CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

16 matches found

Github Security Blog•added last week•14 views

go-git: Malformed Git object data may cause panics or resource exhaustion

Impact Several denial-of-service issues were identified in go-git when parsing maliciously crafted Git repository data. An attacker may craft a malicious .pack, .idx or loose objects that causes an application using an affected version of go-git to panic or consume excessive resources. This can...

5.7AI score

Exploits0References2Affected Software2

EUVD•added 2026/05/15 4:22 p.m.•8 views

EUVD-2026-30563

Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. Prior to 0.16.0, gitsign verify and gitsign verify-tag re-encode commit/tag objects through go-git's EncodeWithoutSignature before checking the signature, instead of verifying against the raw git...

5.3CVSS5.8AI score0.00013EPSS

Exploits0References1

Snyk•added 2026/05/11 2:48 p.m.•5 views

Incorrect Behavior Order: Validate Before Canonicalize

Overview Affected versions of this package are vulnerable to Incorrect Behavior Order: Validate Before Canonicalize in the parsing of Git objects with malformed or ambiguous commit or tag objects. An attacker can cause inconsistent interpretation of object metadata or signature validation by...

7.5CVSS5.8AI score0.00007EPSS

Exploits0References2

SUSE CVE•added 2025/04/08 1:43 a.m.•2 views

SUSE CVE-2025-31130

gitoxide is an implementation of git written in Rust. Before 0.42.0, gitoxide uses SHA-1 hash implementations without any collision detection, leaving it vulnerable to hash collision attacks. gitoxide uses the sha1smol or sha1 crate, both of which implement standard SHA-1 without any mitigations...

6.8CVSS6.9AI score0.0002EPSS

Exploits0References4

Cvelist•added 2025/04/04 2:41 p.m.•9 views

CVE-2025-31130 gitoxide does not detect SHA-1 collision attacks

6.8CVSS0.0002EPSS

Exploits0References2

RustSec•added 2025/04/03 12:0 p.m.•4 views

SHA-1 collision attacks are not detected

Summary gitoxide uses SHA-1 hash implementations without any collision detection, leaving it vulnerable to hash collision attacks. Details gitoxide uses the sha1smol or sha1 crate, both of which implement standard SHA-1 without any mitigations for collision attacks. This means that two distinct G...

6.8CVSS7AI score0.0002EPSS

Exploits0Affected Software1

Positive Technologies•added 2025/04/03 12:0 a.m.•4 views

PT-2025-14868 · Gitoxide · Gitoxide

Name of the Vulnerable Software and Affected Versions: gitoxide versions prior to 0.42.0 Description: The issue arises from gitoxide's use of SHA-1 hash implementations without collision detection, making it vulnerable to hash collision attacks. This means two distinct Git objects with colliding...

6.8CVSS6.1AI score0.00684EPSS

Exploits0References20