling to write...

protobuf.js: Process-wide denial of service through unsafe option paths

Summary protobufjs allowed certain schema option paths to traverse through inherited object properties while applying options. A crafted protobuf schema or JSON descriptor could cause option handling to write to properties on global JavaScript constructors, corrupting process-wide built-in...

GHSA-JVWF-75H9-CWGG protobuf.js: Process-wide denial of service through unsafe option paths

Summary protobufjs allowed certain schema option paths to traverse through inherited object properties while applying options. A crafted protobuf schema or JSON descriptor could cause option handling to write to properties on global JavaScript constructors, corrupting process-wide built-in...

NPM: protobuf.js: Process-wide denial of service through unsafe option paths

NPM: protobuf.js: Process-wide denial of service through unsafe option paths vulnerability discovered by ? in WordPress Npm protobufjs versions = 7.5.5...

CVE-2026-42284

GitPython (Python Git library) is affected by CVE-2026-42284 due to unsafe handling of multi_options in _clone() before 3.1.47. The code validates multi_options as the original list, then performs shlex.split(" ".join(multi_options)), which can allow a crafted string like "--branch main --config ...

CVE-2026-42284 GitPython: Unsafe option check validates multi_options before shlex.split transforms it

GitPython is a python library used to interact with Git repositories. Prior to version 3.1.47, clone validates multioptions as the original list, then executes shlex.split" ".joinmultioptions. A string like "--branch main --config core.hooksPath=/x" passes validation starts with --branch, but aft...

CVE-2026-28291 simple-git has Command Execution via Option-Parsing Bypass

simple-git enables running native Git commands from JavaScript. Versions up to and including 3.31.1 allow execution of arbitrary commands through Git option manipulation, bypassing safety checks meant to block dangerous options like -u and --upload-pack. The flaw stems from an incomplete fix for...

CVE-2026-22793

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe option parsing vulnerability in the ECharts Markdown plugin allows any user able to submit ECharts code blocks to execute arbitrary JavaScript code in the...

CVE-2026-22793

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe option parsing vulnerability in the ECharts Markdown plugin allows any user able to submit ECharts code blocks to execute arbitrary JavaScript code in the...

CVE-2026-22793 5ire vulnerable to Remote Code Execution (RCE) via ECharts

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe option parsing vulnerability in the ECharts Markdown plugin allows any user able to submit ECharts code blocks to execute arbitrary JavaScript code in the...

PT-2026-3864

Name of the Vulnerable Software and Affected Versions 5ire versions prior to 0.15.3 Description 5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. A flaw in the ECharts Markdown plugin allows any user capable of submitting ECharts code blocks to...

OESA-2023-1693 ctags security update

Ctags generates an index or tag file of language objects found in source files that allows these items to be quickly and easily located by a text editor or other utility. A tag signifies a language object for which an index entry is available or, alternatively, the index entry created for that...