Every CVE whose affected-product data names Git, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (13)
CVE-2020-5260 — CVSS 9.3 (critical): Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an…
CVE-2024-32002 — CVSS 9.0 (critical): Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with…
CVE-2024-52005 — CVSS 8.8 (high): Git is a source code management tool. When cloning from a server (or fetching, or pushing), informational or error messages are transported…
CVE-2022-25648 — CVSS 8.1 (high): The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. When calling the fetch(remote = 'origin'…
CVE-2006-0477 — CVSS 7.5 (high): Buffer overflow in git-checkout-index in GIT before 1.1.5 allows remote attackers to execute arbitrary code via an index file with a long…
CVE-2008-3546 — CVSS 7.5 (high): Stack-based buffer overflow in the (1) diff_addremove and (2) diff_change functions in GIT before 1.5.6.4 might allow local users to…
CVE-2008-5516 — CVSS 7.5 (high): The web interface in git (gitweb) 1.5.x before 1.5.5 allows remote attackers to execute arbitrary commands via shell metacharacters related…
CVE-2008-5517 — CVSS 7.5 (high): The web interface in git (gitweb) 1.5.x before 1.5.6 allows remote attackers to execute arbitrary commands via shell metacharacters related…
CVE-2024-52006 — CVSS 7.5 (high): Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations…
CVE-2009-2108 — CVSS 5.0 (medium): git-daemon in git 1.4.4.5 through 1.6.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a…
CVE-2024-50349 — CVSS 4.7 (medium): Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations…
CVE-2008-5916 — CVSS 4.6 (medium): gitweb/gitweb.perl in gitweb in Git 1.6.x before 1.6.0.6, 1.5.6.x before 1.5.6.6, 1.5.5.x before 1.5.5.6, 1.5.4.x before 1.5.4.7, and other…
CVE-2010-3906 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Gitweb 1.7.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via…