Simple-git_project Simple-git
2 CVEs affecting Simple-git_project Simple-git. Latest disclosed: 2026-04-25. Critical: 1, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-6951 | Critical | 9.8 | 2026-04-25 | Versions of the package simple-git before 3.36.0 are vulnerable to Remote Code Execution (RCE) due to an incomplete fix for [CVE-2022-25912](https://security.s… |
CVE-2026-28291 | High | 8.1 | 2026-04-13 | simple-git enables running native Git commands from JavaScript. Versions up to and including 3.31.1 allow execution of arbitrary commands through Git option ma… |