VYPR

Vendor CVEs

Git

All CVEs

60 total · sorted by risk
  • CVE-2017-1000117HigOct 5, 2017
    risk 0.66cvss 8.8epss 0.78

    A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an…

  • CVE-2015-7545CriApr 13, 2016
    risk 0.65cvss 9.8epss 0.20

    The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed protocols, which might allow remote attackers to execute arbitrary code via a URL in…

  • CVE-2017-14867HigSep 29, 2017
    risk 0.60cvss 8.8epss 0.36

    Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The…

  • CVE-2017-8386HigJun 1, 2017
    risk 0.58cvss 8.8epss 0.12

    git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository…

  • CVE-2016-2324CriApr 8, 2016
    risk 0.58cvss 9.8epss 0.19

    Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow.

  • CVE-2016-2315CriApr 8, 2016
    risk 0.58cvss 9.8epss 0.18

    revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow.

  • CVE-2025-46334HigJul 10, 2025
    risk 0.56cvss 8.6epss 0.00

    Git GUI allows you to use the Git source control management tools via a GUI. A malicious repository can ship versions of sh.exe or typical textconv filter programs such as astextplain. Due to the unfortunate design of Tcl on Windows, the search path when looking for an…

  • CVE-2025-46835HigJul 10, 2025
    risk 0.55cvss 8.5epss 0.00

    Git GUI allows you to use the Git source control management tools via a GUI. When a user clones an untrusted repository and is tricked into editing a file located in a maliciously named directory in the repository, then Git GUI can create and overwrite files for which the user…

  • CVE-2018-11235HigMay 30, 2018
    risk 0.55cvss 7.8epss 0.49

    In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone…

  • CVE-2016-9274HigNov 11, 2016
    risk 0.51cvss 7.8epss 0.01

    Untrusted search path vulnerability in Git 1.x for Windows allows local users to gain privileges via a Trojan horse git.exe file in the current working directory. NOTE: 2.x is unaffected.

  • CVE-2014-9938HigMar 20, 2017
    risk 0.50cvss 8.8epss 0.02

    contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution.

  • CVE-2025-27614HigJul 10, 2025
    risk 0.49cvss 8.6epss 0.00

    Gitk is a Tcl/Tk based Git history browser. Starting with 2.41.0, a Git repository can be crafted in such a way that with some social engineering a user who has cloned the repository can be tricked into running any script (e.g., Bourne shell, Perl, Python, ...) supplied by the…

  • CVE-2025-48385HigJul 8, 2025
    risk 0.49cvss epss 0.01

    Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When cloning a repository Git knows to optionally fetch a bundle advertised by the remote server, which allows…

  • CVE-2018-11233HigMay 30, 2018
    risk 0.49cvss 7.5epss 0.04

    In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.

  • CVE-2025-66413HigMar 10, 2026
    risk 0.48cvss 7.4epss 0.00

    Git for Windows is the Windows port of Git. Prior to 2.53.0(2), it is possible to obtain a user's NTLM hash by tricking them into cloning from a malicious server. Since NTLM hashing is weak, it is possible for the attacker to brute-force the user's account name and password.…

  • CVE-2017-15298MedOct 14, 2017
    risk 0.36cvss 5.5epss 0.02

    Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service (memory consumption) via a crafted repository, aka a Git bomb. This can also have an impact of disk consumption; however, an affected process typically would not…

  • CVE-2025-48386MedJul 8, 2025
    risk 0.34cvss 6.3epss 0.00

    Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The wincred credential helper uses a static buffer (target) as a unique key for storing and comparing against…

  • CVE-2018-1000021MedFeb 9, 2018
    risk 0.33cvss 5.0epss 0.01

    GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their…

  • CVE-2025-27613LowJul 10, 2025
    risk 0.23cvss 3.6epss 0.00

    Gitk is a Tcl/Tk based Git history browser. Starting with 1.7.0, when a user clones an untrusted repository and runs gitk without additional command arguments, files for which the user has write permission can be created and truncated. The option Support per-file encoding must…

  • CVE-2025-48384KEVJul 8, 2025
    risk 0.12cvss epss 0.03

    Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config…

  • CVE-2018-17456CriOct 6, 2018
    risk 0.11cvss 9.8epss 0.97

    Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a…

  • CVE-2021-21300Mar 9, 2021
    risk 0.10cvss epss 0.89

    Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a…

  • CVE-2022-23521Jan 17, 2023
    risk 0.05cvss epss 0.56

    Git is distributed revision control system. gitattributes are a mechanism to allow defining attributes for paths. These attributes can be defined by adding a `.gitattributes` file to the repository, which contains a set of file patterns and the attributes that should be set for…

  • CVE-2023-25652Apr 25, 2023
    risk 0.04cvss epss 0.52

    Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially…

  • CVE-2022-41903Jan 17, 2023
    risk 0.04cvss epss 0.44

    Git is distributed revision control system. `git log` can display commits in an arbitrary format using its `--format` specifiers. This functionality is also exposed to `git archive` via the `export-subst` gitattribute. When processing the padding operators, there is a integer…

  • CVE-2008-5517Jan 13, 2009
    risk 0.04cvss epss 0.12

    The web interface in git (gitweb) 1.5.x before 1.5.6 allows remote attackers to execute arbitrary commands via shell metacharacters related to (1) git_snapshot and (2) git_object.

