Where
-Infinity
0

Trending

Last week
Last month
Last year

git: 2 vulnerabilities fixed

First published (updated )
https://seclists.org/oss-sec/2025/q1/30

Git gitGit is a source code management tool. When cloning from a server (or fetching, or pushing), informat…

Risk 19
Severity
4
First published (updated )
REDHAT-BUG-2338289

Pagure PagureAn argument injection on Git during retrieval of repository history leads to remote code execution o…

Risk 79
First published (updated )
REDHAT-BUG-2315805

redhat/gitGit's recursive clones on case-insensitive filesystems that support symlinks are susceptible to Remote Code Execution

Risk 84
Severity
9.1
First published (updated )
CVE-2024-32002

git-scm GitArbitrary configuration injection via `git submodule deinit`

Risk 72
Severity
7.8
First published (updated )
CVE-2023-29007
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

git-scm Git"git apply --reject" partially-controlled arbitrary file write

Risk 46
Severity
7.5
First published (updated )
CVE-2023-25652

git-scm GitGit vulnerable to local clone-based data exfiltration with non-local transports

Risk 33
Severity
5.5
First published (updated )
CVE-2023-22490

Git gitBy feeding a crafted input to "git apply", a path outside the working tree can be overwritten as the…

Risk 19
Severity
4
First published (updated )
REDHAT-BUG-2168161

Git gitUsing a specially-crafted repository, Git can be tricked into using its local clone optimization eve…

Risk 19
Severity
4
First published (updated )
REDHAT-BUG-2168160

git-scm GitGit's `git apply` overwriting paths outside the working tree

Risk 45
Severity
7.5
First published (updated )
CVE-2023-23946
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

git-scm GitGit clone remote code execution vulnerability in git-for-windows

Risk 70
Severity
8.6
First published (updated )
CVE-2022-41953

git-scm Gitgitattributes parsing integer overflow in git

Risk 89
Severity
9.8
First published (updated )
CVE-2022-23521

git-scm GitInteger overflow in `git archive`, `git log --format` leading to RCE in git

Risk 89
Severity
9.8
First published (updated )
CVE-2022-41903

redhat/gitGit subject to exposure of sensitive information via local clone of symbolic links

Risk 34
Severity
5.5
First published (updated )
CVE-2022-39253

redhat/gitGit vulnerable to Remote Code Execution via Heap overflow in `git shell`

Risk 81
Severity
8.8
First published (updated )
CVE-2022-39260
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

redhat/gitBypass of safe.directory protections in Git

Risk 73
Severity
7.8
First published (updated )
CVE-2022-29187

Fedoraproject FedoraCommand Injection

Risk 88
Severity
9.8
First published (updated )
CVE-2022-25648

Git Project Git Node.jsRemote Code Execution (RCE)

Risk 86
Severity
9.8
First published (updated )
CVE-2021-23632

git-scm GitThe --mirror documentation for Git through 2.35.1 does not mention the availability of deleted conte…

Risk 43
Severity
7.5
First published (updated )
CVE-2022-24975

git-scm Gitgit_connect_git in connect.c in Git before 2.30.1 allows a repository path to contain a newline char…

Risk 43
Severity
7.5
First published (updated )
CVE-2021-40330
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

git-scm Gitmalicious repositories can execute remote code while cloning

Risk 59
Severity
8
First published (updated )
CVE-2021-21300

git-scm GitMalicious URLs can still cause Git to send a stored credential to the wrong server

Risk 45
Severity
7.5
First published (updated )
CVE-2020-11008

git-scm GitInput Validation

Risk 89
Severity
9.8
First published (updated )
CVE-2014-9390

git-scm GitAn issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.1…

Risk 86
Severity
9.8
First published (updated )
CVE-2019-1353

git-scm GitDependency Update

Risk 79
Severity
9.3
First published (updated )
CVE-2019-19604
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

git-scm GitRecursive clones are currently affected by a vulnerability that is caused by too-lax validation of s…

Risk 77
Severity
8.8
First published (updated )
CVE-2019-1387

git-scm GitInput Validation

Risk 25
Severity
3.6
First published (updated )
CVE-2019-1348

git-scm GitInput Validation

Risk 77
Severity
8.8
First published (updated )
CVE-2018-1000021

git-scm GitA flaw was found in the way the Git client handles "ssh://" URLs. A maliciously crafted "ssh://" URL…

Risk 77
Severity
8.8
First published (updated )
CVE-2017-1000117

redhat/gitcontrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 varia…

Risk 77
Severity
8.8
First published (updated )
CVE-2014-9938
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203