VYPR

Go modules package

github.com/go-git/go-billy/v6

pkg:golang/github.com/go-git/go-billy/v6

Vulnerabilities (2)

  • CVE-2026-44740MedJun 1, 2026
    affected < 6.0.0-alpha.1fixed 6.0.0-alpha.1

    Billy is an interface filesystem abstraction for Go. Prior to versions 5.9.0 and 6.0.0-alpha.1, multiple components may improperly handle crafted or malformed input, resulting in panics, infinite loops, uncontrolled recursion, or excessive resource consumption. These issues arise

  • CVE-2026-44973HigMay 28, 2026
    affected < 6.0.0-alpha.1fixed 6.0.0-alpha.1

    Billy is an interface filesystem abstraction for Go. Prior to 5.9.0, multiple path traversal issues exist across different components of go-billy. Insufficient path sanitization and boundary enforcement may allow crafted paths (e.g., using ..) to escape intended base directories.