CVE-2026-45571

go-git is an extensible git implementation library written in pure Go. Prior to 5.19.1 and 6.0.0-alpha.4, a path validation issue in go-git could allow crafted repository data to affect files outside the intended checkout target, including the repository's .git directory. These validations were...

CVE-2026-45571 go-git: Crafted repositories may modify main and submodule .git directories

go-git is an extensible git implementation library written in pure Go. Prior to 5.19.1 and 6.0.0-alpha.4, a path validation issue in go-git could allow crafted repository data to affect files outside the intended checkout target, including the repository's .git directory. These validations were...

CVE-2026-45022 go-git: Improper parsing of specially crafted objects may lead to inconsistent interpretation compared to upstream Git

go-git is an extensible git implementation library written in pure Go. Prior to 5.19.0 and 6.0.0-alpha.3, go-git may parse malformed Git objects in a way that differs from upstream Git. When commit or tag objects contain ambiguous or malformed headers, go-git’s decoded representation may expose...

CVE-2026-45022 go-git: Improper parsing of specially crafted objects may lead to inconsistent interpretation compared to upstream Git

go-git is an extensible git implementation library written in pure Go. Prior to 5.19.0 and 6.0.0-alpha.3, go-git may parse malformed Git objects in a way that differs from upstream Git. When commit or tag objects contain ambiguous or malformed headers, go-git’s decoded representation may expose...

CVE-2026-45022

go-git is an extensible git implementation library written in pure Go. Prior to 5.19.0 and 6.0.0-alpha.3, go-git may parse malformed Git objects in a way that differs from upstream Git. When commit or tag objects contain ambiguous or malformed headers, go-git’s decoded representation may expose...

EUVD-2026-32542

go-git is an extensible git implementation library written in pure Go. Prior to 5.19.0 and 6.0.0-alpha.3, go-git may parse malformed Git objects in a way that differs from upstream Git. When commit or tag objects contain ambiguous or malformed headers, go-git’s decoded representation may expose...

CVE-2026-45022

go-git is an extensible git implementation library written in pure Go. Prior to 5.19.0 and 6.0.0-alpha.3, go-git may parse malformed Git objects in a way that differs from upstream Git. When commit or tag objects contain ambiguous or malformed headers, go-git’s decoded representation may expose...

CVE-2026-45022

CVE-2026-45022 affects the Go Git library, go-git, where prior to v5.19.0 and v6.0.0-alpha.3 it may parse malformed commit/tag objects differently from upstream Git. The decoded representation can expose values differently and the commit signing/verification may operate on reconstructed data rath...

SUSE CVE-2025-22240

Arbitrary directory creation or file deletion. In the findfile method of the GitFS class, a path is created using os.path.join using unvalidated input from the “tgtenv” variable. This can be exploited by an attacker to delete any file on the Master's process has permissions to...

[SECURITY] Fedora 43 Update: rust-sequoia-git-0.6.0-2.fc43

A tool for managing and enforcing a commit signing policy...

[SECURITY] Fedora 42 Update: rust-sequoia-git-0.6.0-2.fc42

A tool for managing and enforcing a commit signing policy...

sherlock 操作系统命令注入漏洞

Sherlock is an open-source username search tool developed by Sherlock. Versions of Sherlock prior to 0.16.1 contained a vulnerability related to operating system command injection. This vulnerability originated from the pullrequesttarget trigger in the GitHub Actions workflow...

go-git 数据伪造问题漏洞

go-git is an open-source, highly scalable Git implementation written entirely in Go. Versions of go-git prior to 5.19.0 and 6.0.0-alpha.3 contained a data manipulation vulnerability. This vulnerability stems from the way Git objects are parsed differently compared to upstream Git. Additionally, t...

Amazon Linux 2023 : git-lfs (ALAS2023-2026-1722)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1722 advisory. Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value refresh. A new GODEBU...

RHEL 8 : git-lfs (RHSA-2026:20584)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:20584 advisory. Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing t...

go-git 路径遍历漏洞

go-git is an open-source, highly scalable Git implementation written entirely in Go. Versions of go-git prior to 5.19.1 and 6.0.0-alpha.4 contained a path traversal vulnerability. This vulnerability stemmed from path validation issues, which could allow malicious data from a specially crafted...

go-git 安全漏洞

go-git is an open-source, highly scalable Git implementation written entirely in Go. Versions of go-git prior to 5.19.1 and 6.0.0-alpha.4 contained security vulnerabilities. These vulnerabilities stemmed from the use of SSH for transmitting commands remotely; the repository path was enclosed in...

USN-8303-1: GitPython vulnerabilities

Santos Gallegos discovered that GitPython did not properly validate paths when resolving certain Git references. An attacker could possibly use this issue to cause files outside the .git directory to be accessed, leading to a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu...

CVE-2026-3515

A vulnerability in the GitHubRepository block of the prefect-github integration in Prefect version 3.6.18 allows an attacker to inject arbitrary git command-line options via the reference field. The reference field is concatenated directly into a git clone command string without proper...

EUVD-2025-203462

Weblate has a Server-Side Request Forgery issue...