Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
git project git vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2018-10857
git-annex is vulnerable to a private data exposure and exfiltration attack. It could expose the content of files located outside the git-annex repository, or content from a private web server on localhost or the LAN.
Git-annex Project Git-annex -
Debian Debian Linux 8.0
7.8
CVSSv3
CVE-2021-21237
Git LFS is a command line extension for managing large files with Git. On Windows, if Git LFS operates on a malicious repository with a git.bat or git.exe file in the current directory, that program would be executed, permitting the malicious user to execute arbitrary code. This ...
Git Large File Storage Project Git Large File Storage
9.8
CVSSv3
CVE-2021-32673
reg-keygen-git-hash-plugin is a reg-suit plugin to detect the snapshot key to be compare with using Git commit hash. reg-keygen-git-hash-plugin through and including 0.10.15 allow remote malicious users to execute of arbitrary commands. Upgrade to version 0.10.16 or later to reso...
Reg-keygen-git-hash Project Reg-keygen-git-hash
8.8
CVSSv3
CVE-2017-17831
GitHub Git LFS prior to 2.1.1 allows remote malicious users to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, located on a "url =" line in a .lfsconfig file within a repository.
Git Large File Storage Project Git Large File Storage
9.8
CVSSv3
CVE-2020-27955
Git LFS 2.12.0 allows Remote Code Execution.
Git Large File Storage Project Git Large File Storage 2.12.0
21 Github repositories
8
CVSSv3
CVE-2022-47318
ruby-git versions prior to v1.13.0 allows a remote authenticated malicious user to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. This vulnerability is different from CVE-2022-46648.
Ruby-git Project Ruby-git
Debian Debian Linux 10.0
Fedoraproject Fedora 37
2.2
CVSSv3
CVE-2023-25815
In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the `gettext()` function's ...
Git For Windows Project Git For Windows
Fedoraproject Fedora 37
Fedoraproject Fedora 38
7.8
CVSSv3
CVE-2022-24767
GitHub: Git for Windows' uninstaller vulnerable to DLL hijacking when run under the SYSTEM user account.
Microsoft Visual Studio 2022
Microsoft Visual Studio 2017
Microsoft Visual Studio 2019
Git For Windows Project Git For Windows
5.5
CVSSv3
CVE-2013-1425
ldap-git-backup prior to 1.0.4 exposes password hashes due to incorrect directory permissions.
Ldap Git Backup Project Ldap Git Backup
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
7.5
CVSSv3
CVE-2020-5260
Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external "credential helper" programs to store and retrieve passwords or other credentials from secure storage provide...
Git Git
Git-scm Git
Debian Debian Linux 8.0
Canonical Ubuntu Linux 16.04
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
Fedoraproject Fedora 30
Opensuse Leap 15.1
Canonical Ubuntu Linux 19.10
Fedoraproject Fedora 31
Fedoraproject Fedora 32
2 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »