Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
git vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2017-17831
GitHub Git LFS prior to 2.1.1 allows remote malicious users to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, located on a "url =" line in a .lfsconfig file within a repository.
Git Large File Storage Project Git Large File Storage
9.8
CVSSv3
CVE-2021-32673
reg-keygen-git-hash-plugin is a reg-suit plugin to detect the snapshot key to be compare with using Git commit hash. reg-keygen-git-hash-plugin through and including 0.10.15 allow remote malicious users to execute of arbitrary commands. Upgrade to version 0.10.16 or later to reso...
Reg-keygen-git-hash Project Reg-keygen-git-hash
9.8
CVSSv3
CVE-2020-27955
Git LFS 2.12.0 allows Remote Code Execution.
Git Large File Storage Project Git Large File Storage 2.12.0
21 Github repositories
5.3
CVSSv3
CVE-2020-10871
In OpenWrt LuCI git-20.x, remote unauthenticated attackers can retrieve the list of installed packages and services. NOTE: the vendor disputes the significance of this report because, for instances reachable by an unauthenticated actor, the same information is available in other ...
Openwrt Luci Git-20.049.11521-bebfe20
Openwrt Luci Git-20.078.22902-0ed0d42
8
CVSSv3
CVE-2022-47318
ruby-git versions prior to v1.13.0 allows a remote authenticated malicious user to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. This vulnerability is different from CVE-2022-46648.
Ruby-git Project Ruby-git
Debian Debian Linux 10.0
Fedoraproject Fedora 37
2.2
CVSSv3
CVE-2023-25815
In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the `gettext()` function's ...
Git For Windows Project Git For Windows
Fedoraproject Fedora 37
Fedoraproject Fedora 38
6.5
CVSSv3
CVE-2022-38663
Jenkins Git Plugin 4.11.4 and previous versions does not properly mask (i.e., replace with asterisks) credentials in the build log provided by the Git Username and Password (`gitUsernamePassword`) credentials binding.
Jenkins Git
7.5
CVSSv3
CVE-2021-46101
In Git for windows up to and including 2.34.1 when using git pull to update the local warehouse, git.cmd can be run directly.
Gitforwindows Git
7.3
CVSSv3
CVE-2022-31012
Git for Windows is a fork of Git that contains Windows-specific patches. This vulnerability in versions before 2.37.1 lets Git for Windows' installer execute a binary into `C:\mingw64\bin\git.exe` by mistake. This only happens upon a fresh install, not when upgrading Git for...
Gitforwindows Git
7.4
CVSSv3
CVE-2021-34599
Affected versions of CODESYS Git in Versions prior to V1.1.0.0 lack certificate validation in HTTPS handshakes. CODESYS Git does not implement certificate validation by default, so it does not verify that the server provides a valid and trusted HTTPS certificate. Since the certif...
Codesys Git
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »