github.com/git-lfs/git-lfs (Go) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Go package github.com/git-lfs/git-lfs, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVE-2022-24826 — CVSS 9.8 (critical): On Windows, if Git LFS operates on a malicious repository with a `..exe` file as well as a file named `git.exe`, and `git.exe` is not found…
CVE-2017-17831 — CVSS 8.8 (high): GitHub Git LFS before 2.1.1 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the…
CVE-2025-26625: Git LFS is a Git extension for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git repository's working…
CVE-2024-53263: Git LFS is a Git extension for versioning large files. When Git LFS requests credentials from Git for a remote host, it passes portions of…
CVE-2021-21237 — CVSS 7.2 (high): Git LFS is a command line extension for managing large files with Git. On Windows, if Git LFS operates on a malicious repository with a…