Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
git project git vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2021-23632
All versions of package git are vulnerable to Remote Code Execution (RCE) due to missing sanitization in the Git.git method, which allows execution of OS commands rather than just git commands. Steps to Reproduce 1. Create a file named exploit.js with the following content: js va...
Git Project Git
890
VMScore
CVE-2015-7082
Multiple unspecified vulnerabilities in Git prior to 2.5.4, as used in Apple Xcode prior to 7.2, have unknown impact and attack vectors. NOTE: this CVE is associated only with Xcode use cases.
Git Project Git
668
VMScore
CVE-2008-3546
Stack-based buffer overflow in the (1) diff_addremove and (2) diff_change functions in GIT prior to 1.5.6.4 might allow local users to execute arbitrary code via a PATH whose length is larger than the system's PATH_MAX when running GIT utilities such as git-diff or git-grep.
Git Git 1.5.5.3
Git Git 1.5.5.4
Git Git 1.5.6.1
Git Git 1.5.6.2
Git Git 1.5.6.3
668
VMScore
CVE-2021-28955
git-bug prior to 0.7.2 has an Uncontrolled Search Path Element. It will execute git.bat from the current directory in certain PATH situations (most often seen on Windows).
Git-bug Project Git-bug
668
VMScore
CVE-2021-3190
The async-git package prior to 1.13.2 for Node.js allows OS Command Injection via shell metacharacters, as demonstrated by git.reset and git.tag.
Async-git Project Async-git
NA
CVE-2023-49568
A denial of service (DoS) vulnerability exists in go-git versions prior to v5.11. This vulnerability allows an malicious user to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Appl...
Go-git Project Go-git
605
VMScore
CVE-2017-12976
git-annex prior to 6.20170818 allows remote malicious users to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, as demonstrated by an ssh://-eProxyCommand= URL, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-1000116, and CVE-20...
Git-annex Project Git-annex
668
VMScore
CVE-2022-24066
The package simple-git prior to 3.5.0 are vulnerable to Command Injection due to an incomplete fix of [CVE-2022-24433](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-2421199) which only patches against the git fetch attack vector. A similar use of the --upload-pack feature of gi...
Simple-git Project Simple-git
NA
CVE-2022-25860
Versions of the package simple-git prior to 3.16.0 are vulnerable to Remote Code Execution (RCE) via the clone(), pull(), push() and listRemote() methods, due to improper input sanitization. This vulnerability exists due to an incomplete fix of [CVE-2022-25912](https://security.s...
Simple-git Project Simple-git
890
VMScore
CVE-2022-25900
All versions of package git-clone are vulnerable to Command Injection due to insecure usage of the --upload-pack feature of git.
Git-clone Project Git-clone
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-6280
CVE-2024-5346
CVE-2024-30078
CVE-2022-45803
CVE-2024-36886
SQL
CVE-2024-24553
IMAP
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »