naholyr github-todos 3.1.0 is vulnerable to command injection. The range argument for the _hook subcommand is concatenated without any validation, and is directly used by the exec function.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| github-todos(npm) | 0 | N/A | N/A |
CVSS Metrics
