go-git: Malformed Git object data may cause panics or resource exhaustion

Impact Several denial-of-service issues were identified in go-git when parsing maliciously crafted Git repository data. An attacker may craft a malicious .pack, .idx or loose objects that causes an application using an affected version of go-git to panic or consume excessive resources. This can...

GHSA-W5PP-99CH-QJ29 go-git: Malformed Git object data may cause panics or resource exhaustion

Impact Several denial-of-service issues were identified in go-git when parsing maliciously crafted Git repository data. An attacker may craft a malicious .pack, .idx or loose objects that causes an application using an affected version of go-git to panic or consume excessive resources. This can...

GO-2026-4473 Improper verification of data integrity values for .idx and .pack files in github.com/go-git/go-git

Improper verification of data integrity values for .idx and .pack files in github.com/go-git/go-git...

Linux Distros Unpatched Vulnerability : CVE-2026-25934

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - go-git is a highly extensible git implementation library written in pure Go. Prior to 5.16.5, a vulnerability was discovered in go-git whereby data integrity...

Improper Validation of Integrity Check Value

Overview Affected versions of this package are vulnerable to Improper Validation of Integrity Check Value for .idx and .pack files. An attacker can cause the application to consume corrupted files, leading to unexpected errors, due to checksums not being checked in the loadIdxFile function...

CVE-2026-25934

go-git is a highly extensible git implementation library written in pure Go. Prior to 5.16.5, a vulnerability was discovered in go-git whereby data integrity values for .pack and .idx files were not properly verified. This resulted in go-git potentially consuming corrupted files, which would like...

DEBIAN-CVE-2026-25934

go-git is a highly extensible git implementation library written in pure Go. Prior to 5.16.5, a vulnerability was discovered in go-git whereby data integrity values for .pack and .idx files were not properly verified. This resulted in go-git potentially consuming corrupted files, which would like...

CVE-2026-25934 go-git improperly verifies data integrity values for .idx and .pack files

go-git is a highly extensible git implementation library written in pure Go. Prior to 5.16.5, a vulnerability was discovered in go-git whereby data integrity values for .pack and .idx files were not properly verified. This resulted in go-git potentially consuming corrupted files, which would like...

CVE-2026-25934 go-git improperly verifies data integrity values for .idx and .pack files

go-git is a highly extensible git implementation library written in pure Go. Prior to 5.16.5, a vulnerability was discovered in go-git whereby data integrity values for .pack and .idx files were not properly verified. This resulted in go-git potentially consuming corrupted files, which would like...

CVE-2026-25934 go-git improperly verifies data integrity values for .idx and .pack files

go-git is a highly extensible git implementation library written in pure Go. Prior to 5.16.5, a vulnerability was discovered in go-git whereby data integrity values for .pack and .idx files were not properly verified. This resulted in go-git potentially consuming corrupted files, which would like...

CVE-2026-25934

Summary of CVE-2026-25934 : The go-git library (prior to v5.16.5) did not properly verify data integrity for .pack and .idx files, which could allow consuming corrupted packfiles/indexes and result in errors such as object not found. This vulnerability affects the integrity checks used when fetch...

PT-2026-7181

Name of the Vulnerable Software and Affected Versions go-git versions prior to 5.16.5 Description go-git is a Git implementation library written in Go. A flaw exists in how go-git handles the integrity verification of .pack and .idx files. Specifically, data integrity values were not properly...

SUSE-SU-2025:20054-1 Security update for kubevirt

This update for kubevirt fixes the following issues: - Update to version 1.3.1 Release notes https://github.com/kubevirt/kubevirt/releases/tag/v1.3.1 Release notes https://github.com/kubevirt/kubevirt/releases/tag/v1.3.0 - Fix DV error report via VM printable status - Fix permission error in...

GHSA-VJJF-3RVG-GV3V Dulwich Buffer Overflow when handling pack files

Buffer overflow in the C implementation of the applydelta function in pack.c in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a crafted pack file...

DLA-231-1 dulwich - security update

Bulletin has no description...

Updated python-dulwich packages fix security vulnerabilities

Updated python-dulwich package fixes security vulnerabilities: It was discovered that Dulwich allows writing to files under .git/ when checking out working trees. This could lead to the execution of arbitrary code with the privileges of the user running an application based on Dulwich...

Debian DSA-3206-1 : dulwich - security update

Multiple vulnerabilities have been discovered in Dulwich, a Python implementation of the file formats and protocols used by the Git version control system. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2014-9706 It was discovered that Dulwich allows...

Debian Security Advisory DSA 3206-1 (dulwich - security update)

Multiple vulnerabilities have been discovered in Dulwich, a Python implementation of the file formats and protocols used by the Git version control system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2014-9706 It was discovered that Dulwich allows writi...