go-git improperly verifies data integrity values for .idx and .pack files
Description
go-git is a highly extensible git implementation library written in pure Go. Prior to 5.16.5, a vulnerability was discovered in go-git whereby data integrity values for .pack and .idx files were not properly verified. This resulted in go-git potentially consuming corrupted files, which would likely result in unexpected errors such as object not found. For context, clients fetch packfiles from upstream Git servers. Those files contain a checksum of their contents, so that clients can perform integrity checks before consuming it. The pack indexes (.idx) are generated locally by go-git, or the git cli, when new .pack files are received and processed. The integrity checks for both files were not being verified correctly. This vulnerability is fixed in 5.16.5.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/go-git/go-git/v5Go | < 5.16.5 | 5.16.5 |
Affected products
311- osv-coords310 versionspkg:apk/chainguard/amazon-ssm-agentpkg:apk/chainguard/amazon-ssm-agent-ecs-execpkg:apk/chainguard/amazon-ssm-agent-ecs-exec-fipspkg:apk/chainguard/amazon-ssm-agent-fipspkg:apk/chainguard/apkopkg:apk/chainguard/apko-fipspkg:apk/chainguard/argo-cd-2.13pkg:apk/chainguard/argo-cd-2.13-compatpkg:apk/chainguard/argo-cd-2.14pkg:apk/chainguard/argo-cd-2.14-compatpkg:apk/chainguard/argo-cd-3.0pkg:apk/chainguard/argo-cd-3.0-compatpkg:apk/chainguard/argo-cd-3.1pkg:apk/chainguard/argo-cd-3.1-compatpkg:apk/chainguard/argo-cd-3.2pkg:apk/chainguard/argo-cd-3.2-compatpkg:apk/chainguard/argo-cd-fips-3.0pkg:apk/chainguard/argo-cd-fips-3.0-compatpkg:apk/chainguard/argo-cd-fips-3.1pkg:apk/chainguard/argo-cd-fips-3.1-compatpkg:apk/chainguard/argo-cd-fips-3.2pkg:apk/chainguard/argo-cd-fips-3.2-compatpkg:apk/chainguard/argocd-image-updaterpkg:apk/chainguard/argocd-image-updater-fipspkg:apk/chainguard/argo-eventspkg:apk/chainguard/argo-events-fipspkg:apk/chainguard/argo-workflow-executor-3.6pkg:apk/chainguard/argo-workflow-executor-3.7pkg:apk/chainguard/argo-workflow-executor-fips-3.6pkg:apk/chainguard/argo-workflow-executor-fips-3.7pkg:apk/chainguard/argo-workflows-3.6pkg:apk/chainguard/argo-workflows-3.7pkg:apk/chainguard/argo-workflows-fips-3.6pkg:apk/chainguard/argo-workflows-fips-3.7pkg:apk/chainguard/bompkg:apk/chainguard/cerbospkg:apk/chainguard/cerbosctlpkg:apk/chainguard/cerbosctl-fipspkg:apk/chainguard/cerbos-fipspkg:apk/chainguard/cgpkg:apk/chainguard/chainctlpkg:apk/chainguard/chezmoipkg:apk/chainguard/cloudbeat-8.17pkg:apk/chainguard/cloudbeat-8.18pkg:apk/chainguard/cloudbeat-8.19pkg:apk/chainguard/cloudbeat-9.0pkg:apk/chainguard/cloudbeat-9.1pkg:apk/chainguard/cloudbeat-9.2pkg:apk/chainguard/cloudbeat-fips-8.17pkg:apk