Skip to main content

Git

47 CVEs product

Monthly

CVE-2025-48384 HIGH KEV PATCH THREAT Act Now

Git contains a CRLF injection vulnerability (CVE-2025-48384, CVSS 8.0) in its config handling that allows attackers to escape header lines and modify config values. KEV-listed, this vulnerability in the world's most widely used version control system enables config injection attacks that could lead to arbitrary code execution through Git hooks, credential theft, or repository manipulation.

Information Disclosure Ubuntu Debian Git Debian Linux +3
NVD GitHub
CVSS 3.1
8.0
EPSS
0.5%
CVE-2024-52005 HIGH PATCH This Month

Git is a source code management tool. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Git Red Hat Suse
NVD GitHub
CVSS 4.0
7.5
EPSS
0.4%
CVE-2024-52006 LOW PATCH Monitor

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Node.js Git Debian Linux
NVD GitHub
CVSS 4.0
2.1
EPSS
1.3%
CVE-2024-50349 LOW PATCH Monitor

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Git Debian Linux
NVD GitHub
CVSS 4.0
2.1
EPSS
1.2%
CVE-2023-29007 HIGH PATCH This Week

Git is a revision control system. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Git Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
6.1%
CVE-2023-25652 HIGH PATCH This Week

Git is a revision control system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Git Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
52.2%
CVE-2023-23946 HIGH PATCH This Week

Git, a revision control system, is vulnerable to path traversal prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Path Traversal Git
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-22490 MEDIUM PATCH This Month

Git is a revision control system. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Git
NVD GitHub
CVSS 3.1
5.5
EPSS
0.7%
CVE-2022-39260 HIGH This Week

Git is an open source, scalable, distributed revision control system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Heap Overflow Buffer Overflow Git Fedora +2
NVD GitHub
CVSS 3.1
8.8
EPSS
2.9%
CVE-2022-39253 MEDIUM This Month

Git is an open source, scalable, distributed revision control system. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Git Fedora Xcode Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.3%
CVE-2022-38663 Maven MEDIUM PATCH This Month

Jenkins Git Plugin 4.11.4 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log provided by the Git Username and Password (`gitUsernamePassword`) credentials. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Git
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-36884 Maven MEDIUM PATCH This Month

The webhook endpoint in Jenkins Git Plugin 4.11.3 and earlier provide unauthenticated attackers information about the existence of jobs configured to use an attacker-specified Git repository. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Git
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2022-36883 Maven HIGH POC PATCH This Week

A missing permission check in Jenkins Git Plugin 4.11.3 and earlier allows unauthenticated attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Git
NVD
CVSS 3.1
7.5
EPSS
5.6%
CVE-2022-36882 Maven HIGH PATCH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins Git Plugin 4.11.3 and earlier allows attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Git
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-31012 HIGH This Week

Git for Windows is a fork of Git that contains Windows-specific patches. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Git
NVD GitHub
CVSS 3.1
7.3
EPSS
0.4%
CVE-2022-29187 HIGH This Week

Git is a distributed revision control system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Git Fedora Xcode +1
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-30947 Maven HIGH PATCH This Week

Jenkins Git Plugin 4.11.1 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Git
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-25648 Ruby CRITICAL POC PATCH Act Now

The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Git Extra Packages For Enterprise Linux Fedora Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
4.9%
CVE-2022-24765 HIGH This Week

Git for Windows is a fork of Git containing Windows-specific patches. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Git Fedora Xcode +1
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2021-34599 HIGH This Week

Affected versions of CODESYS Git in Versions prior to V1.1.0.0 lack certificate validation in HTTPS handshakes. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Git
NVD
CVSS 3.1
7.4
EPSS
0.5%
CVE-2021-21684 Maven MEDIUM PATCH This Month

Jenkins Git Plugin 4.8.2 and earlier does not escape the Git SHA-1 checksum parameters provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Jenkins Git
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2021-40330 HIGH POC PATCH This Week

git_connect_git in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in unexpected cross-protocol requests, as demonstrated by the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Git Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
3.1%
CVE-2021-29468 HIGH PATCH This Week

