npm package
@conventional-changelog/git-client
pkg:npm/%40conventional-changelog/git-client
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-59433 | Med | 5.3 | < 2.0.0 | 2.0.0 | Sep 22, 2025 | Conventional Changelog generates changelogs and release notes from a project's commit messages and metadata. Prior to version 2.0.0, @conventional-changelog/git-client has an argument injection vulnerability. This vulnerability manifests with the library's getTags() API, which al |
- affected < 2.0.0fixed 2.0.0
Conventional Changelog generates changelogs and release notes from a project's commit messages and metadata. Prior to version 2.0.0, @conventional-changelog/git-client has an argument injection vulnerability. This vulnerability manifests with the library's getTags() API, which al