Simple-git@3.15.0 Security Vulnerabilities and Issues — Simple-git@3.15.0 CVE List

Simple-git ProjectSimple-git3.15.0

2 matches found

CVE•added 2026/04/25 5:0 a.m.•52 views

CVE-2026-6951

CVE-2026-6951 affects the Node.js package “simple-git.” The vulnerability lies in versions before 3.36.0, due to an incomplete fix for CVE-2022-25912 that blocks the -c option but not the equivalent --config form. If untrusted input reaches the options argument, an attacker could achieve remote c...

9.8CVSS6.5AI score0.01098EPSS

CVE•added 2026/03/10 6:34 p.m.•33 views

CVE-2026-28292

The CVE-2026-28292 entry concerns the Node.js package simple-git. Affected versions are 3.15.0 through 3.32.2 and the issue bypasses prior fixes from CVE-2022-25860 and CVE-2022-25912, enabling full remote code execution on the host. A fix is noted in version 3.23.0. No exploitation details or in...

9.8CVSS6.4AI score0.01272EPSS