Cygwin Git is a patch set for the git command line tool for the cygwin environment. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Git
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-21300 HIGH POC PATCH THREAT Act Now

Git is an open-source distributed revision control system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Apple Microsoft Information Disclosure Git Fedora +2
NVD GitHub
CVSS 3.1
7.5
EPSS
88.6%
CVE-2020-11008 HIGH PATCH This Week

Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Git Ubuntu Linux Debian Linux +1
NVD GitHub
CVSS 3.1
7.5
EPSS
3.9%
CVE-2020-5260 HIGH PATCH This Week

Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Git Ubuntu Linux Debian Linux Fedora +1
NVD GitHub
CVSS 3.1
7.5
EPSS
10.0%
CVE-2020-2136 Maven MEDIUM PATCH This Month

Jenkins Git Plugin 4.2.0 and earlier does not escape the error message for the repository URL for Microsoft TFS field form validation, resulting in a stored cross-site scripting vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Microsoft Jenkins Git
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2019-1387 HIGH This Week

An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Git
NVD
CVSS 3.1
8.8
EPSS
4.4%
CVE-2019-19604 HIGH POC This Week

Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Git Debian Linux Fedora Leap
NVD
CVSS 3.1
7.8
EPSS
3.7%
CVE-2019-1003010 Maven MEDIUM PATCH This Month

A cross-site request forgery vulnerability exists in Jenkins Git Plugin 3.9.1 and earlier in src/main/java/hudson/plugins/git/GitTagAction.java that allows attackers to create a Git tag in a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Jenkins CSRF Git Openshift Container Platform
NVD
CVSS 3.0
4.3
EPSS
1.1%
CVE-2018-19486 CRITICAL PATCH Act Now

Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Git Ubuntu Linux
NVD
CVSS 3.0
9.8
EPSS
4.1%
CVE-2018-17456 CRITICAL POC PATCH THREAT Act Now

Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Git Ansible Tower Enterprise Linux Enterprise Linux Desktop +7
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
97.4%
CVE-2018-1000182 Maven MEDIUM PATCH This Month

A server-side request forgery vulnerability exists in Jenkins Git Plugin 3.9.0 and older in AssemblaWeb.java, GitBlitRepositoryBrowser.java, Gitiles.java, TFS2013GitRepositoryBrowser.java,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins SSRF Git
NVD
CVSS 3.0
6.4
EPSS
0.8%
CVE-2018-11235 HIGH POC PATCH THREAT This Week

In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Path Traversal Debian Linux Ubuntu Linux Enterprise Linux +5
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
49.2%
CVE-2018-11233 HIGH This Week

In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Ubuntu Linux Git
NVD
CVSS 3.0
7.5
EPSS
4.3%
CVE-2018-1000110 Maven MEDIUM PATCH This Month

An improper authorization vulnerability exists in Jenkins Git Plugin version 3.7.0 and earlier in GitStatus.java that allows an attacker with network access to obtain a list of nodes and users. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Authentication Bypass Jenkins Git
NVD
CVSS 3.0
5.3
EPSS
4.0%
CVE-2018-1000021 MEDIUM This Month

GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Git
NVD
CVSS 3.1
5.0
EPSS
1.1%
CVE-2017-15298 MEDIUM POC This Month

Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service (memory consumption) via a crafted repository, aka a Git bomb. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Git Ubuntu Linux
NVD GitHub
CVSS 3.0
5.5
EPSS
0.4%
CVE-2017-1000117 HIGH POC THREAT Act Now

A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 76.4%.

Open Redirect Git
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
76.4%
Threat
5.6
CVE-2017-1000092 Maven HIGH PATCH This Week

Git Plugin connects to a user-specified Git repository as part of form validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Jenkins Git
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2017-14867 HIGH This Week

Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Git Debian Linux
NVD
CVSS 3.0
8.8
EPSS
6.5%
CVE-2014-9938 HIGH POC PATCH This Week

contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Git
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2015-7545 CRITICAL PATCH Act Now

The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 34.7%.

