VYPR

npm package

@conventional-changelog/git-client

pkg:npm/%40conventional-changelog/git-client

Vulnerabilities (1)

  • CVE-2025-59433MedSep 22, 2025
    affected < 2.0.0fixed 2.0.0

    Conventional Changelog generates changelogs and release notes from a project's commit messages and metadata. Prior to version 2.0.0, @conventional-changelog/git-client has an argument injection vulnerability. This vulnerability manifests with the library's getTags() API, which al