/chainguard/cloudbeat-fips-8.18pkg:apk/chainguard/cloudbeat-fips-8.19pkg:apk/chainguard/cloudbeat-fips-9.0pkg:apk/chainguard/cloudbeat-fips-9.1pkg:apk/chainguard/cloudbeat-fips-9.2pkg:apk/chainguard/crossplane-1.20-crankpkg:apk/chainguard/crossplane-2.0-crankpkg:apk/chainguard/crossplane-2.1-crankpkg:apk/chainguard/crossplane-fips-1.20-crankpkg:apk/chainguard/crossplane-fips-2.0-crankpkg:apk/chainguard/crossplane-fips-2.1-crankpkg:apk/chainguard/crossplane-fips-2.2-crankpkg:apk/chainguard/daggerpkg:apk/chainguard/external-secrets-operator-1.3pkg:apk/chainguard/flux-2.5pkg:apk/chainguard/flux-2.6pkg:apk/chainguard/flux-2.7pkg:apk/chainguard/flux-fips-2.5pkg:apk/chainguard/flux-fips-2.6pkg:apk/chainguard/flux-fips-2.7pkg:apk/chainguard/flux-image-automation-controllerpkg:apk/chainguard/flux-image-automation-controller-fipspkg:apk/chainguard/flux-kustomize-controllerpkg:apk/chainguard/flux-kustomize-controller-fipspkg:apk/chainguard/flux-operatorpkg:apk/chainguard/flux-source-controllerpkg:apk/chainguard/flux-source-controller-fipspkg:apk/chainguard/flux-source-watcherpkg:apk/chainguard/flux-source-watcher-fipspkg:apk/chainguard/gitaly-18.6pkg:apk/chainguard/gitaly-18.7pkg:apk/chainguard/gitaly-18.8pkg:apk/chainguard/gitaly-fips-18.6pkg:apk/chainguard/gitaly-fips-18.7pkg:apk/chainguard/gitaly-fips-18.8pkg:apk/chainguard/giteapkg:apk/chainguard/gitea-fipspkg:apk/chainguard/gitlab-rails-ce-18.1pkg:apk/chainguard/gitlab-rails-ce-18.3pkg:apk/chainguard/gitlab-rails-ce-18.4pkg:apk/chainguard/gitlab-rails-ce-18.5pkg:apk/chainguard/gitlab-rails-ce-18.6pkg:apk/chainguard/gitlab-rails-ce-18.7pkg:apk/chainguard/gitlab-rails-ce-18.8pkg:apk/chainguard/gitlab-rails-ce-fips-18.1pkg:apk/chainguard/gitlab-rails-ce-fips-18.3pkg:apk/chainguard/gitlab-rails-ce-fips-18.4pkg:apk/chainguard/gitlab-rails-ce-fips-18.5pkg:apk/chainguard/gitlab-rails-ce-fips-18.6pkg:apk/chainguard/gitlab-rails-ce-fips-18.7pkg:apk/chainguard/gitlab-rails-ce-fips-18.8pkg:apk/chainguard/gitlab-runner-18.6pkg:apk/chainguard/gitlab-runner-18.7pkg:apk/chainguard/gitlab-runner-18.8pkg:apk/chainguard/gitlab-runner-fips-18.6pkg:apk/chainguard/gitlab-runner-fips-18.7pkg:apk/chainguard/gitlab-runner-fips-18.8pkg:apk/chainguard/gitlab-runner-helper-18.6pkg:apk/chainguard/gitlab-runner-helper-18.7pkg:apk/chainguard/gitlab-runner-helper-18.8pkg:apk/chainguard/gitlab-runner-helper-fips-18.6pkg:apk/chainguard/gitlab-runner-helper-fips-18.7pkg:apk/chainguard/gitlab-runner-helper-fips-18.8pkg:apk/chainguard/gitsignpkg:apk/chainguard/gomplatepkg:apk/chainguard/gomplate-fipspkg:apk/chainguard/google-osconfig-agentpkg:apk/chainguard/goreleaserpkg:apk/chainguard/gptscriptpkg:apk/chainguard/grafana-12.1pkg:apk/chainguard/grafana-alloypkg:apk/chainguard/grafana-alloy-fipspkg:apk/chainguard/grafana-fips-12.1pkg:apk/chainguard/grypepkg:apk/chainguard/grype-dbpkg:apk/chainguard/grype-fipspkg:apk/chainguard/guacpkg:apk/chainguard/guacingestpkg:apk/chainguard/guaconepkg:apk/chainguard/k9spkg:apk/chainguard/k9s-fipspkg:apk/chainguard/kargopkg:apk/chainguard/kotspkg:apk/chainguard/kubescapepkg:apk/chainguard/kubevela-vela-clipkg:apk/chainguard/kubevela-vela-cli-fipspkg:apk/chainguard/kubevela-vela-corepkg:apk/chainguard/kubevela-vela-core-fipspkg:apk/chainguard/kyverno-cli-1.14pkg:apk/chainguard/kyverno-cli-1.15pkg:apk/chainguard/kyverno-cli-1.16pkg:apk/chainguard/kyverno-cli-fips-1.14pkg:apk/chainguard/kyverno-cli-fips-1.15pkg:apk/chainguard/kyverno-cli-fips-1.16pkg:apk/chainguard/livekit-clipkg:apk/chainguard/melangepkg:apk/chainguard/nemopkg:apk/chainguard/nfpmpkg:apk/chainguard/nucleipkg:apk/chainguard/osv-scannerpkg:apk/chainguard/packerpkg:apk/chainguard/packer-fipspkg:apk/chainguard/pulumipkg:apk/chainguard/pulumi-kubernetes-operatorpkg:apk/chainguard/pulumi-language-dotnetpkg:apk/chainguard/pulumi-language-gopkg:apk/chainguard/pulumi-language-javapkg:apk/chainguard/pulumi-language-nodejspkg:apk/chainguard/pulumi-language-pythonpkg:apk/chainguard/rancher-fleet-clipkg:apk/chainguard/rancher-fleet-cli-fipspkg:apk/chainguard/rancher-fleet-controllerpkg:apk/chainguard/rancher-fleet-controller-fipspkg:apk/chainguard/scorecardpkg:apk/chainguard/skaffoldpkg:apk/chainguard/skaffold-fipspkg:apk/chainguard/snyk-clipkg:apk/chainguard/src-fingerprintpkg:apk/chainguard/src-fingerprint-fipspkg:apk/chainguard/steampipepkg:apk/chainguard/syftpkg:apk/chainguard/syft-fipspkg:apk/chainguard/tekton-pipelines-resolvers-0.59pkg:apk/chainguard/tekton-pipelines-resolvers-0.62pkg:apk/chainguard/tekton-pipelines-resolvers-0.65pkg:apk/chainguard/tekton-pipelines-resolvers-0.68pkg:apk/chainguard/tekton-pipelines-resolvers-fips-0.59pkg:apk/chainguard/tekton-pipelines-resolvers-fips-0.62pkg:apk/chainguard/tekton-pipelines-resolvers-fips-0.65pkg:apk/chainguard/tekton-pipelines-resolvers-fips-0.68pkg:apk/chainguard/teleport-17pkg:apk/chainguard/teleport-18pkg:apk/chainguard/teleport-18.6pkg:apk/chainguard/tfsecpkg:apk/chainguard/timonipkg:apk/chainguard/trivypkg:apk/chainguard/trivy-fipspkg:apk/chainguard/trivy-operatorpkg:apk/chainguard/trivy-operator-fipspkg:apk/chainguard/trufflehogpkg:apk/chainguard/trufflehog-fipspkg:apk/chainguard/witnesspkg:apk/chainguard/wolfictlpkg:apk/chainguard/xeolpkg:apk/chainguard/xeol-fipspkg:apk/chainguard/zarfpkg:apk/chainguard/zotpkg:apk/wolfi/apkopkg:apk/wolfi/argo-cd-2.13pkg:apk/wolfi/argo-cd-2.13-compatpkg:apk/wolfi/argo-cd-2.14pkg:apk/wolfi/argo-cd-2.14-compatpkg:apk/wolfi/argo-cd-3.0pkg:apk/wolfi/argo-cd-3.0-compatpkg:apk/wolfi/argo-cd-3.1pkg:apk/wolfi/argo-cd-3.1-compatpkg:apk/wolfi/argo-cd-3.2pkg:apk/wolfi/argo-cd-3.2-compatpkg:apk/wolfi/argocd-image-updaterpkg:apk/wolfi/argo-eventspkg:apk/wolfi/argo-workflow-executor-3.7pkg:apk/wolfi/argo-workflows-3.7pkg:apk/wolfi/bompkg:apk/wolfi/cerbospkg:apk/wolfi/cerbosctlpkg:apk/wolfi/chezmoipkg:apk/wolfi/crossplane-2.1-crankpkg:apk/wolfi/daggerpkg:apk/wolfi/external-secrets-operator-1.3pkg:apk/wolfi/flux-2.5pkg:apk/wolfi/flux-2.6pkg:apk/wolfi/flux-2.7pkg:apk/wolfi/flux-image-automation-controllerpkg:apk/wolfi/flux-kustomize-controllerpkg:apk/wolfi/flux-operatorpkg:apk/wolfi/flux-source-controllerpkg:apk/wolfi/gitaly-18.6pkg:apk/wolfi/gitaly-18.7pkg:apk/wolfi/gitaly-18.8pkg:apk/wolfi/giteapkg:apk/wolfi/gitlab-runner-18.6pkg:apk/wolfi/gitlab-runner-18.7pkg:apk/wolfi/gitlab-runner-18.8pkg:apk/wolfi/gitlab-runner-helper-18.6pkg:apk/wolfi/gitlab-runner-helper-18.7pkg:apk/wolfi/gitlab-runner-helper-18.8pkg:apk/wolfi/gitsignpkg:apk/wolfi/gomplatepkg:apk/wolfi/goreleaserpkg:apk/wolfi/gptscriptpkg:apk/wolfi/grafana-12.1pkg:apk/wolfi/grafana-alloypkg:apk/wolfi/grypepkg:apk/wolfi/guacpkg:apk/wolfi/guacingestpkg:apk/wolfi/guaconepkg:apk/wolfi/k9spkg:apk/wolfi/kargopkg:apk/wolfi/kotspkg:apk/wolfi/kubescapepkg:apk/wolfi/kubevela-vela-clipkg:apk/wolfi/kubevela-vela-corepkg:apk/wolfi/kyverno-cli-1.14pkg:apk/wolfi/kyverno-cli-1.15pkg:apk/wolfi/kyverno-cli-1.16pkg:apk/wolfi/melangepkg:apk/wolfi/nfpmpkg:apk/wolfi/nucleipkg:apk/wolfi/osv-scannerpkg:apk/wolfi/pulumipkg:apk/wolfi/pulumi-kubernetes-operatorpkg:apk/wolfi/pulumi-language-dotnetpkg:apk/wolfi/pulumi-language-gopkg:apk/wolfi/pulumi-language-javapkg:apk/wolfi/pulumi-language-nodejspkg:apk/wolfi/pulumi-language-pythonpkg:apk/wolfi/rancher-fleet-clipkg:apk/wolfi/rancher-fleet-controllerpkg:apk/wolfi/scorecardpkg:apk/wolfi/skaffoldpkg:apk/wolfi/snyk-clipkg:apk/wolfi/src-fingerprintpkg:apk/wolfi/steampipepkg:apk/wolfi/syftpkg:apk/wolfi/teleport-17pkg:apk/wolfi/teleport-18pkg:apk/wolfi/teleport-18.6pkg:apk/wolfi/tfsecpkg:apk/wolfi/timonipkg:apk/wolfi/trivypkg:apk/wolfi/trivy-operatorpkg:apk/wolfi/trufflehogpkg:apk/wolfi/witnesspkg:apk/wolfi/wolfictlpkg:apk/wolfi/xeolpkg:apk/wolfi/zarfpkg:apk/wolfi/zotpkg:golang/github.com/go-git/go-git/v5pkg:rpm/opensuse/alloy&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/terraform-provider-local&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/terraform-provider-null&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/terraform-provider-random&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/terraform-provider-tls&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/trivy&distro=openSUSE%20Tumbleweedpkg:rpm/suse/alloy&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