VYPR
Vendor

Jdx

Products
1
CVEs
2
Across products
2
Status
Private

Products

1

Recent CVEs

2
  • CVE-2026-35533HigApr 7, 2026
    risk 0.43cvss 7.7epss 0.00

    mise manages dev tools like node, python, cmake, and terraform. From 2026.2.18 through 2026.4.5, mise loads trust-control settings from a local project .mise.toml before the trust check runs. An attacker who can place a malicious .mise.toml in a repository can make that same…

  • CVE-2026-55448medJun 23, 2026
    risk 0.26cvss epss 0.00

    ### Summary `mise` loads `github.credential_command` from local project config before any trust decision, then executes that value with `sh -c` when resolving a GitHub token. An attacker who can place a `.mise.toml` in a repository can execute arbitrary shell commands when the…