Skip to main content

Go Git

5 CVEs product

Monthly

CVE-2026-25934 Go MEDIUM PATCH This Month

Corrupted Git pack and index files are not properly validated in go-git versions before 5.16.5, allowing an attacker to supply malicious packfiles that bypass integrity checks and cause go-git to consume corrupted data. This can result in unexpected application errors and denial of service conditions for any system using the vulnerable go-git library to fetch or process Git repositories. The vulnerability requires user interaction to fetch from a malicious or compromised Git source.

Information Disclosure Go Git Red Hat Suse
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-21614 Go HIGH PATCH This Month

go-git is a highly extensible git implementation library written in pure Go. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Go Git Red Hat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-21613 Go CRITICAL PATCH This Week

go-git is a highly extensible git implementation library written in pure Go. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Go Git Red Hat Suse
NVD GitHub
CVSS 4.0
9.2
EPSS
2.9%
CVE-2023-49569 Go CRITICAL PATCH Act Now

A path traversal vulnerability was discovered in go-git versions prior to v5.11. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Path Traversal Go Git
NVD GitHub
CVSS 3.1
9.8
EPSS
4.1%
CVE-2023-49568 Go HIGH PATCH This Week

A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.11. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Go Git
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Corrupted Git pack and index files are not properly validated in go-git versions before 5.16.5, allowing an attacker to supply malicious packfiles that bypass integrity checks and cause go-git to consume corrupted data. This can result in unexpected application errors and denial of service conditions for any system using the vulnerable go-git library to fetch or process Git repositories. The vulnerability requires user interaction to fetch from a malicious or compromised Git source.

Information Disclosure Go Git Red Hat +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Month

go-git is a highly extensible git implementation library written in pure Go. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Go Git Red Hat +1
NVD GitHub
EPSS 3% CVSS 9.2
CRITICAL PATCH This Week

go-git is a highly extensible git implementation library written in pure Go. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Go Git Red Hat +1
NVD GitHub
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

A path traversal vulnerability was discovered in go-git versions prior to v5.11. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Path Traversal Go Git
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.11. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Go Git
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy