Vulnerabilities > GIT SCM

DATE CVE VULNERABILITY TITLE RISK
2022-04-12 CVE-2022-24765 Uncontrolled Search Path Element vulnerability in multiple products
Git for Windows is a fork of Git containing Windows-specific patches.
local
low complexity
git-scm fedoraproject apple debian CWE-427
7.8
2022-02-11 CVE-2022-24975 Exposure of Resource to Wrong Sphere vulnerability in Git-Scm GIT
The --mirror documentation for Git through 2.35.1 does not mention the availability of deleted content, aka the "GitBleed" issue.
network
git-scm CWE-668
4.3
2021-08-31 CVE-2021-40330 git_connect_git in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in unexpected cross-protocol requests, as demonstrated by the git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 substring.
network
low complexity
git-scm debian
7.5
2021-03-09 CVE-2021-21300 Link Following vulnerability in multiple products
Git is an open-source distributed revision control system.
network
high complexity
git-scm fedoraproject apple debian CWE-59
7.5
2020-04-21 CVE-2020-11008 Insufficiently Protected Credentials vulnerability in multiple products
Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker.
network
low complexity
git-scm debian canonical fedoraproject CWE-522
7.5
2020-04-14 CVE-2020-5260 Insufficiently Protected Credentials vulnerability in multiple products
Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker.
7.5
2020-02-12 CVE-2014-9390 Improper Input Validation vulnerability in multiple products
Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem.
network
low complexity
git-scm mercurial apple eclipse libgit2 CWE-20
7.5
2020-01-24 CVE-2019-1353 An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6.
network
low complexity
git-scm opensuse
critical
9.8
2020-01-24 CVE-2019-1348 An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6.
local
low complexity
git-scm opensuse
3.3
2019-12-18 CVE-2019-1387 Unspecified vulnerability in Git-Scm GIT
An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6.
network
low complexity
git-scm
8.8