Lucene search
K

320 matches found

Github Security Blog
Github Security Blog
added 2026/03/30 5:17 p.m.23 views

go-git: Maliciously crafted idx file can cause asymmetric memory consumption

Impact A vulnerability has been identified in which a maliciously crafted .idx file can cause asymmetric memory consumption, potentially exhausting available memory and resulting in a Denial of Service DoS condition. Exploitation requires write access to the local repository's .git directory, it...

5CVSS5.8AI score0.00147EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2026/03/30 5:5 p.m.3 views

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index through improper validation in the index decoding for version 4 files. An attacker with write access to the .git directory to modify or inject the index file can cause a panic and terminate the process...

6.9CVSS5.9AI score0.00153EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/30 5:5 p.m.5 views

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index through improper validation in the index decoding for version 4 files. An attacker with write access to the .git directory to modify or inject the index file can cause a panic and terminate the process...

6.9CVSS5.9AI score0.00153EPSS
Exploits0References2
OSV
OSV
added 2026/03/30 5:5 p.m.2 views

GHSA-GM2X-2G9H-CCM8 go-git missing validation decoding Index v4 files leads to panic

Impact go-git’s index decoder for format version 4 fails to validate the path name prefix length before applying it to the previously decoded path name. A maliciously crafted index file can trigger an out-of-bounds slice operation, resulting in a runtime panic during normal index parsing. This...

2.8CVSS5.9AI score0.00153EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/30 12:0 a.m.4 views

PT-2026-29156

Name of the Vulnerable Software and Affected Versions go-git versions prior to 5.17.1 Description The go-git library’s index decoder for Git index format version 4 does not properly validate the path name prefix length before applying it to the previously decoded path name. A specially crafted...

2.8CVSS5.9AI score0.00153EPSS
Exploits0References177
Positive Technologies
Positive Technologies
added 2026/03/30 12:0 a.m.6 views

PT-2026-29159

Name of the Vulnerable Software and Affected Versions go-git versions 5.0.0 through 5.17.0 Description A crafted .idx file can cause asymmetric memory consumption, potentially exhausting available memory and resulting in a denial-of-service DoS condition. Exploitation requires write access to the...

5CVSS5.9AI score0.00201EPSS
Exploits0References184
Redos
Redos
added 2026/03/27 12:0 a.m.4 views

ROS-20260327-73-0012

Vulnerability in go-git related to lack of integrity checking. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

4.3CVSS7.1AI score0.00136EPSS
Exploits0
OpenVAS
OpenVAS
added 2026/03/16 12:0 a.m.5 views

Ubuntu: Security Advisory (USN-8088-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS5.8AI score0.01523EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/13 12:0 a.m.4 views

Ubuntu 22.04 LTS / 24.04 LTS : go-git vulnerabilities (USN-8088-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8088-1 advisory. Ionut Lalu discovered that go-git incorrectly handled certain specially crafted Git server responses. An attacker could possibly use this iss...

9.8CVSS7.5AI score0.01523EPSS
Exploits0References6
OSV
OSV
added 2026/02/27 1:1 a.m.2 views

CLEANSTART-2026-YW12690 go-git is a highly extensible git implementation library written in pure Go

Multiple security vulnerabilities affect the argo-cd-fips package. go-git is a highly extensible git implementation library written in pure Go. See references for individual vulnerability details...

9.8CVSS5.8AI score0.04518EPSS
Exploits3References41
OSV
OSV
added 2026/02/27 1:0 a.m.2 views

CLEANSTART-2026-DZ05206 go-git is a highly extensible git implementation library written in pure Go

Multiple security vulnerabilities affect the argo-cd-fips package. go-git is a highly extensible git implementation library written in pure Go. See references for individual vulnerability details...

9.8CVSS5.8AI score0.04518EPSS
Exploits3References41
OSV
OSV
added 2026/02/27 12:54 a.m.9 views

CLEANSTART-2026-AC12204 go-git is a highly extensible git implementation library written in pure Go

Multiple security vulnerabilities affect the argo-cd-fips package. go-git is a highly extensible git implementation library written in pure Go. See references for individual vulnerability details...

9.8CVSS5.8AI score0.04518EPSS
Exploits3References41
OSV
OSV
added 2026/02/27 12:51 a.m.3 views

CLEANSTART-2026-FF98917 go-git is a highly extensible git implementation library written in pure Go

Multiple security vulnerabilities affect the argo-cd package. go-git is a highly extensible git implementation library written in pure Go. See references for individual vulnerability details...

9.8CVSS5.8AI score0.04518EPSS
Exploits3References42
OSV
OSV
added 2026/02/27 12:46 a.m.2 views

CLEANSTART-2026-ER93728 go-git is a highly extensible git implementation library written in pure Go

Multiple security vulnerabilities affect the argo-cd-fips package. go-git is a highly extensible git implementation library written in pure Go. See references for individual vulnerability details...

9.8CVSS5.8AI score0.04518EPSS
Exploits3References41
OSV
OSV
added 2026/02/25 12:46 a.m.3 views

CLEANSTART-2026-DS30740 go-git is a highly extensible git implementation library written in pure Go

Multiple security vulnerabilities affect the argo-workflows-fips package. go-git is a highly extensible git implementation library written in pure Go. See references for individual vulnerability details...

9.8CVSS5.6AI score0.0056EPSS
Exploits1References22
OSV
OSV
added 2026/02/25 12:44 a.m.6 views

CLEANSTART-2026-OA82425 go-git is a highly extensible git implementation library written in pure Go

Multiple security vulnerabilities affect the argo-workflows package. go-git is a highly extensible git implementation library written in pure Go. See references for individual vulnerability details...

9.8CVSS5.8AI score0.00459EPSS
Exploits2References9
OSV
OSV
added 2026/02/25 12:44 a.m.1 views

CLEANSTART-2026-IA56615 go-git is a highly extensible git implementation library written in pure Go

Multiple security vulnerabilities affect the argo-workflows package. go-git is a highly extensible git implementation library written in pure Go. See references for individual vulnerability details...

9.8CVSS5.8AI score0.00459EPSS
Exploits2References9
OSV
OSV
added 2026/02/25 12:42 a.m.2 views

CLEANSTART-2026-DV04077 go-git is a highly extensible git implementation library written in pure Go

Multiple security vulnerabilities affect the argo-workflows-fips package. go-git is a highly extensible git implementation library written in pure Go. See references for individual vulnerability details...

9.8CVSS5.8AI score0.0056EPSS
Exploits1References20
OSV
OSV
added 2026/02/19 5:28 p.m.5 views

GO-2026-4473 Improper verification of data integrity values for .idx and .pack files in github.com/go-git/go-git

Improper verification of data integrity values for .idx and .pack files in github.com/go-git/go-git...

4.3CVSS5.5AI score0.00136EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.7 views

Gogs 安全漏洞

Gogs Go Git Service is a Go-based self-service Git hosting service developed by the Gogs team. It supports creating and migrating public/private repositories, as well as adding and removing repository collaborators. Gogs versions 0.13.4 and earlier have security vulnerabilities. These...

5.1CVSS5.8AI score0.00271EPSS
Exploits1References2
Rows per page
Query Builder