CVE-2026-25934

go-git is a highly extensible git implementation library written in pure Go. Prior to 5.16.5, a vulnerability was discovered in go-git whereby data integrity values for .pack and .idx files were not properly verified. This resulted in go-git potentially consuming corrupted files, which would like...

CVE-2026-25934 go-git improperly verifies data integrity values for .idx and .pack files

go-git is a highly extensible git implementation library written in pure Go. Prior to 5.16.5, a vulnerability was discovered in go-git whereby data integrity values for .pack and .idx files were not properly verified. This resulted in go-git potentially consuming corrupted files, which would like...

CVE-2026-25934 go-git improperly verifies data integrity values for .idx and .pack files

go-git is a highly extensible git implementation library written in pure Go. Prior to 5.16.5, a vulnerability was discovered in go-git whereby data integrity values for .pack and .idx files were not properly verified. This resulted in go-git potentially consuming corrupted files, which would like...

CVE-2026-25934

Summary of CVE-2026-25934 : The go-git library (prior to v5.16.5) did not properly verify data integrity for .pack and .idx files, which could allow consuming corrupted packfiles/indexes and result in errors such as object not found. This vulnerability affects the integrity checks used when fetch...

CVE-2026-25934

go-git is a highly extensible git implementation library written in pure Go. Prior to 5.16.5, a vulnerability was discovered in go-git whereby data integrity values for .pack and .idx files were not properly verified. This resulted in go-git potentially consuming corrupted files, which would like...

go-git 安全漏洞

go-git is an open-source, highly scalable Git implementation written entirely in Go. Versions of go-git prior to 5.16.5 contained security vulnerabilities. These vulnerabilities stemmed from improper validation of data integrity values in the .pack and .idx files, which could lead to errors when...

PT-2026-7181

Name of the Vulnerable Software and Affected Versions go-git versions prior to 5.16.5 Description go-git is a Git implementation library written in Go. A flaw exists in how go-git handles the integrity verification of .pack and .idx files. Specifically, data integrity values were not properly...

TencentOS Server 4: grafana (TSSA-2024:0907)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0907 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

EUVD-2024-0238

Malicious code in bioql PyPI...

EUVD-2025-0045

Malicious code in bioql PyPI...

EUVD-2025-0043

Malicious code in bioql PyPI...

EUVD-2023-3251

Malicious code in bioql PyPI...

Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFixes for August 2025.

Summary Security vulnerabilities are addressed with IBM Business Automation Insights 25.0.0-IF001 Vulnerability Details CVEID:CVE-2023-5752 DESCRIPTION: When installing a package from a Mercurial VCS URL ie "pip install hg+..." with pip prior to v23.3, the specified Mercurial revision could be us...

ROS-20250903-02

The vulnerability in the go-git library is related to input validation errors when processing directory traversal sequences. Exploitation of the vulnerability could allow an attacker acting remotely to perform directory traversal attacks...

ROS-20250731-02

A vulnerability in the git-upload-pack method of the go-git library is related to argument injection or modification. Exploitation of the vulnerability could allow an attacker acting remotely to impact the confidentiality, integrity, and availability of protected information...

TencentOS Server 3: grafana (TSSA-2025:0100)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0100 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Alibaba Cloud Linux 3 : 0013: grafana (ALINUX3-SA-2025:0013)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2025:0013 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2025-21613: go-git is a highly...

Security Bulletin: IBM Watson Speech Services Cartridge v4.8.8 is vulnerable to a denial of service in go-git [CVE-2025-21614]

Summary IBM Watson Speech Services Cartridge is vulnerable to a denial of service in go-git, caused by a flaw in in go-git clients that could alow attackers to provide specially crafted responses from a Git server which trigger a resource exhaustion CVE-2025-21614. Go-git is used in our...

Security Bulletin: IBM Watson Speech Services Cartridge v4.8.8 is vulnerable to an argument injection vulnerability in go-git [CVE-2025-21613]

Summary IBM Watson Speech Services Cartridge is vulnerable to an argument injection vulnerability in go-git, caused by a flaw which may allow an attacker to set arbitrary values to git-upload-pack flags CVE-2025-21613. Go-git is used in our ibm-watson-speech-catalog images. This vulnerabilitiy ha...

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities

Summary IBM Cloud Transformation Advisor has addressed multiple security vulnerabilities listed herein. Vulnerability Details CVEID:CVE-2023-49569 DESCRIPTION: go-git could allow a remote attacker to traverse directories on the system. By sending a specially crafted request using the ChrootOS...