Vulnerabilities > GIT SCM > GIT

DATE	CVE	VULNERABILITY TITLE	RISK
2022-04-12	CVE-2022-24765	Uncontrolled Search Path Element vulnerability in multiple products Git for Windows is a fork of Git containing Windows-specific patches. local low complexity git-scm fedoraproject apple debian CWE-427	7.8
2022-02-11	CVE-2022-24975	Exposure of Resource to Wrong Sphere vulnerability in Git-Scm GIT The --mirror documentation for Git through 2.35.1 does not mention the availability of deleted content, aka the "GitBleed" issue. network low complexity git-scm CWE-668	7.5
2021-08-31	CVE-2021-40330	git_connect_git in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in unexpected cross-protocol requests, as demonstrated by the git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 substring. network low complexity git-scm debian	7.5
2021-03-09	CVE-2021-21300	Link Following vulnerability in multiple products Git is an open-source distributed revision control system. network high complexity git-scm fedoraproject apple debian CWE-59	7.5
2020-04-21	CVE-2020-11008	Insufficiently Protected Credentials vulnerability in multiple products Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. network low complexity git-scm debian canonical fedoraproject CWE-522	7.5
2020-04-14	CVE-2020-5260	Insufficiently Protected Credentials vulnerability in multiple products Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. network low complexity git git-scm debian canonical fedoraproject opensuse CWE-522	7.5
2020-02-12	CVE-2014-9390	Improper Input Validation vulnerability in multiple products Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem. network low complexity git-scm mercurial apple eclipse libgit2 CWE-20	7.5
2020-01-24	CVE-2019-1353	An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. network low complexity git-scm opensuse critical	9.8
2020-01-24	CVE-2019-1348	An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. local low complexity git-scm opensuse	3.3
2019-12-18	CVE-2019-1387	Unspecified vulnerability in Git-Scm GIT An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. network low complexity git-scm	8.8