Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

313 matches found

SUSE CVE
SUSE CVEadded 2026/05/12 3:31 a.m.5 views

SUSE CVE-2026-41506

go-git is an extensible git implementation library written in pure Go. Prior to versions 5.18.0 and 6.0.0-alpha.2, go-git may leak HTTP authentication credentials when following redirects during smart-HTTP clone and fetch operations. This issue has been patched in versions 5.18.0 and 6.0.0-alpha....

6.5CVSS5.7AI score0.00082EPSS
Exploits0References3
Github Security Blog
Github Security Blogadded 2026/05/11 2:48 p.m.18 views

go-git's improper parsing of specially crafted objects may lead to inconsistent interpretation compared to upstream Git

Impact go-git may parse malformed Git objects in a way that differs from upstream Git. When commit or tag objects contain ambiguous or malformed headers, go-git’s decoded representation may expose values differently from how Git itself would interpret or reject the same object. Additionally,...

7.5CVSS5.8AI score0.00006EPSS
Exploits0References3Affected Software2
Snyk
Snykadded 2026/05/11 2:48 p.m.6 views

Incorrect Behavior Order: Validate Before Canonicalize

Overview Affected versions of this package are vulnerable to Incorrect Behavior Order: Validate Before Canonicalize in the parsing of Git objects with malformed or ambiguous commit or tag objects. An attacker can cause inconsistent interpretation of object metadata or signature validation by...

7.5CVSS5.8AI score0.00006EPSS
Exploits0References2
Github Security Blog
Github Security Blogadded 2026/05/08 10:38 p.m.8 views

gitsign verify accepts signatures over go-git-normalized bytes, enabling trust confusion on malformed commits

Summary gitsign verify and gitsign verify-tag re-encode commit/tag objects through go-git's EncodeWithoutSignature before checking the signature, instead of verifying against the raw git object bytes. For malformed objects with duplicate tree headers, git-core and go-git parse different trees:...

5.3CVSS5.8AI score0.00013EPSS
Exploits0References3Affected Software1
OSV
OSVadded 2026/05/08 10:38 p.m.3 views

GHSA-7RMH-48MX-2VWC gitsign verify accepts signatures over go-git-normalized bytes, enabling trust confusion on malformed commits

Summary gitsign verify and gitsign verify-tag re-encode commit/tag objects through go-git's EncodeWithoutSignature before checking the signature, instead of verifying against the raw git object bytes. For malformed objects with duplicate tree headers, git-core and go-git parse different trees:...

5.3CVSS5.8AI score0.00013EPSS
Exploits0References3
NVD
NVDadded 2026/05/08 2:16 p.m.6 views

CVE-2026-41506

go-git is an extensible git implementation library written in pure Go. Prior to versions 5.18.0 and 6.0.0-alpha.2, go-git may leak HTTP authentication credentials when following redirects during smart-HTTP clone and fetch operations. This issue has been patched in versions 5.18.0 and 6.0.0-alpha....

7.4CVSS0.00082EPSS
Exploits0References3
UbuntuCve
UbuntuCveadded 2026/05/08 2:16 p.m.3 views

CVE-2026-41506

go-git is an extensible git implementation library written in pure Go. Prior to versions 5.18.0 and 6.0.0-alpha.2, go-git may leak HTTP authentication credentials when following redirects during smart-HTTP clone and fetch operations. This issue has been patched in versions 5.18.0 and 6.0.0-alpha....

7.4CVSS5.7AI score0.00082EPSS
Exploits0References4
OSV
OSVadded 2026/05/08 2:16 p.m.4 views

UBUNTU-CVE-2026-41506

go-git is an extensible git implementation library written in pure Go. Prior to versions 5.18.0 and 6.0.0-alpha.2, go-git may leak HTTP authentication credentials when following redirects during smart-HTTP clone and fetch operations. This issue has been patched in versions 5.18.0 and 6.0.0-alpha....

7.4CVSS5.7AI score0.00082EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/05/08 1:43 p.m.24 views

CVE-2026-41506 go-git Credential leak via cross-host redirect in smart HTTP transport

go-git is an extensible git implementation library written in pure Go. Prior to versions 5.18.0 and 6.0.0-alpha.2, go-git may leak HTTP authentication credentials when following redirects during smart-HTTP clone and fetch operations. This issue has been patched in versions 5.18.0 and 6.0.0-alpha....

