Browse all 5 CVE security advisories affecting libgit2. AI-powered Chinese analysis, POCs, and references for each vulnerability.
libgit2 is a portable, pure C implementation of Git designed for programmatic use in applications requiring version control functionality. Historically, vulnerabilities have included remote code execution flaws in protocol parsing, buffer overflows in object handling, and integer overflows in delta processing. The library's CVE record shows exposure to privilege escalation through path traversal and information disclosure via improper input validation. While no major public incidents have been widely documented, the persistent presence of memory corruption vulnerabilities in its codebase underscores the importance of regular updates for applications integrating this dependency.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-24577 | libgit2 is vulnerable to arbitrary code execution due to heap corruption in `git_index_add` — libgit2CWE-122 | 8.6 | High | 2024-02-06 |
| CVE-2024-24575 | libgit2 is vulnerable to a denial of service attack in `git_revparse_single` — libgit2CWE-400 | 7.5 | High | 2024-02-06 |
| CVE-2023-22742 | libgit2 fails to verify SSH keys by default — libgit2CWE-347 | 5.3 | Medium | 2023-01-20 |
| CVE-2018-10887 | libgit2 数字错误漏洞 — libgit2CWE-194 | 8.1 | - | 2018-07-10 |
| CVE-2018-10888 | libgit2 安全漏洞 — libgit2CWE-20 | 6.5 | - | 2018-07-10 |
This page lists every published CVE security advisory associated with libgit2. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.