VYPR

Simple Git

by Simple Git Project

Source repositories

CVEs (3)

  • CVE-2026-6951CriApr 25, 2026
    risk 0.57cvss 9.8epss 0.01

    Versions of the package simple-git before 3.36.0 are vulnerable to Remote Code Execution (RCE) due to an incomplete fix for [CVE-2022-25912](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-3112221) that blocks the -c option but not the equivalent --config form. If untrusted…

  • CVE-2026-28292CriMar 10, 2026
    risk 0.57cvss 9.8epss 0.01

    `simple-git`, an interface for running git commands in any node.js application, has an issue in versions 3.15.0 through 3.32.2 that allows an attacker to bypass two prior CVE fixes (CVE-2022-25860 and CVE-2022-25912) and achieve full remote code execution on the host machine.…

  • CVE-2026-28291HigApr 13, 2026
    risk 0.46cvss 8.1epss 0.01

    simple-git enables running native Git commands from JavaScript. Versions up to and including 3.31.1 allow execution of arbitrary commands through Git option manipulation, bypassing safety checks meant to block dangerous options like -u and --upload-pack. The flaw stems from an…