786 matches found
GO-2026-4338 Unexpected code execution when invoking toolchain in cmd/go
Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial hg installed, downloading modules from non-standard sources e.g., custom domains can cause unexpected code execution due to how external VCS commands are constructed. This iss...
CLSA-2026-1767950442 git: Fix of CVE-2024-32021
CVE-2024-32021: checking whether the hardlinked destination file matches the source file and abort in case it doesn't...
CVE-2024-41673
Decidim is a participatory democracy framework. The version control feature used in resources is subject to potential XSS attack through a malformed URL. This vulnerability is fixed in 0.27.8...
CVE-2019-7263
Linear eMerge E3-Series devices have a Version Control Failure...
CVE-2025-68398 Weblate has git config file overwrite vulnerability that leads to remote code execution
Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to overwrite Git configuration remotely and override some of its behavior. Version 5.15.1 fixes the issue...
ALSA-2025:23667 Important: git-lfs security update
Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: git-lfs: Git LFS may write to arbitrary files via crafted symlinks CVE-2025-26625 For more detai...
CVE-2025-68165
In JetBrains TeamCity before 2025.11 reflected XSS was possible on VCS Root setup...
CVE-2025-68165
In JetBrains TeamCity before 2025.11 reflected XSS was possible on VCS Root setup...
CVE-2025-68165
In JetBrains TeamCity before 2025.11 reflected XSS was possible on VCS Root setup...
CVE-2025-68165
CVE-2025-68165 is reported for JetBrains TeamCity: reflected XSS on the VCS Root setup in versions prior to 2025.11.0. The connected Nessus entry confirms the vulnerability exists in TeamCity
PYSEC-2025-231
Weblate is a web based localization tool. The Create Component functionality in Weblate allows authorized users to add new translation components by specifying both a version control system and a source code repository URL to pull from. However, prior to version 5.15, the repository URL field is...
JetBrains TeamCity 跨站脚本漏洞
JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides features such as continuous unit testing, code quality analysis and build issue analysis reports. A cross-site scripting vulnerability exists in JetBrai...
EulerOS 2.0 SP13 : golang (EulerOS-SA-2025-2521)
According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a...
CVE-2025-67640
Jenkins Git client Plugin 6.4.0 and earlier does not not correctly escape the path to the workspace directory as part of an argument in a temporary shell script generated by the plugin, allowing attackers able to control the workspace directory name to inject arbitrary OS commands...
EUVD-2025-199412
Malicious code in @voiceflow/git-branch-check npm...
Command Injection
check-branches is vulnerable to command injection.The vulnerability is due to the tool trusting branch names as plain text and concatenating them into git commands, which allows an attacker to craft malicious branch names to execute arbitrary system commands...
CVE-2025-64688
In JetBrains YouTrack before 2025.3.104432 missing VCS URL validation allowed delegation to unauthorized repositories from the Junie widget...
EUVD-2025-44049
In JetBrains YouTrack before 2025.3.104432 missing VCS URL validation allowed delegation to unauthorized repositories from the Junie widget...
CVE-2025-64688
...
CVE-2025-64688
CVE-2025-64688 is rejected/not used per the initial description.