All 8 CVE vulnerabilities found in go-git, with AI-generated Chinese analysis, references, and POCs.
Vendor: go-git
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-41506 | go-git Credential leak via cross-host redirect in smart HTTP transport CWE-522 | 4.7 | Medium | 2026-05-08 |
| CVE-2026-33762 | go-git: Missing validation decoding Index v4 files leads to panic CWE-129 | 2.8 | Low | 2026-03-31 |
| CVE-2026-34165 | go-git: Maliciously crafted idx file can cause asymmetric memory consumption CWE-191 | 5.0 | Medium | 2026-03-31 |
| CVE-2026-25934 | go-git improperly verifies data integrity values for .idx and .pack files CWE-354 | 4.3 | Medium | 2026-02-09 |
| CVE-2025-21614 | go-git clients vulnerable to DoS via maliciously crafted Git server replies CWE-400 | 7.5 | High | 2025-01-06 |
| CVE-2025-21613 | go-git has an Argument Injection via the URL field CWE-88 | 9.1 | - | 2025-01-06 |
| CVE-2023-49569 | Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients CWE-22 | 9.8 | Critical | 2024-01-12 |
| CVE-2023-49568 | Maliciously crafted Git server replies can cause DoS on go-git clients CWE-20 | 7.5 | High | 2024-01-12 |
All 8 known CVE vulnerabilities affecting go-git with full Chinese analysis, references, and POCs where available.