Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
git project git vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2020-5260
Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external "credential helper" programs to store and retrieve passwords or other credentials from secure storage provide...
Git Git
Git-scm Git
Debian Debian Linux 8.0
Canonical Ubuntu Linux 16.04
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
Fedoraproject Fedora 30
Opensuse Leap 15.1
Canonical Ubuntu Linux 19.10
Fedoraproject Fedora 31
Fedoraproject Fedora 32
2 Github repositories
7.8
CVSSv3
CVE-2022-24765
Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\.git`, which would be picked...
Git-scm Git
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Apple Xcode
Debian Debian Linux 10.0
5 Github repositories
1 Article
9.8
CVSSv3
CVE-2022-24439
All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes ex...
Gitpython Project Gitpython
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Fedoraproject Fedora 38
Debian Debian Linux 10.0
2 Github repositories
7.8
CVSSv3
CVE-2016-10075
The tqdm._version module in tqdm versions 4.4.1 and 4.10 allows local users to execute arbitrary code via a crafted repo with a malicious git log in the current working directory.
Tqdm Project Tqdm 4.4.1
Tqdm Project Tqdm 4.10
9.8
CVSSv3
CVE-2023-40267
GitPython prior to 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.
Gitpython Project Gitpython
6.5
CVSSv3
CVE-2023-41040
GitPython is a python library used to interact with Git repositories. In order to resolve some git references, GitPython reads files from the `.git` directory, in some places the name of the file being read is provided by the user, GitPython doesn't check if this file is lo...
Gitpython Project Gitpython
1 Github repository
7.8
CVSSv3
CVE-2023-40590
GitPython is a python library used to interact with Git repositories. When resolving a program, Python/Windows look for the current working directory, and after that the PATH environment. GitPython defaults to use the `git` command, if a user runs GitPython from a repo has a `gi...
Gitpython Project Gitpython
2 Github repositories
8.8
CVSSv3
CVE-2022-25766
The package ungit prior to 1.5.20 are vulnerable to Remote Code Execution (RCE) via argument injection. The issue occurs when calling the /api/fetch endpoint. User controlled values (remote and ref) are passed to the git fetch command. By injecting some git options it was possibl...
Ungit Project Ungit
1 Github repository
8.8
CVSSv3
CVE-2017-12426
GitLab Community Edition (CE) and Enterprise Edition (EE) prior to 8.17.8, 9.0.x prior to 9.0.13, 9.1.x prior to 9.1.10, 9.2.x prior to 9.2.10, 9.3.x prior to 9.3.10, and 9.4.x prior to 9.4.4 might allow remote malicious users to execute arbitrary code via a crafted SSH URL in a ...
Gitlab Gitlab 9.2.2
Gitlab Gitlab 9.0.9
Gitlab Gitlab 9.0.2
Gitlab Gitlab 9.4.0
Gitlab Gitlab 9.0.8
Gitlab Gitlab 9.0.1
Gitlab Gitlab 9.0.6
Gitlab Gitlab 9.3.4
Gitlab Gitlab 9.1.6
Gitlab Gitlab 9.0.12
Gitlab Gitlab 9.3.6
Gitlab Gitlab 9.2.8
Gitlab Gitlab 9.1.7
Gitlab Gitlab 9.1.1
Gitlab Gitlab 9.2.4
Gitlab Gitlab 9.3.2
Gitlab Gitlab 9.0.5
Gitlab Gitlab 9.1.8
Gitlab Gitlab 9.3.1
Gitlab Gitlab 9.2.1
Gitlab Gitlab 9.0.0
Gitlab Gitlab 9.1.4
7.5
CVSSv3
CVE-2016-10129
The Git Smart Protocol support in libgit2 prior to 0.24.6 and 0.25.x prior to 0.25.1 allows remote malicious users to cause a denial of service (NULL pointer dereference) via an empty packet line.
Libgit2 Project Libgit2
Libgit2 Project Libgit2 0.25.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29824
CVE-2024-30095
CVE-2024-30104
client side
CVE-2024-5840
CVE-2024-34405
unprivileged
wireless
CVE-2024-4577
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »