Every CVE whose affected-product data names Git-scm Git, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (41)
CVE-2018-19486 — CVSS 9.8 (critical): Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain…
CVE-2014-9390 — CVSS 9.8 (critical): Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial…
CVE-2016-2315 — CVSS 9.8 (critical): revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long…
CVE-2016-2324 — CVSS 9.8 (critical): Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees…
CVE-2022-41903 — CVSS 9.8 (critical): Git is distributed revision control system. `git log` can display commits in an arbitrary format using its `--format` specifiers. This…
CVE-2018-17456 — CVSS 9.8 (critical): Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows…
CVE-2019-1353 — CVSS 9.8 (critical): An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6…
CVE-2022-23521 — CVSS 9.8 (critical): Git is distributed revision control system. gitattributes are a mechanism to allow defining attributes for paths. These attributes can be…
CVE-2020-5260 — CVSS 9.3 (critical): Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an…
CVE-2019-1387 — CVSS 8.8 (high): An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6…
CVE-2017-14867 — CVSS 8.8 (high): Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to…
CVE-2017-1000117 — CVSS 8.8 (high): A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any…
CVE-2014-9938 — CVSS 8.8 (high): contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to…
CVE-2022-41953 — CVSS 8.6 (high): Git GUI is a convenient graphical tool that comes with Git for Windows. Its target audience is users who are uncomfortable with using Git…
CVE-2022-39260 — CVSS 8.5 (high): Git is an open source, scalable, distributed revision control system. `git shell` is a restricted login shell that can be used to implement…
CVE-2024-32004 — CVSS 8.1 (high): Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can prepare a…
CVE-2021-21300 — CVSS 8.0 (high): Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains…
CVE-2018-11235 — CVSS 7.8 (high): In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can…
CVE-2019-19604 — CVSS 7.8 (high): Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x…
CVE-2022-29187 — CVSS 7.8 (high): Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is…
CVE-2008-5516 — CVSS 7.5 (high): The web interface in git (gitweb) 1.5.x before 1.5.5 allows remote attackers to execute arbitrary commands via shell metacharacters related…
CVE-2010-2542 — CVSS 7.5 (high): Stack-based buffer overflow in the is_git_directory function in setup.c in Git before 1.7.2.1 allows local users to gain privileges via a…
CVE-2018-11233 — CVSS 7.5 (high): In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check…
CVE-2021-40330 — CVSS 7.5 (high): git_connect_git in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in unexpected…
CVE-2022-24975 — CVSS 7.5 (high): The --mirror documentation for Git through 2.35.1 does not mention the availability of deleted content, aka the "GitBleed" issue. This…
CVE-2023-25652 — CVSS 7.5 (high): Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and…
CVE-2024-32465 — CVSS 7.3 (high): Git is a revision control system. The Git project recommends to avoid working in untrusted repositories, and instead to clone it first with…
CVE-2023-29007 — CVSS 7.0 (high): Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and…
CVE-2023-23946 — CVSS 6.2 (medium): Git, a revision control system, is vulnerable to path traversal prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7…
CVE-2022-24765 — CVSS 6.0 (medium): Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines…
CVE-2017-15298 — CVSS 5.5 (medium): Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service (memory consumption) via a…
CVE-2023-22490 — CVSS 5.5 (medium): Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7…
CVE-2022-39253 — CVSS 5.5 (medium): Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5…
CVE-2018-1000021 — CVSS 5.0 (medium): GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up…
CVE-2010-3906 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Gitweb 1.7.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via…
CVE-2013-0308 — CVSS 4.3 (medium): The imap-send command in GIT before 1.8.1.4 does not verify that the server hostname matches a domain name in the subject's Common Name…
CVE-2020-11008 — CVSS 4.0 (medium): Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an…
CVE-2024-32020 — CVSS 3.9 (low): Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, local clones may end up…
CVE-2024-32021 — CVSS 3.9 (low): Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, when cloning a local source…
CVE-2019-1348 — CVSS 3.3 (low): An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The…