  • CVE-2010-3906Dec 17, 2010
    risk 0.03cvss epss 0.06

    Cross-site scripting (XSS) vulnerability in Gitweb 1.7.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) f and (2) fp parameters.

  • CVE-2009-2108Jun 18, 2009
    risk 0.03cvss epss 0.06

    git-daemon in git 1.4.4.5 through 1.6.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a request containing extra unrecognized arguments.

  • CVE-2024-32002May 14, 2024
    risk 0.02cvss epss 0.25

    Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into…

  • CVE-2024-52005Jan 15, 2025
    risk 0.00cvss epss 0.00

    Git is a source code management tool. When cloning from a server (or fetching, or pushing), informational or error messages are transported from the remote Git process to the client via the so-called "sideband channel". These messages will be prefixed with "remote:" and printed…

  • CVE-2024-50349Jan 14, 2025
    risk 0.00cvss epss 0.01

    Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When Git asks for credentials via a terminal prompt (i.e. without using any credential helper), it prints out…

  • CVE-2024-52006Jan 14, 2025
    risk 0.00cvss epss 0.01

    Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. Git defines a line-based protocol that is used to exchange information between Git and Git credential helpers.…

  • CVE-2024-32465May 14, 2024
    risk 0.00cvss epss 0.01

    Git is a revision control system. The Git project recommends to avoid working in untrusted repositories, and instead to clone it first with `git clone --no-local` to obtain a clean copy. Git has specific protections to make that a safe operation even with an untrusted source…

  • CVE-2024-32021May 14, 2024
    risk 0.00cvss epss 0.01

    Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, when cloning a local source repository that contains symlinks via the filesystem, Git may create hardlinks to arbitrary user-readable files on the same filesystem as…

  • CVE-2024-32020May 14, 2024
    risk 0.00cvss epss 0.01

    Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, local clones may end up hardlinking files into the target repository's object database when source and target repository reside on the same disk. If the source…

  • CVE-2024-32004May 14, 2024
    risk 0.00cvss epss 0.01

    Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can prepare a local repository in such a way that, when cloned, will execute arbitrary code during the operation. The problem has been patched in versions…

  • CVE-2023-29007Apr 25, 2023
    risk 0.00cvss epss 0.06

    Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug in…

  • CVE-2023-23946Feb 14, 2023
    risk 0.00cvss epss 0.01

    Git, a revision control system, is vulnerable to path traversal prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8. By feeding a crafted input to `git apply`, a path outside the working tree can be overwritten as the user who is…

  • CVE-2023-22490Feb 14, 2023
    risk 0.00cvss epss 0.01

    Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8 can be tricked into using its local clone optimization even when using a non-local transport. Though…

  • CVE-2022-39260Oct 19, 2022
    risk 0.00cvss epss 0.03

    Git is an open source, scalable, distributed revision control system. `git shell` is a restricted login shell that can be used to implement Git's push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the…

  • CVE-2022-39253Oct 19, 2022
    risk 0.00cvss epss 0.01

    Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and…

  • CVE-2022-29187Jul 12, 2022
    risk 0.00cvss epss 0.00

    Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765,…

  • CVE-2022-25648Apr 19, 2022
    risk 0.00cvss epss 0.05

    The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. When calling the fetch(remote = 'origin', opts = {}) function, the remote parameter is passed to the git fetch subcommand in a way that additional flags can be set. The additional flags…

  • CVE-2021-23632Mar 17, 2022
    risk 0.00cvss epss 0.02

    All versions of package git are vulnerable to Remote Code Execution (RCE) due to missing sanitization in the Git.git method, which allows execution of OS commands rather than just git commands. Steps to Reproduce 1. Create a file named exploit.js with the following content: js…

  • CVE-2022-24975Feb 11, 2022
    risk 0.00cvss epss 0.03

    The --mirror documentation for Git through 2.35.1 does not mention the availability of deleted content, aka the "GitBleed" issue. This could present a security risk if information-disclosure auditing processes rely on a clone operation without the --mirror option. Note: This has…

  • CVE-2021-40330Aug 31, 2021
    risk 0.00cvss epss 0.03

    git_connect_git in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in unexpected cross-protocol requests, as demonstrated by the git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 substring.

  • CVE-2020-11008Apr 21, 2020
    risk 0.00cvss epss 0.04

    Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that bug still left the door open for an exploit where _some_…

  • CVE-2020-5260Apr 14, 2020
    risk 0.00cvss epss 0.10

    Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external "credential helper" programs to store and retrieve passwords or other credentials from secure storage provided by the…

  • CVE-2019-1348Jan 24, 2020
    risk 0.00cvss epss 0.00

    An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting…

  • CVE-2019-1353Jan 24, 2020
    risk 0.00cvss epss 0.02

    An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known as "WSL") while accessing a working directory on a regular Windows drive, none…

Page 1 of 2