@finos/git-proxy (npm) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package @finos/git-proxy, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (4)
CVE-2025-54586 — CVSS 7.1 (high): GitProxy is an application that stands between developers and a Git remote endpoint. In versions 1.19.1 and below, attackers can inject…
CVE-2025-54583 — CVSS 6.5 (medium): GitProxy is an application that stands between developers and a Git remote endpoint (e.g., github.com). Versions 1.19.1 and below allow…
CVE-2025-54585 — CVSS 6.5 (medium): GitProxy is an application that stands between developers and a Git remote endpoint. In versions 1.19.1 and below, attackers can exploit…
CVE-2025-54584 — CVSS 5.7 (medium): GitProxy is an application that stands between developers and a Git remote endpoint (e.g., github.com). In versions 1.19.1 and below, an…