RCE Git Software Collections Ubuntu Linux Opensuse
NVD GitHub
CVSS 3.0
9.8
EPSS
34.7%
CVE-2016-2324 CRITICAL PATCH Act Now

Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 22.1%.

RCE Buffer Overflow Linux Enterprise Debuginfo Openstack Cloud Leap +5
NVD GitHub
CVSS 3.1
9.8
EPSS
22.1%
CVE-2016-2315 CRITICAL PATCH Act Now

revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 17.7%.

RCE Buffer Overflow Linux Enterprise Debuginfo Openstack Cloud Leap +5
NVD GitHub
CVSS 3.1
9.8
EPSS
17.7%
CVE-2015-7082 CRITICAL Act Now

Multiple unspecified vulnerabilities in Git before 2.5.4, as used in Apple Xcode before 7.2, have unknown impact and attack vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure Git
NVD GitHub
CVSS 2.0
10.0
EPSS
0.6%
CVE-2013-0308 MEDIUM This Month

The imap-send command in GIT before 1.8.1.4 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Git
NVD GitHub
CVSS 2.0
4.3
EPSS
1.0%
EPSS 0% CVSS 8.0
HIGH KEV PATCH THREAT Act Now

Git contains a CRLF injection vulnerability (CVE-2025-48384, CVSS 8.0) in its config handling that allows attackers to escape header lines and modify config values. KEV-listed, this vulnerability in the world's most widely used version control system enables config injection attacks that could lead to arbitrary code execution through Git hooks, credential theft, or repository manipulation.

Information Disclosure Ubuntu Debian +5
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Month

Git is a source code management tool. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Git Red Hat +1
NVD GitHub
EPSS 1% CVSS 2.1
LOW PATCH Monitor

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Node.js +2
NVD GitHub
EPSS 1% CVSS 2.1
LOW PATCH Monitor

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Git Debian Linux
NVD GitHub
EPSS 6% CVSS 7.8
HIGH PATCH This Week

Git is a revision control system. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Git Fedora
NVD GitHub
EPSS 52% CVSS 7.5
HIGH PATCH This Week

Git is a revision control system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Git Fedora
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Git, a revision control system, is vulnerable to path traversal prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Path Traversal Git
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

Git is a revision control system. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Git
NVD GitHub
EPSS 3% CVSS 8.8
HIGH This Week

Git is an open source, scalable, distributed revision control system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Heap Overflow Buffer Overflow +4
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM This Month

Git is an open source, scalable, distributed revision control system. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Git Fedora +2
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Jenkins Git Plugin 4.11.4 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log provided by the Git Username and Password (`gitUsernamePassword`) credentials. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jenkins Git
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

The webhook endpoint in Jenkins Git Plugin 4.11.3 and earlier provide unauthenticated attackers information about the existence of jobs configured to use an attacker-specified Git repository. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Git
NVD
EPSS 6% CVSS 7.5
HIGH POC PATCH This Week

A missing permission check in Jenkins Git Plugin 4.11.3 and earlier allows unauthenticated attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Git
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins Git Plugin 4.11.3 and earlier allows attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Git
NVD
EPSS 0% CVSS 7.3
HIGH This Week

Git for Windows is a fork of Git that contains Windows-specific patches. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Git
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Git is a distributed revision control system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Git +3
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Jenkins Git Plugin 4.11.1 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Git
NVD
EPSS 5% CVSS 9.8
CRITICAL POC PATCH Act Now

The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Git Extra Packages For Enterprise Linux +2
NVD GitHub
EPSS 1% CVSS 7.8
HIGH This Week

Git for Windows is a fork of Git containing Windows-specific patches. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Git +3
NVD GitHub
EPSS 0% CVSS 7.4
HIGH This Week

