Renovate vulnerable to arbitrary command injection via hermit manager and maliciously named dependencies

Moderate severity GitHub Reviewed Published Jan 13, 2026 in renovatebot/renovate • Updated Jan 13, 2026

No open alerts for this advisory

Give feedback on Dependabot alerts