Security
Headlines

Headlines Latest CVEs

Headline

GHSA-v8hg-m323-jvjq: Jenkins Git client Plugin has an OS command injection vulnerability on agents in Git client Plugin

Jenkins Git client Plugin 6.4.0 and earlier does not not correctly escape the path to the workspace directory as part of an argument in a temporary shell script generated by the plugin, allowing attackers able to control the workspace directory name to inject arbitrary OS commands.

1 day ago

#vulnerability #git #java #intel #maven

Skip to content

Navigation Menu

- AI CODE CREATION
  - GitHub CopilotWrite better code with AI
  - GitHub SparkBuild and deploy intelligent apps
  - GitHub ModelsManage and compare prompts
  - MCP RegistryNewIntegrate external tools

View all features

Pricing

Provide feedback

Saved searches****Use saved searches to filter your results more quickly

Sign up

Appearance settings

GitHub Advisory Database
GitHub Reviewed
CVE-2025-67640

Jenkins Git client Plugin has an OS command injection vulnerability on agents in Git client Plugin

Moderate severity GitHub Reviewed Published Dec 10, 2025 to the GitHub Advisory Database • Updated Dec 10, 2025

Package

maven org.jenkins-ci.plugins:git-client (Maven)

Affected versions

< 6.4.1

Description

Published to the GitHub Advisory Database

Dec 10, 2025

Last updated

Dec 10, 2025

EPSS score

ghsa: Latest News

GHSA-qgc4-8p88-4w7m: Servify-express rate limit issue

4 hours ago

GHSA-9449-rphm-mjqr: AzuraCast Vulnerable to Pre-Auth File Deletion & Admin RCE

5 hours ago

GHSA-fw33-qpx7-rhx2: Vulnerability discovered in gardenctl versions < v2.12.0

6 hours ago

GHSA-g754-hx8w-x2g6: quic-go HTTP/3 QPACK Header Expansion DoS

6 hours ago

GHSA-8xqm-6fj2-hfgf: PowerJob has a server-side request forgery vulnerability in PingPongUtils.java

7 hours ago