23 matches found
CVE-2026-45022
go-git is an extensible git implementation library written in pure Go. Prior to 5.19.0 and 6.0.0-alpha.3, go-git may parse malformed Git objects in a way that differs from upstream Git. When commit or tag objects contain ambiguous or malformed headers, go-git’s decoded representation may expose...
CVE-2026-45022 go-git: Improper parsing of specially crafted objects may lead to inconsistent interpretation compared to upstream Git
go-git is an extensible git implementation library written in pure Go. Prior to 5.19.0 and 6.0.0-alpha.3, go-git may parse malformed Git objects in a way that differs from upstream Git. When commit or tag objects contain ambiguous or malformed headers, go-git’s decoded representation may expose...
CVE-2026-45022 go-git: Improper parsing of specially crafted objects may lead to inconsistent interpretation compared to upstream Git
go-git is an extensible git implementation library written in pure Go. Prior to 5.19.0 and 6.0.0-alpha.3, go-git may parse malformed Git objects in a way that differs from upstream Git. When commit or tag objects contain ambiguous or malformed headers, go-git’s decoded representation may expose...
EUVD-2026-32542
go-git is an extensible git implementation library written in pure Go. Prior to 5.19.0 and 6.0.0-alpha.3, go-git may parse malformed Git objects in a way that differs from upstream Git. When commit or tag objects contain ambiguous or malformed headers, go-git’s decoded representation may expose...
CVE-2026-45022
CVE-2026-45022 affects the Go Git library, go-git, where prior to v5.19.0 and v6.0.0-alpha.3 it may parse malformed commit/tag objects differently from upstream Git. The decoded representation can expose values differently and the commit signing/verification may operate on reconstructed data rath...
[SECURITY] Fedora 43 Update: rust-sequoia-git-0.6.0-2.fc43
A tool for managing and enforcing a commit signing policy...
[SECURITY] Fedora 42 Update: rust-sequoia-git-0.6.0-2.fc42
A tool for managing and enforcing a commit signing policy...
[SECURITY] Fedora 44 Update: rust-sequoia-git-0.6.0-2.fc44
A tool for managing and enforcing a commit signing policy...
GHSA-389R-GV7P-R3RP go-git's improper parsing of specially crafted objects may lead to inconsistent interpretation compared to upstream Git
Impact go-git may parse malformed Git objects in a way that differs from upstream Git. When commit or tag objects contain ambiguous or malformed headers, go-git’s decoded representation may expose values differently from how Git itself would interpret or reject the same object. Additionally,...
[SECURITY] Fedora 44 Update: rust-sequoia-git-0.6.0-1.fc44
A tool for managing and enforcing a commit signing policy...
[SECURITY] Fedora 42 Update: rust-sequoia-git-0.6.0-1.fc42
A tool for managing and enforcing a commit signing policy...
[SECURITY] Fedora 43 Update: rust-sequoia-git-0.6.0-1.fc43
A tool for managing and enforcing a commit signing policy...
gitverify has improper tag signature verification
gitverify is still a prototype. Impact The bug is related to requireSignedTags which is on by default: an unsigned annotated tag would pass the verification. The commit pointed to by the tag would still have to be signed by a maintainer or a contributor. Patches Since the initial commit, fixed in...
EUVD-2020-20574
Malware in sbrugna...
On the Prevalence and Usage of Commit Signing on GitHub: a Longitudinal and Cross-Domain Study
GitHub is one of the most widely used public code development platform. However, the code hosted publicly on the platform is vulnerable to commit spoofing that allows an adversary to introduce malicious code or commits into the repository by spoofing the commit metadata to indicate that the code...
openSUSE 15 Security Update : gitui (openSUSE-SU-2024:0135-1)
The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2024:0135-1 advisory. - update to version 0.26.2: respect configuration for remote when fetching also applies to pulling add : character to sign-off trailer to comply with...
openSUSE Security Advisory (openSUSE-SU-2024:0135-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
OPENSUSE-SU-2024:0135-1 Security update for gitui
This update for gitui fixes the following issues: - update to version 0.26.2: respect configuration for remote when fetching also applies to pulling add : character to sign-off trailer to comply with Conventional Commits standard support overriding builddate for reproducible builds - update...
SUSE CVE-2024-31497
In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant...
GitHub Rotates Keys After High-Severity Vulnerability Exposes Credentials
GitHub has revealed that it has rotated some keys in response to a security vulnerability that could be potentially exploited to gain access to credentials within a production container. The Microsoft-owned subsidiary said it was made aware of the problem on December 26, 2023, and that it address...