Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
git git vulnerabilities and exploits
(subscribe to this query)
890
VMScore
CVE-2022-25900
All versions of package git-clone are vulnerable to Command Injection due to insecure usage of the --upload-pack feature of git.
Git-clone Project Git-clone
NA
CVE-2022-25912
The package simple-git prior to 3.15.0 are vulnerable to Remote Code Execution (RCE) when enabling the ext transport protocol, which makes it exploitable via clone() method. This vulnerability exists due to an incomplete fix of [CVE-2022-24066](https://security.snyk.io/vuln/SNYK-...
Simple-git Project Simple-git
668
VMScore
CVE-2022-24066
The package simple-git prior to 3.5.0 are vulnerable to Command Injection due to an incomplete fix of [CVE-2022-24433](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-2421199) which only patches against the git fetch attack vector. A similar use of the --upload-pack feature of gi...
Simple-git Project Simple-git
605
VMScore
CVE-2017-12976
git-annex prior to 6.20170818 allows remote malicious users to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, as demonstrated by an ssh://-eProxyCommand= URL, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-1000116, and CVE-20...
Git-annex Project Git-annex
NA
CVE-2023-49568
A denial of service (DoS) vulnerability exists in go-git versions prior to v5.11. This vulnerability allows an malicious user to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Appl...
Go-git Project Go-git
NA
CVE-2023-49569
A path traversal vulnerability exists in go-git versions prior to v5.11. This vulnerability allows an malicious user to create and amend files across the filesystem. In the worse case scenario, remote code execution could be achieved. Applications are only affected if they are us...
Go-git Project Go-git
1 Github repository
409
VMScore
CVE-2017-1000451
fs-git is a file system like api for git repository. The fs-git version 1.0.1 module relies on child_process.exec, however, the buildCommand method used to construct exec strings does not properly sanitize data and is vulnerable to command injection across all methods that use it...
Fs-git Project Fs-git
668
VMScore
CVE-2021-28955
git-bug prior to 0.7.2 has an Uncontrolled Search Path Element. It will execute git.bat from the current directory in certain PATH situations (most often seen on Windows).
Git-bug Project Git-bug
668
VMScore
CVE-2021-3190
The async-git package prior to 1.13.2 for Node.js allows OS Command Injection via shell metacharacters, as demonstrated by git.reset and git.tag.
Async-git Project Async-git
NA
CVE-2020-28422
All versions of package git-archive are vulnerable to Command Injection via the exports function.
Git-archive Project Git-archive
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »