Git For Windows
Products
2- 9 CVEs
- 9 CVEs
Recent CVEs
13| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-9274 | Hig | 0.51 | 7.8 | 0.01 | Nov 11, 2016 | Untrusted search path vulnerability in Git 1.x for Windows allows local users to gain privileges via a Trojan horse git.exe file in the current working directory. NOTE: 2.x is unaffected. | ||
| CVE-2026-32631 | Hig | 0.48 | 7.4 | 0.00 | Apr 15, 2026 | Git for Windows is the Windows port of Git. Versions prior to 2.53.0.windows.3 do not have protections that prevent attackers from obtaining a user's NTLM hash. The NTLM hash can be obtained by tricking users into cloning a malicious repository, or checking out a malicious… | ||
| CVE-2025-66413 | Hig | 0.48 | 7.4 | 0.00 | Mar 10, 2026 | Git for Windows is the Windows port of Git. Prior to 2.53.0(2), it is possible to obtain a user's NTLM hash by tricking them into cloning from a malicious server. Since NTLM hashing is weak, it is possible for the attacker to brute-force the user's account name and password.… | ||
| CVE-2022-41953 | 0.01 | — | 0.07 | Jan 17, 2023 | Git GUI is a convenient graphical tool that comes with Git for Windows. Its target audience is users who are uncomfortable with using Git on the command-line. Git GUI has a function to clone repositories. Immediately after the local clone is available, Git GUI will automatically… | |||
| CVE-2023-29012 | 0.00 | — | 0.00 | Apr 25, 2023 | Git for Windows is the Windows port of Git. Prior to version 2.40.1, any user of Git CMD who starts the command in an untrusted directory is impacted by an Uncontrolles Search Path Element vulnerability. Maliciously-placed `doskey.exe` would be executed silently upon running Git… | |||
| CVE-2023-29011 | 0.00 | — | 0.00 | Apr 25, 2023 | Git for Windows, the Windows port of Git, ships with an executable called `connect.exe`, which implements a SOCKS5 proxy that can be used to connect e.g. to SSH servers via proxies when certain ports are blocked for outgoing connections. The location of `connect.exe`'s config… | |||
| CVE-2023-25815 | 0.00 | — | 0.01 | Apr 25, 2023 | In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the `gettext()` function's… | |||
| CVE-2023-22743 | 0.00 | — | 0.00 | Feb 14, 2023 | Git for Windows is the Windows port of the revision control system Git. Prior to Git for Windows version 2.39.2, by carefully crafting DLL and putting into a subdirectory of a specific name living next to the Git for Windows installer, Windows can be tricked into side-loading… | |||
| CVE-2023-23618 | 0.00 | — | 0.00 | Feb 14, 2023 | Git for Windows is the Windows port of the revision control system Git. Prior to Git for Windows version 2.39.2, when `gitk` is run on Windows, it potentially runs executables from the current directory inadvertently, which can be exploited with some social engineering to trick… | |||
| CVE-2022-31012 | 0.00 | — | 0.00 | Jul 12, 2022 | Git for Windows is a fork of Git that contains Windows-specific patches. This vulnerability in versions prior to 2.37.1 lets Git for Windows' installer execute a binary into `C:\mingw64\bin\git.exe` by mistake. This only happens upon a fresh install, not when upgrading Git for… | |||
| CVE-2022-24767 | 0.00 | — | 0.01 | Apr 12, 2022 | GitHub: Git for Windows' uninstaller vulnerable to DLL hijacking when run under the SYSTEM user account. | |||
| CVE-2022-24765 | 0.00 | — | 0.01 | Apr 12, 2022 | Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\.git`, which would be… | |||
| CVE-2021-46101 | 0.00 | — | 0.01 | Jan 31, 2022 | In Git for windows through 2.34.1 when using git pull to update the local warehouse, git.cmd can be run directly. |
- risk 0.51cvss 7.8epss 0.01
Untrusted search path vulnerability in Git 1.x for Windows allows local users to gain privileges via a Trojan horse git.exe file in the current working directory. NOTE: 2.x is unaffected.
- risk 0.48cvss 7.4epss 0.00
Git for Windows is the Windows port of Git. Versions prior to 2.53.0.windows.3 do not have protections that prevent attackers from obtaining a user's NTLM hash. The NTLM hash can be obtained by tricking users into cloning a malicious repository, or checking out a malicious…
- risk 0.48cvss 7.4epss 0.00
Git for Windows is the Windows port of Git. Prior to 2.53.0(2), it is possible to obtain a user's NTLM hash by tricking them into cloning from a malicious server. Since NTLM hashing is weak, it is possible for the attacker to brute-force the user's account name and password.…
- CVE-2022-41953Jan 17, 2023risk 0.01cvss —epss 0.07
Git GUI is a convenient graphical tool that comes with Git for Windows. Its target audience is users who are uncomfortable with using Git on the command-line. Git GUI has a function to clone repositories. Immediately after the local clone is available, Git GUI will automatically…
- CVE-2023-29012Apr 25, 2023risk 0.00cvss —epss 0.00
Git for Windows is the Windows port of Git. Prior to version 2.40.1, any user of Git CMD who starts the command in an untrusted directory is impacted by an Uncontrolles Search Path Element vulnerability. Maliciously-placed `doskey.exe` would be executed silently upon running Git…
- CVE-2023-29011Apr 25, 2023risk 0.00cvss —epss 0.00
Git for Windows, the Windows port of Git, ships with an executable called `connect.exe`, which implements a SOCKS5 proxy that can be used to connect e.g. to SSH servers via proxies when certain ports are blocked for outgoing connections. The location of `connect.exe`'s config…
- CVE-2023-25815Apr 25, 2023risk 0.00cvss —epss 0.01
In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the `gettext()` function's…
- CVE-2023-22743Feb 14, 2023risk 0.00cvss —epss 0.00
Git for Windows is the Windows port of the revision control system Git. Prior to Git for Windows version 2.39.2, by carefully crafting DLL and putting into a subdirectory of a specific name living next to the Git for Windows installer, Windows can be tricked into side-loading…
- CVE-2023-23618Feb 14, 2023risk 0.00cvss —epss 0.00
Git for Windows is the Windows port of the revision control system Git. Prior to Git for Windows version 2.39.2, when `gitk` is run on Windows, it potentially runs executables from the current directory inadvertently, which can be exploited with some social engineering to trick…
- CVE-2022-31012Jul 12, 2022risk 0.00cvss —epss 0.00
Git for Windows is a fork of Git that contains Windows-specific patches. This vulnerability in versions prior to 2.37.1 lets Git for Windows' installer execute a binary into `C:\mingw64\bin\git.exe` by mistake. This only happens upon a fresh install, not when upgrading Git for…
- CVE-2022-24767Apr 12, 2022risk 0.00cvss —epss 0.01
GitHub: Git for Windows' uninstaller vulnerable to DLL hijacking when run under the SYSTEM user account.
- CVE-2022-24765Apr 12, 2022risk 0.00cvss —epss 0.01
Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\.git`, which would be…
- CVE-2021-46101Jan 31, 2022risk 0.00cvss —epss 0.01
In Git for windows through 2.34.1 when using git pull to update the local warehouse, git.cmd can be run directly.