CVE-2025-41390

CVE-2025-41390 concerns an arbitrary code execution in TruffleHog 3.90.2 through the Git core.fsmonitor handling. A specially crafted repository (e.g., copied file-for-file via tar/cp/rsync) can trigger execution when Git operations are invoked by tooling, due to a malicious core.fsmonitor value ...

CVE-2025-41390

An arbitrary code execution vulnerability exists in the git functionality of Truffle Security Co. TruffleHog 3.90.2. A specially crafted repository can lead to a arbitrary code execution. An attacker can provide a malicious respository to trigger this vulnerability...

CVE-2024-24577

libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to gitindexadd can cause heap corruption that could be leveraged for arbitrary code execution. There...

Improper access control

libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to gitrevparsesingle can cause the function to enter an infinite loop, potentially causing a Denial ...

CVE-2024-24575 libgit2 is vulnerable to a denial of service attack in `git_revparse_single`

libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to gitrevparsesingle can cause the function to enter an infinite loop, potentially causing a Denial ...