Affected versions of CODESYS Git in Versions prior to V1.1.0.0 lack certificate validation in HTTPS handshakes. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Git
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Jenkins Git Plugin 4.8.2 and earlier does not escape the Git SHA-1 checksum parameters provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Jenkins Git
NVD
EPSS 3% CVSS 7.5
HIGH POC PATCH This Week

git_connect_git in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in unexpected cross-protocol requests, as demonstrated by the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Git Debian Linux
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Cygwin Git is a patch set for the git command line tool for the cygwin environment. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Git
NVD GitHub
EPSS 89% CVSS 7.5
HIGH POC PATCH THREAT Act Now

Git is an open-source distributed revision control system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Apple Microsoft Information Disclosure +4
NVD GitHub
EPSS 4% CVSS 7.5
HIGH PATCH This Week

Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Git +3
NVD GitHub
EPSS 10% CVSS 7.5
HIGH PATCH This Week

Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Git Ubuntu Linux +3
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Jenkins Git Plugin 4.2.0 and earlier does not escape the error message for the repository URL for Microsoft TFS field form validation, resulting in a stored cross-site scripting vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Microsoft Jenkins +1
NVD
EPSS 4% CVSS 8.8
HIGH This Week

An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Git
NVD
EPSS 4% CVSS 7.8
HIGH POC This Week

Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Git Debian Linux +2
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

A cross-site request forgery vulnerability exists in Jenkins Git Plugin 3.9.1 and earlier in src/main/java/hudson/plugins/git/GitTagAction.java that allows attackers to create a Git tag in a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Jenkins CSRF +2
NVD
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Git Ubuntu Linux
NVD
EPSS 97% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Git Ansible Tower +9
NVD GitHub Exploit-DB
EPSS 1% CVSS 6.4
MEDIUM PATCH This Month

A server-side request forgery vulnerability exists in Jenkins Git Plugin 3.9.0 and older in AssemblaWeb.java, GitBlitRepositoryBrowser.java, Gitiles.java, TFS2013GitRepositoryBrowser.java,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins SSRF +1
NVD
EPSS 49% CVSS 7.8
HIGH POC PATCH THREAT This Week

In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Path Traversal Debian Linux +7
NVD Exploit-DB
EPSS 4% CVSS 7.5
HIGH This Week

In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Ubuntu Linux +1
NVD
EPSS 4% CVSS 5.3
MEDIUM PATCH This Month

An improper authorization vulnerability exists in Jenkins Git Plugin version 3.7.0 and earlier in GitStatus.java that allows an attacker with network access to obtain a list of nodes and users. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Authentication Bypass Jenkins +1
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Git
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service (memory consumption) via a crafted repository, aka a Git bomb. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Git Ubuntu Linux
NVD GitHub
EPSS 76% 5.6 CVSS 8.8
HIGH POC THREAT Act Now

A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 76.4%.

Open Redirect Git
NVD Exploit-DB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Git Plugin connects to a user-specified Git repository as part of form validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Jenkins Git
NVD
EPSS 7% CVSS 8.8
HIGH This Week

Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Git Debian Linux
NVD
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Git
NVD GitHub
EPSS 35% CVSS 9.8
CRITICAL PATCH Act Now

The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 34.7%.

RCE Git Software Collections +2
NVD GitHub
EPSS 22% CVSS 9.8
CRITICAL PATCH Act Now

Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 22.1%.

RCE Buffer Overflow Linux Enterprise Debuginfo +7
NVD GitHub
EPSS 18% CVSS 9.8
CRITICAL PATCH Act Now

revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 17.7%.

RCE Buffer Overflow Linux Enterprise Debuginfo +7
NVD GitHub
EPSS 1% CVSS 10.0
CRITICAL Act Now

Multiple unspecified vulnerabilities in Git before 2.5.4, as used in Apple Xcode before 7.2, have unknown impact and attack vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure Git
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM This Month

The imap-send command in GIT before 1.8.1.4 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Git
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy