Go-git@* Security Vulnerabilities and Issues — Go-git@* CVE List

Go-git ProjectGo-git*

8 matches found

CVE•added 2025/01/06 4:13 p.m.•436 views

CVE-2025-21613

CVE-2025-21613 affects the go-git library. Affected: go-git prior to 5.13.0. Issue: argument injection vulnerability allowing an attacker to set arbitrary values on git-upload-pack flags when using the file transport protocol (shelling out to git binaries). Impact: potential disclosure/integrity/...

9.8CVSS9.3AI score0.0124EPSS

CVE•added 2025/01/06 4:20 p.m.•361 views

CVE-2025-21614

CVE-2025-21614: A DoS vulnerability in the Go Git implementation (go-git) affects versions prior to v5.13. The issue allows an attacker to exhaust resources in go-git clients by returning specially crafted responses from a Git server. Mitigation: upgrade from v4 to v5.13 or later. The description...

7.5CVSS7.3AI score0.00696EPSS

CVE•added 2026/05/27 2:54 p.m.•44 views

CVE-2026-45022

CVE-2026-45022 affects the Go Git library, go-git, where prior to v5.19.0 and v6.0.0-alpha.3 it may parse malformed commit/tag objects differently from upstream Git. The decoded representation can expose values differently and the commit signing/verification may operate on reconstructed data rath...

7.5CVSS5.8AI score0.00159EPSS

CVE•added 2026/02/09 10:13 p.m.•29 views

CVE-2026-25934

Summary of CVE-2026-25934 : The go-git library (prior to v5.16.5) did not properly verify data integrity for .pack and .idx files, which could allow consuming corrupted packfiles/indexes and result in errors such as object not found. This vulnerability affects the integrity checks used when fetch...

4.3CVSS5.5AI score0.00136EPSS

CVE•added 2026/05/08 1:43 p.m.•28 views

CVE-2026-41506

go-git is vulnerable to credential leakage during smart-HTTP redirects in clone/fetch operations prior to versions 5.18.0 and 6.0.0-alpha.2. The issue, a cross-host redirect exposure, has been patched in 5.18.0 and 6.0.0-alpha.2. Impact is a potential exposure of HTTP credentials during redirects...

7.4CVSS5.7AI score0.00259EPSS

CVE•added 2026/05/27 2:57 p.m.•28 views

CVE-2026-45571

Summary for CVE-2026-45571 (go-git) : The vulnerability affects the go-git library prior to version 5.19.1 and 6.0.0-alpha.4, where a path validation issue could allow crafted repository data to affect files outside the intended checkout target, including the repository’s .git directory. The root...

5.4CVSS5.8AI score0.00297EPSS

CVE•added 2026/03/31 1:47 p.m.•26 views

CVE-2026-33762

The CVE-2026-33762 vulnerability affects the go-git library prior to v5.17.1, specifically the index decoder for Git index format version 4. The issue is a missing validation of the path name prefix length before applying it to the decoded path, which can cause an out-of-bounds slice operation an...

2.8CVSS5.7AI score0.00153EPSS

CVE•added 2026/05/27 2:59 p.m.•20 views

CVE-2026-45570

Technical details beyond the initial description are not present in the connected documents; monitor for updates.

9.6CVSS5.8AI score0.00365EPSS