Browse all 4 CVE security advisories affecting git-lfs. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Git-lfs manages large file storage in version control systems, addressing core limitations of traditional Git workflows. Historically, vulnerabilities have included remote code execution through malicious file uploads, cross-site scripting via web interfaces, and privilege escalation in repository access controls. Security characteristics center on file handling integrity and access controls, with notable incidents including CVE-2021-21300 (RCE through path traversal) and CVE-2022-24765 (XSS in web UI). The project maintains a moderate CVE count, reflecting ongoing security considerations in file transfer mechanisms and repository management.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-26625 | Git LFS may write to arbitrary files via crafted symlinks — git-lfsCWE-59 | 8.1AI | HighAI | 2025-10-17 |
| CVE-2024-53263 | Git LFS permits exfiltration of credentials via crafted HTTP URLs — git-lfsCWE-74 | 7.5 | - | 2025-01-14 |
| CVE-2022-24826 | Git LFS can execute a binary from the current directory on Windows — git-lfsCWE-426 | 9.8 | Critical | 2022-04-19 |
| CVE-2021-21237 | Git LFS can execute a Git binary from the current directory on Windows — git-lfsCWE-426 | 7.2 | High | 2021-01-15 |
This page lists every published CVE security advisory associated with git-lfs. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.