VYPR
Vendor

Go Git

Products
2
CVEs
13
Across products
13
Status
Private

Products

2

Recent CVEs

13
  • CVE-2026-45570CriMay 27, 2026
    risk 0.55cvss 9.6epss 0.00

    go-git is an extensible git implementation library written in pure Go. Prior to 5.19.1 and 6.0.0-alpha.4, go-git's SSH transport constructs the remote exec command by wrapping the repository path in single quotes without escaping single quotes embedded inside the path. A…

  • CVE-2026-44973HigMay 28, 2026
    risk 0.46cvss 8.1epss 0.00

    Billy is an interface filesystem abstraction for Go. Prior to 5.9.0, multiple path traversal issues exist across different components of go-billy. Insufficient path sanitization and boundary enforcement may allow crafted paths (e.g., using ..) to escape intended base…

  • CVE-2026-45022HigMay 27, 2026
    risk 0.42cvss 7.5epss 0.00

    go-git is an extensible git implementation library written in pure Go. Prior to 5.19.0 and 6.0.0-alpha.3, go-git may parse malformed Git objects in a way that differs from upstream Git. When commit or tag objects contain ambiguous or malformed headers, go-git’s decoded…

  • CVE-2026-44740MedJun 1, 2026
    risk 0.35cvss 6.5epss 0.00

    Billy is an interface filesystem abstraction for Go. Prior to versions 5.9.0 and 6.0.0-alpha.1, multiple components may improperly handle crafted or malformed input, resulting in panics, infinite loops, uncontrolled recursion, or excessive resource consumption. These issues…

  • CVE-2026-45571MedMay 27, 2026
    risk 0.28cvss 5.4epss 0.00

    go-git is an extensible git implementation library written in pure Go. Prior to 5.19.1 and 6.0.0-alpha.4, a path validation issue in go-git could allow crafted repository data to affect files outside the intended checkout target, including the repository's .git directory. These…

  • CVE-2026-34165MedMar 31, 2026
    risk 0.26cvss 5.0epss 0.00

    go-git is an extensible git implementation library written in pure Go. From version 5.0.0 to before version 5.17.1, a vulnerability has been identified in which a maliciously crafted .idx file can cause asymmetric memory consumption, potentially exhausting available memory and…

  • CVE-2026-41506MedMay 8, 2026
    risk 0.24cvss 4.7epss 0.00

    go-git is an extensible git implementation library written in pure Go. Prior to versions 5.18.0 and 6.0.0-alpha.2, go-git may leak HTTP authentication credentials when following redirects during smart-HTTP clone and fetch operations. This issue has been patched in versions…

  • CVE-2026-33762LowMar 31, 2026
    risk 0.11cvss 2.8epss 0.00

    go-git is an extensible git implementation library written in pure Go. Prior to version 5.17.1, go-git’s index decoder for format version 4 fails to validate the path name prefix length before applying it to the previously decoded path name. A maliciously crafted index file…

  • CVE-2026-25934Feb 9, 2026
    risk 0.00cvss epss 0.00

    go-git is a highly extensible git implementation library written in pure Go. Prior to 5.16.5, a vulnerability was discovered in go-git whereby data integrity values for .pack and .idx files were not properly verified. This resulted in go-git potentially consuming corrupted…

  • CVE-2025-21614Jan 6, 2025
    risk 0.00cvss epss 0.01

    go-git is a highly extensible git implementation library written in pure Go. A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.13. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted…

  • CVE-2025-21613Jan 6, 2025
    risk 0.00cvss epss 0.01

    go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack…

  • CVE-2023-49569Jan 12, 2024
    risk 0.00cvss epss 0.02

    A path traversal vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to create and amend files across the filesystem. In the worse case scenario, remote code execution could be achieved. Applications are only affected if they…

  • CVE-2023-49568Jan 12, 2024
    risk 0.00cvss epss 0.01

    A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. …