VYPR

Git

by Git

Source repositories

CVEs (58)

  • CVE-2017-1000117HigOct 5, 2017
    risk 0.66cvss 8.8epss 0.78

    A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an…

  • CVE-2015-7545CriApr 13, 2016
    risk 0.65cvss 9.8epss 0.20

    The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed protocols, which might allow remote attackers to execute arbitrary code via a URL in…

  • CVE-2017-14867HigSep 29, 2017
    risk 0.60cvss 8.8epss 0.36

    Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The…

  • CVE-2016-2324CriApr 8, 2016
    risk 0.58cvss 9.8epss 0.19

    Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow.

  • CVE-2016-2315CriApr 8, 2016
    risk 0.58cvss 9.8epss 0.18

    revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow.

  • CVE-2025-46334HigJul 10, 2025
    risk 0.56cvss 8.6epss 0.00

    Git GUI allows you to use the Git source control management tools via a GUI. A malicious repository can ship versions of sh.exe or typical textconv filter programs such as astextplain. Due to the unfortunate design of Tcl on Windows, the search path when looking for an…

  • CVE-2025-46835HigJul 10, 2025
    risk 0.55cvss 8.5epss 0.00

    Git GUI allows you to use the Git source control management tools via a GUI. When a user clones an untrusted repository and is tricked into editing a file located in a maliciously named directory in the repository, then Git GUI can create and overwrite files for which the user…

  • CVE-2018-11235HigMay 30, 2018
    risk 0.55cvss 7.8epss 0.49

    In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone…

  • CVE-2014-9938HigMar 20, 2017
    risk 0.50cvss 8.8epss 0.02

    contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution.

  • CVE-2025-27614HigJul 10, 2025
    risk 0.49cvss 8.6epss 0.00

    Gitk is a Tcl/Tk based Git history browser. Starting with 2.41.0, a Git repository can be crafted in such a way that with some social engineering a user who has cloned the repository can be tricked into running any script (e.g., Bourne shell, Perl, Python, ...) supplied by the…

  • CVE-2025-48385HigJul 8, 2025
    risk 0.49cvss epss 0.01

    Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When cloning a repository Git knows to optionally fetch a bundle advertised by the remote server, which allows…

  • CVE-2018-11233HigMay 30, 2018
    risk 0.49cvss 7.5epss 0.04

    In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.

  • CVE-2025-66413HigMar 10, 2026
    risk 0.48cvss 7.4epss 0.00

    Git for Windows is the Windows port of Git. Prior to 2.53.0(2), it is possible to obtain a user's NTLM hash by tricking them into cloning from a malicious server. Since NTLM hashing is weak, it is possible for the attacker to brute-force the user's account name and password.…

  • CVE-2017-15298MedOct 14, 2017
    risk 0.36cvss 5.5epss 0.02

    Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service (memory consumption) via a crafted repository, aka a Git bomb. This can also have an impact of disk consumption; however, an affected process typically would not…

  • CVE-2025-48386MedJul 8, 2025
    risk 0.34cvss 6.3epss 0.00

    Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The wincred credential helper uses a static buffer (target) as a unique key for storing and comparing against…

  • CVE-2018-1000021MedFeb 9, 2018
    risk 0.33cvss 5.0epss 0.01

    GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their…

  • CVE-2025-27613LowJul 10, 2025
    risk 0.23cvss 3.6epss 0.00

    Gitk is a Tcl/Tk based Git history browser. Starting with 1.7.0, when a user clones an untrusted repository and runs gitk without additional command arguments, files for which the user has write permission can be created and truncated. The option Support per-file encoding must…

  • CVE-2025-48384KEVJul 8, 2025
    risk 0.12cvss epss 0.03

    Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config…

  • CVE-2018-17456CriOct 6, 2018
    risk 0.11cvss 9.8epss 0.97

    Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a…

  • CVE-2021-21300Mar 9, 2021
    risk 0.10cvss epss 0.89

    Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a…

Page 1 of 3