/amazon-ssm-agent&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2012pkg:rpm/suse/amazon-ssm-agent&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP4pkg:rpm/suse/amazon-ssm-agent&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5pkg:rpm/suse/amazon-ssm-agent&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP6pkg:rpm/suse/amazon-ssm-agent&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP7pkg:rpm/suse/amazon-ssm-agent&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/amazon-ssm-agent&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/terraform-provider-local&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP4pkg:rpm/suse/terraform-provider-local&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5pkg:rpm/suse/terraform-provider-null&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP4pkg:rpm/suse/terraform-provider-null&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5pkg:rpm/suse/terraform-provider-random&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP4pkg:rpm/suse/terraform-provider-random&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5pkg:rpm/suse/terraform-provider-tls&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP4pkg:rpm/suse/terraform-provider-tls&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5
< 3.3.3270.0-r5+ 309 more
- (no CPE)range: < 3.3.3270.0-r5
- (no CPE)range: < 3.3.3270.0-r5
- (no CPE)range: < 3.3.3270.0-r6
- (no CPE)range: < 3.3.3270.0-r6
- (no CPE)range: < 1.1.6-r1
- (no CPE)range: < 1.1.6-r1
- (no CPE)range: < 2.13.9-r8
- (no CPE)range: < 2.13.9-r8
- (no CPE)range: < 2.14.21-r8
- (no CPE)range: < 2.14.21-r8
- (no CPE)range: < 3.0.23-r2
- (no CPE)range: < 3.0.23-r2
- (no CPE)range: < 3.1.12-r3
- (no CPE)range: < 3.1.12-r3
- (no CPE)range: < 3.2.6-r3
- (no CPE)range: < 3.2.6-r3
- (no CPE)range: < 3.0.23-r2
- (no CPE)range: < 3.0.23-r2
- (no CPE)range: < 3.1.12-r2
- (no CPE)range: < 3.1.12-r2
- (no CPE)range: < 3.2.6-r3
- (no CPE)range: < 3.2.6-r3
- (no CPE)range: < 1.1.0-r1
- (no CPE)range: < 1.1.0-r2
- (no CPE)range: < 1.9.10-r3
- (no CPE)range: < 1.9.10-r2
- (no CPE)range: < 3.6.19-r1
- (no CPE)range: < 3.7.10-r0
- (no CPE)range: < 3.6.18-r3
- (no CPE)range: < 3.7.10-r0
- (no CPE)range: < 3.6.19-r1
- (no CPE)range: < 3.7.10-r0
- (no CPE)range: < 3.6.18-r3
- (no CPE)range: < 3.7.10-r0
- (no CPE)range: < 0.7.1-r6
- (no CPE)range: < 0.51.0-r2
- (no CPE)range: < 0.51.0-r2
- (no CPE)range: < 0.51.0-r1
- (no CPE)range: < 0.51.0-r1
- (no CPE)range: < 0.2.203-r0
- (no CPE)range: < 0.2.206-r0
- (no CPE)range: < 2.69.3-r2
- (no CPE)range: < 8.17.10-r7
- (no CPE)range: < 8.18.8-r8
- (no CPE)range: < 8.19.11-r1
- (no CPE)range: < 9.0.8-r7
- (no CPE)range: < 9.1.10-r2
- (no CPE)range: < 9.2.5-r2
