Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:npm/async-git@1.13.2
purl pkg:npm/async-git@1.13.2
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-89ub-wbsn-ayfa Argument Injection or Modification The package async-git are vulnerable to Command Injection via shell meta-characters (back-ticks). For example, ``git.reset('a`touch HACKED`b')`` CVE-2020-28490
GHSA-6qpr-9mc5-7gch
VCID-zhnp-1cu9-qqgy The async-git package for Node.js allows OS Command Injection via shell metacharacters, as demonstrated by `git.reset` and `git.tag`. CVE-2021-3190
GHSA-6c3f-p5wp-34mh

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-04T17:27:50.673810+00:00 GithubOSV Importer Fixing VCID-zhnp-1cu9-qqgy https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/01/GHSA-6c3f-p5wp-34mh/GHSA-6c3f-p5wp-34mh.json 38.6.0
2026-06-04T17:26:43.305295+00:00 GithubOSV Importer Fixing VCID-89ub-wbsn-ayfa https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/04/GHSA-6qpr-9mc5-7gch/GHSA-6qpr-9mc5-7gch.json 38.6.0
2026-06-04T16:20:49.158242+00:00 GitLab Importer Fixing VCID-89ub-wbsn-ayfa https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/async-git/CVE-2020-28490.yml 38.6.0
2026-06-04T16:20:45.283486+00:00 GitLab Importer Fixing VCID-zhnp-1cu9-qqgy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/async-git/CVE-2021-3190.yml 38.6.0