-
Notifications
You must be signed in to change notification settings - Fork 26.4k
Security: git/git
Security Navigation
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
Newline confusion in credential helpers can lead to credential exfiltrationGHSA-r5ph-xg7q-xfrp published
Jan 14, 2025 by dschoLow -
The sideband payload is passed unfiltered to the terminalGHSA-7jjc-gg6m-3329 published
Jan 15, 2025 by dschoHigh -
Git does not neutralize control sequences in account names when asking for credentials interactivelyGHSA-hmg8-h7qf-7cxr published
Jan 14, 2025 by dschoLow -
Protections for cloning untrusted repositories can be bypassedGHSA-vm9j-46j9-qvq4 published
May 14, 2024 by dschoHigh -
Cloning local repository by untrusted user allows the untrusted user to modify objects in the cloned repository at willGHSA-5rfh-556j-fhgj published
May 14, 2024 by dschoLow -
Local clone may hardlink arbitrary user-readable files into the new repository's "objects/" directoryGHSA-mvxm-9j2h-qjx7 published
May 14, 2024 by dschoLow -
Remote Code Execution while cloning special-crafted local repositoriesGHSA-xfc6-vwr8-r389 published
May 14, 2024 by dschoHigh -
Recursive clones on case-insensitive filesystems that support symlinks are susceptible to Remote Code ExecutionGHSA-8h77-4q3w-gfgv published
May 14, 2024 by dschoCritical -
Arbitrary configuration injection via `git submodule deinit`GHSA-v48j-4xgg-4844 published
Apr 25, 2023 by ttaylorrHigh -
"git apply --reject" partially-controlled arbitrary file writeGHSA-2hvf-7c8p-28fx published
Apr 25, 2023 by ttaylorrModerate