- (no CPE)range: < 8.17.10-r9
- (no CPE)range: < 8.18.8-r8
- (no CPE)range: < 8.19.11-r1
- (no CPE)range: < 9.0.8-r7
- (no CPE)range: < 9.1.10-r2
- (no CPE)range: < 9.2.5-r2
- (no CPE)range: < 1.20.5-r2
- (no CPE)range: < 2.0.7-r2
- (no CPE)range: < 2.1.4-r2
- (no CPE)range: < 1.20.5-r2
- (no CPE)range: < 2.0.7-r2
- (no CPE)range: < 2.1.4-r2
- (no CPE)range: < 2.2.0-r1
- (no CPE)range: < 0.19.11-r1
- (no CPE)range: < 1.3.2-r1
- (no CPE)range: < 2.5.1-r20
- (no CPE)range: < 2.6.4-r12
- (no CPE)range: < 2.7.5-r6
- (no CPE)range: < 2.5.1-r17
- (no CPE)range: < 2.6.4-r11
- (no CPE)range: < 2.7.5-r5
- (no CPE)range: < 1.0.4-r6
- (no CPE)range: < 1.0.4-r6
- (no CPE)range: < 1.7.3-r6
- (no CPE)range: < 1.7.3-r4
- (no CPE)range: < 0.41.0-r0
- (no CPE)range: < 1.7.4-r8
- (no CPE)range: < 1.7.4-r7
- (no CPE)range: < 2.0.3-r4
- (no CPE)range: < 2.0.3-r3
- (no CPE)range: < 18.6.6-r1
- (no CPE)range: < 18.7.4-r1
- (no CPE)range: < 18.8.4-r1
- (no CPE)range: < 18.6.5-r1
- (no CPE)range: < 18.7.4-r1
- (no CPE)range: < 18.8.4-r2
- (no CPE)range: < 1.25.4-r2
- (no CPE)range: < 1.25.4-r1
- (no CPE)range: < 18.1.6-r8
- (no CPE)range: < 18.3.6-r4
- (no CPE)range: < 18.4.6-r2
- (no CPE)range: < 18.5.5-r1
- (no CPE)range: < 18.6.6-r2
- (no CPE)range: < 18.7.4-r2
- (no CPE)range: < 18.8.4-r1
- (no CPE)range: < 18.1.6-r8
- (no CPE)range: < 18.3.6-r5
- (no CPE)range: < 18.4.6-r4
- (no CPE)range: < 18.5.5-r2
- (no CPE)range: < 18.6.6-r1
- (no CPE)range: < 18.7.4-r1
- (no CPE)range: < 18.8.4-r1
- (no CPE)range: < 18.6.6-r2
- (no CPE)range: < 18.7.2-r3
- (no CPE)range: < 18.8.0-r1
- (no CPE)range: < 18.6.6-r3
- (no CPE)range: < 18.7.2-r4
- (no CPE)range: < 18.8.0-r2
- (no CPE)range: < 18.6.6-r2
- (no CPE)range: < 18.7.2-r3
- (no CPE)range: < 18.8.0-r1
- (no CPE)range: < 18.6.6-r3
- (no CPE)range: < 18.7.2-r4
- (no CPE)range: < 18.8.0-r2
- (no CPE)range: < 0.14.0-r3
- (no CPE)range: < 5.0.0-r3
- (no CPE)range: < 5.0.0-r2
- (no CPE)range: < 20251028.00-r6
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 0.9.8-r4
- (no CPE)range: < 12.1.8-r1
- (no CPE)range: < 1.13.1-r0
- (no CPE)range: < 1.13.1-r0
- (no CPE)range: < 12.1.7-r1
- (no CPE)range: < 0.108.0-r0
- (no CPE)range: < 0.51.0-r1
- (no CPE)range: < 0.108.0-r0
- (no CPE)range: < 1.0.1-r6
- (no CPE)range: < 1.0.1-r6
- (no CPE)range: < 1.0.1-r6
- (no CPE)range: < 0.50.18-r3
- (no CPE)range: < 0.50.18-r3
- (no CPE)range: < 1.9.3-r1
- (no CPE)range: < 1.129.3-r2
- (no CPE)range: < 4.0.0-r1
- (no CPE)range: < 1.10.6-r3
- (no CPE)range: < 1.10.6-r2
- (no CPE)range: < 1.10.6-r3
- (no CPE)range: < 1.10.6-r2
- (no CPE)range: < 1.14.5-r7
- (no CPE)range: < 1.15.3-r2
- (no CPE)range: < 1.16.3-r4
- (no CPE)range: < 1.14.5-r7
- (no CPE)range: < 1.15.3-r2