4.7CVSS0.00082EPSS
Exploits0References3
EUVD
EUVDadded 2026/05/08 1:43 p.m.14 views

EUVD-2026-28596

go-git is an extensible git implementation library written in pure Go. Prior to versions 5.18.0 and 6.0.0-alpha.2, go-git may leak HTTP authentication credentials when following redirects during smart-HTTP clone and fetch operations. This issue has been patched in versions 5.18.0 and 6.0.0-alpha....

4.7CVSS5.7AI score0.00082EPSS
Exploits0References3
CVE
CVEadded 2026/05/08 1:43 p.m.17 views

CVE-2026-41506

go-git is vulnerable to credential leakage during smart-HTTP redirects in clone/fetch operations prior to versions 5.18.0 and 6.0.0-alpha.2. The issue, a cross-host redirect exposure, has been patched in 5.18.0 and 6.0.0-alpha.2. Impact is a potential exposure of HTTP credentials during redirects...

7.4CVSS5.7AI score0.00082EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVEadded 2026/05/08 1:43 p.m.5 views

CVE-2026-41506

go-git is an extensible git implementation library written in pure Go. Prior to versions 5.18.0 and 6.0.0-alpha.2, go-git may leak HTTP authentication credentials when following redirects during smart-HTTP clone and fetch operations. This issue has been patched in versions 5.18.0 and 6.0.0-alpha....

7.4CVSS5.7AI score0.00082EPSS
Exploits0
Vulnrichment
Vulnrichmentadded 2026/05/08 1:43 p.m.6 views

CVE-2026-41506 go-git Credential leak via cross-host redirect in smart HTTP transport

go-git is an extensible git implementation library written in pure Go. Prior to versions 5.18.0 and 6.0.0-alpha.2, go-git may leak HTTP authentication credentials when following redirects during smart-HTTP clone and fetch operations. This issue has been patched in versions 5.18.0 and 6.0.0-alpha....

4.7CVSS5.7AI score0.00082EPSS
Exploits0References3
Tenable Nessus
Tenable Nessusadded 2026/05/08 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-41506

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - go-git is an extensible git implementation library written in pure Go. Prior to versions 5.18.0 and 6.0.0-alpha.2, go-git may leak HTTP authentication credentia...

7.4CVSS5.8AI score0.00082EPSS
Exploits0References4
CNNVD
CNNVDadded 2026/05/08 12:0 a.m.7 views

go-git 安全漏洞

go-git is an open-source, highly scalable Git implementation written entirely in Go. Versions of go-git prior to 5.18.0 and 6.0.0-alpha.2 contained security vulnerabilities. These vulnerabilities were due to a flaw where, during intelligent HTTP cloning and fetch operations, redirecting could lea...

7.4CVSS5.8AI score0.00082EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/05/08 12:0 a.m.7 views

PT-2026-39243

Name of the Vulnerable Software and Affected Versions Gitsign versions prior to 0.16.0 Description gitsign verify and gitsign verify-tag re-encode commit or tag objects using the EncodeWithoutSignature function from the go-git library before checking the signature, rather than verifying the raw g...

5.3CVSS5.8AI score0.00013EPSS
Exploits0References4
Snyk
Snykadded 2026/04/17 10:31 p.m.1 views

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials in the advertisedReferences function. The headers - including Authorization headers - from an initial /info/refs request are forwarded to redirect targets. An attacker can obtain authentication...

7.4CVSS5.8AI score0.00082EPSS
Exploits0References2
Snyk
Snykadded 2026/04/17 10:31 p.m.2 views

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials in the advertisedReferences function. The headers - including Authorization headers - from an initial /info/refs request are forwarded to redirect targets. An attacker can obtain authentication...

7.4CVSS5.8AI score0.00082EPSS
Exploits0References2
OSV
OSVadded 2026/04/17 10:31 p.m.1 views

GHSA-3XC5-WRHM-F963 go-git: Credential leak via cross-host redirect in smart HTTP transport

Impact go-git may leak HTTP authentication credentials when following redirects during smart-HTTP clone and fetch operations. If a remote repository responds to the initial /info/refs request with a redirect to a different host, go-git updates the session endpoint to the redirected location and...

4.7CVSS5.8AI score0.00082EPSS
Exploits0References5
Github Security Blog
Github Security Blogadded 2026/04/17 10:31 p.m.5 views

go-git: Credential leak via cross-host redirect in smart HTTP transport

Impact go-git may leak HTTP authentication credentials when following redirects during smart-HTTP clone and fetch operations. If a remote repository responds to the initial /info/refs request with a redirect to a different host, go-git updates the session endpoint to the redirected location and...

7.4CVSS5.8AI score0.00082EPSS
Exploits0References5Affected Software2
Rows per page
Query Builder