Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

git — Vulnerabilities & Security Advisories 23

Browse all 23 CVE security advisories affecting git. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Git serves as the foundational distributed version control system for software development, enabling collaborative code management across global teams. Despite its robust architecture, the software has historically been susceptible to critical vulnerabilities, including remote code execution, arbitrary file deletion, and privilege escalation attacks. Recent records indicate twenty-three distinct Common Vulnerabilities and Exposures, highlighting persistent risks in parsing logic and credential handling. Notable incidents have involved crafted repositories triggering code execution or exposing sensitive data through symlink attacks. These flaws often stem from complex interactions between the core engine and external tools or user inputs. Security researchers emphasize that while Git itself is stable, improper configuration or outdated versions can expose infrastructure to significant threats. Continuous patching and strict input validation remain essential for maintaining integrity in modern development pipelines, ensuring that the tool’s widespread adoption does not become a vector for systemic compromise.

Top products by git: git
CVE IDTitleCVSSSeverityPublished
CVE-2025-48384 Git allows arbitrary code execution through broken config quoting — gitCWE-436 8.1 High2025-07-08
CVE-2025-48385 Git alllows arbitrary file writes via bundle-uri parameter injection — gitCWE-88 8.8 -2025-07-08
CVE-2025-48386 Git allows a buffer overflow in 'wincred' credential helper — gitCWE-120 6.3 Medium2025-07-08
CVE-2024-52005 The sideband payload is passed unfiltered to the terminal in git — gitCWE-116 8.2 -2025-01-15
CVE-2024-50349 Git does not sanitize URLs when asking for credentials interactively — gitCWE-116 8.8 -2025-01-14
CVE-2024-52006 Newline confusion in credential helpers can lead to credential exfiltration in git — gitCWE-116 8.8 -2025-01-14
CVE-2024-32465 Git's protections for cloning untrusted repositories can be bypassed — gitCWE-22 7.4 High2024-05-14
CVE-2024-32021 Local Git clone may hardlink arbitrary user-readable files into the new repository's "objects/" directory — gitCWE-547 3.9 Low2024-05-14
CVE-2024-32020 Cloning local Git repository by untrusted user allows the untrusted user to modify objects in the cloned repository at will — gitCWE-281 3.9 Low2024-05-14
CVE-2024-32004 Git vulnerable to Remote Code Execution while cloning special-crafted local repositories — gitCWE-114 8.2 High2024-05-14
CVE-2024-32002 Git's recursive clones on case-insensitive filesystems that support symlinks are susceptible to Remote Code Execution — gitCWE-22 9.1 Critical2024-05-14
CVE-2023-29007 Arbitrary configuration injection via `git submodule deinit` — gitCWE-74 7.0 High2023-04-25
CVE-2023-25652 "git apply --reject" partially-controlled arbitrary file write — gitCWE-22 7.5 High2023-04-25
CVE-2023-23946 Git's `git apply` overwriting paths outside the working tree — gitCWE-22 6.2 Medium2023-02-14
CVE-2023-22490 Git vulnerable to local clone-based data exfiltration with non-local transports — gitCWE-59 5.5 Medium2023-02-14
CVE-2022-23521 gitattributes parsing integer overflow in git — gitCWE-190 9.8 Critical2023-01-17
CVE-2022-41903 Integer overflow in `git archive`, `git log --format` leading to RCE in git — gitCWE-190 9.8 Critical2023-01-17
CVE-2022-39260 Git vulnerable to Remote Code Execution via Heap overflow in `git shell` — gitCWE-787 8.5 High2022-10-19
CVE-2022-39253 Git subject to exposure of sensitive information via local clone of symbolic links — gitCWE-200 5.5 Medium2022-10-19
CVE-2022-29187 Bypass of safe.directory protections in Git — gitCWE-282 7.8 High2022-07-12
CVE-2021-21300 malicious repositories can execute remote code while cloning — gitCWE-59 8.0 High2021-03-09
CVE-2020-11008 Malicious URLs can still cause Git to send a stored credential to the wrong server — gitCWE-20 4.0 Medium2020-04-21
CVE-2020-5260 malicious URLs may cause Git to present stored credentials to the wrong server — gitCWE-20 9.3 Critical2020-04-14

This page lists every published CVE security advisory associated with git. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.