- (no CPE)range: < 1.16.3-r4
- (no CPE)range: < 2.13.2-r1
- (no CPE)range: < 0.41.1-r1
- (no CPE)range: < 2.6.2-r2
- (no CPE)range: < 2.45.0-r2
- (no CPE)range: < 3.7.0-r2
- (no CPE)range: < 2.3.2-r4
- (no CPE)range: < 1.15.0-r1
- (no CPE)range: < 1.15.0-r2
- (no CPE)range: < 3.220.0-r0
- (no CPE)range: < 1.16.0-r26
- (no CPE)range: < 3.101.0-r0
- (no CPE)range: < 3.220.0-r0
- (no CPE)range: < 1.21.0-r2
- (no CPE)range: < 3.220.0-r0
- (no CPE)range: < 3.220.0-r0
- (no CPE)range: < 0.14.2-r3
- (no CPE)range: < 0.14.2-r2
- (no CPE)range: < 0.14.2-r3
- (no CPE)range: < 0.14.2-r2
- (no CPE)range: < 5.4.0-r6
- (no CPE)range: < 2.17.1-r6
- (no CPE)range: < 2.17.1-r3
- (no CPE)range: < 1.1302.1-r3
- (no CPE)range: < 0.19.0-r39
- (no CPE)range: < 0.19.0-r25
- (no CPE)range: < 2.3.5-r1
- (no CPE)range: < 1.42.0-r0
- (no CPE)range: < 1.42.0-r0
- (no CPE)range: < 0.59.6-r14
- (no CPE)range: < 0.62.9-r14
- (no CPE)range: < 0.65.7-r13
- (no CPE)range: < 0.68.1-r11
- (no CPE)range: < 0.59.6-r14
- (no CPE)range: < 0.62.9-r14
- (no CPE)range: < 0.65.7-r14
- (no CPE)range: < 0.68.1-r13
- (no CPE)range: < 17.7.19-r1
- (no CPE)range: < 18.6.7-r1
- (no CPE)range: < 18.6.8-r4
- (no CPE)range: < 1.28.14-r12
- (no CPE)range: < 0.25.2-r6
- (no CPE)range: < 0.69.1-r1
- (no CPE)range: < 0.69.1-r1
- (no CPE)range: < 0.29.0-r10
- (no CPE)range: < 0.29.0-r10
- (no CPE)range: < 3.93.2-r1
- (no CPE)range: < 3.93.1-r1
- (no CPE)range: < 0.10.2-r6
- (no CPE)range: < 0.39.0-r3
- (no CPE)range: < 0.10.8-r23
- (no CPE)range: < 0.10.8-r22
- (no CPE)range: < 0.71.1-r1
- (no CPE)range: < 2.1.14-r3
- (no CPE)range: < 1.1.6-r1
- (no CPE)range: < 2.13.9-r8
- (no CPE)range: < 2.13.9-r8
- (no CPE)range: < 2.14.21-r8
- (no CPE)range: < 2.14.21-r8
- (no CPE)range: < 3.0.23-r2
- (no CPE)range: < 3.0.23-r2
- (no CPE)range: < 3.1.12-r3
- (no CPE)range: < 3.1.12-r3
- (no CPE)range: < 3.2.6-r3
- (no CPE)range: < 3.2.6-r3
- (no CPE)range: < 1.1.0-r1
- (no CPE)range: < 1.9.10-r3
- (no CPE)range: < 3.7.10-r0
- (no CPE)range: < 3.7.10-r0
- (no CPE)range: < 0.7.1-r6
- (no CPE)range: < 0.51.0-r2
- (no CPE)range: < 0.51.0-r2
- (no CPE)range: < 2.69.3-r2
- (no CPE)range: < 2.1.4-r2
- (no CPE)range: < 0.19.11-r1
- (no CPE)range: < 1.3.2-r1
- (no CPE)range: < 2.5.1-r20
- (no CPE)range: < 2.6.4-r12
- (no CPE)range: < 2.7.5-r6
- (no CPE)range: < 1.0.4-r6
- (no CPE)range: < 1.7.3-r6
- (no CPE)range: < 0.41.0-r0
- (no CPE)range: < 1.7.4-r8
- (no CPE)range: < 18.6.6-r1
- (no CPE)range: < 18.7.4-r1
- (no CPE)range: < 18.8.4-r1
- (no CPE)range: < 1.25.4-r2
- (no CPE)range: < 18.6.6-r2
- (no CPE)range: < 18.7.2-r3
- (no CPE)range: < 18.8.0-r1
- (no CPE)range: < 18.6.6-r2
- (no CPE)range: < 18.7.2-r3
- (no CPE)range: < 18.8.0-r1
- (no CPE)range: < 0.14.0-r3
- (no CPE)range: < 5.0.0-r3
- (no CPE)range: < 2.14.0-r0
- (no CPE)range: < 0.9.8-r4
- (no CPE)range: < 12.1.8-r1
- (no CPE)range: < 1.13.1-r0
- (no CPE)range: < 0.108.0-r0
- (no CPE)range: < 1.0.1-r6
- (no CPE)range: < 1.0.1-r6
- (no CPE)range: < 1.0.1-r6
- (no CPE)range: < 0.50.18-r3
- (no CPE)range: < 1.9.3-r1
- (no CPE)range: < 1.129.3-r2
- (no CPE)range: < 4.0.0-r1
- (no CPE)range: < 1.10.6-r3
- (no CPE)range: < 1.10.6-r3
- (no CPE)range: < 1.14.5-r7
- (no CPE)range: < 1.15.3-r2
- (no CPE)range: < 1.16.3-r4
- (no CPE)range: < 0.41.1-r1
- (no CPE)range: < 2.45.0-r2
- (no CPE)range: < 3.7.0-r2
- (no CPE)range: < 2.3.2-r4
- (no CPE)range: < 3.220.0-r0
- (no CPE)range: < 1.16.0-r26
- (no CPE)range: < 3.101.0-r0
- (no CPE)range: < 3.220.0-r0
- (no CPE)range: < 1.21.0-r2
- (no CPE)range: < 3.220.0-r0
- (no CPE)range: < 3.220.0-r0
- (no CPE)range: < 0.14.2-r3
- (no CPE)range: < 0.14.2-r3
- (no CPE)range: < 5.4.0-r6
- (no CPE)range: < 2.17.1-r6
- (no CPE)range: < 1.1302.1-r3
- (no CPE)range: < 0.19.0-r39
- (no CPE)range: < 2.3.5-r1
- (no CPE)range: < 1.42.0-r0
- (no CPE)range: < 17.7.19-r1
- (no CPE)range: < 18.6.7-r1
- (no CPE)range: < 18.6.8-r4
- (no CPE)range: < 1.28.14-r12
- (no CPE)range: < 0.25.2-r6
- (no CPE)range: < 0.69.1-r1
- (no CPE)range: < 0.29.0-r10
- (no CPE)range: < 3.93.2-r1
- (no CPE)range: < 0.10.2-r6
- (no CPE)range: < 0.39.0-r3
- (no CPE)range: < 0.10.8-r23
- (no CPE)range: < 0.71.1-r1
- (no CPE)range: < 2.1.14-r3
- (no CPE)range: < 5.16.5
- (no CPE)range: < 1.15.1-1.1
- (no CPE)range: < 0.0.20260226T182644-150000.1.149.1
- (no CPE)range: < 2.0.0-150200.6.8.1
- (no CPE)range: < 3.0.0-150200.6.12.1
- (no CPE)range: < 3.0.0-150200.6.6.2
- (no CPE)range: < 3.0.0-150200.5.6.2
- (no CPE)range: < 0.70.0-1.1
- (no CPE)range: < 1.16.1-150700.15.20.1
- (no CPE)range: < 3.3.4624.0-4.49.1
- (no CPE)range: < 3.3.4624.0-150000.5.37.1
- (no CPE)range: < 3.3.4624.0-150000.5.37.1
- (no CPE)range: < 3.3.4624.0-150000.5.37.1
- (no CPE)range: < 3.3.4624.0-150000.5.37.1
- (no CPE)range: < 3.3.4624.0-160000.1.1
- (no CPE)range: < 3.3.4624.0-160000.1.1
- (no CPE)range: < 2.0.0-150200.6.8.1
- (no CPE)range: < 2.0.0-150200.6.8.1
- (no CPE)range: < 3.0.0-150200.6.12.1
- (no CPE)range: < 3.0.0-150200.6.12.1
- (no CPE)range: < 3.0.0-150200.6.6.2
- (no CPE)range: < 3.0.0-150200.6.6.2
- (no CPE)range: < 3.0.0-150200.5.6.2
- (no CPE)range: < 3.0.0-150200.5.6.2
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-37cx-329c-33x3ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-25934ghsaADVISORY
- github.com/go-git/go-git/releases/tag/v5.16.5ghsax_refsource_MISCWEB
- github.com/go-git/go-git/security/advisories/GHSA-37cx-329c-33x3ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.