pkg:Debian/git

All known vulnerabilities

• HIGH8.0CVE-2025-48384⚠ KEVGit allows arbitrary code execution through broken config quoting
  from 0, < 1:2.30.2-1+deb11u5
• CRITICAL9.8CVE-2022-41903Git is distributed revision control system.
  from 0, < 1:2.30.2-1+deb11u1
• CRITICAL9.8git - security update
  from 0, < 1:2.20.1-2+deb10u7
• CRITICAL9.8git - security update
  from 0, < 1:2.30.2-1+deb11u1
• CRITICAL9.8git - security update
  from 0, < 1:2.30.2-1+deb11u1
• CRITICAL9.8mercurial - security update
  from 0, < 1:2.1.4-1
• CRITICAL9.8An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6.
  from 0, < 1:2.24.0-2
• CRITICAL9.8Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain ca…
  from 0, < 1:2.19.2-1
• CRITICAL9.8git - security update
  from 0, < 1:2.1.4-2.1+deb8u7
• CRITICAL9.8git - security update
  from 0, < 1:2.19.1-1
• CRITICAL9.8git - security update
  from 0, < 1:2.11.0-3+deb9u4
• CRITICAL9.8git - security update
  from 0, < 1:2.6.1-1
• CRITICAL9.8git - security update
  from 0, < 1:1.7.10.4-1+wheezy2
• CRITICAL9.8Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, wh…
  from 0, < 1:2.8.0~rc3-1
• CRITICAL9.8git - security update
  from 0, < 1:2.7.0-1
• CRITICAL9.8git - security update
  from 0, < 1:1.7.10.4-1+wheezy3
• CRITICAL9.0Git's recursive clones on case-insensitive filesystems that support symlinks are susceptible to Remote Code Execution
  from 0, < 1:2.30.2-1+deb11u3
• HIGH8.8The sideband payload is passed unfiltered to the terminal in git
  from 0
• HIGH8.8Git is an open source, scalable, distributed revision control system.
  from 0, < 1:2.30.2-1+deb11u1
• HIGH8.8A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code…
  from 0, < 1:2.24.0-2
• HIGH8.8A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code…
  from 0, < 1:2.24.0-2
• HIGH8.8A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code…
  from 0, < 1:2.24.0-2
• HIGH8.8A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code…
  from 0, < 1:2.24.0-2
• HIGH8.8git - security update
  from 0, < 1:2.30.2-1+deb11u3
• HIGH8.8git - security update
  from 0, < 1:2.30.2-1+deb11u3
• HIGH8.8git - security update
  from 0, < 1:2.20.1-2+deb10u9
• HIGH8.8git - security update
  from 0, < 1:2.1.4-2.1+deb8u4
• HIGH8.8git - security update
  from 0, < 1:2.14.1-1
• HIGH8.8git - security update
  from 0, < 1:1.7.10.4-1+wheezy5
• HIGH8.8git - security update
  from 0, < 1:2.14.2-1
• HIGH8.8git - security update
  from 0, < 1:2.1.4-2.1+deb8u5
• HIGH8.8git - security update
  from 0, < 1:1.7.10.4-1+wheezy6
• HIGH8.8git - security update
  from 0, < 1:2.1.4-2.1+deb8u3
• HIGH8.8git - security update
  from 0, < 1:2.11.0-3
• HIGH8.8git - security update
  from 0, < 1:1.7.10.4-1+wheezy4
• HIGH8.8contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to…
  from 0, < 1:2.0.0~rc2-1
• HIGH8.6Gitk is a Tcl/Tk based Git history browser.
  from 0, < 1:2.47.3-0+deb13u1
• HIGH8.5Git GUI allows you to use the Git source control management tools via a GUI.
  from 0, < 1:2.30.2-1+deb11u5
• HIGH7.8Git's protections for cloning untrusted repositories can be bypassed
  from 0, < 1:2.30.2-1+deb11u3
• HIGH7.8Git vulnerable to Remote Code Execution while cloning special-crafted local repositories
  from 0, < 1:2.30.2-1+deb11u3
• HIGH7.8Git is a revision control system.
  from 0, < 1:2.30.2-1+deb11u3
• HIGH7.8Git is a distributed revision control system.
  from 0, < 1:2.30.2-1+deb11u1
• HIGH7.8git - security update
  from 0, < 1:2.20.1-2+deb10u5
• HIGH7.8git - security update
  from 0, < 1:2.30.2-1+deb11u1
• HIGH7.8Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x…
  from 0, < 1:2.24.0-2
• HIGH7.8git - security update
  from 0, < 1:2.17.1-1
• HIGH7.8git - security update
  from 0, < 1:2.1.4-2.1+deb8u6
• HIGH7.5Newline confusion in credential helpers can lead to credential exfiltration in git
  from 0, < 1:2.30.2-1+deb11u4
• HIGH7.5git - security update
  from 0, < 1:2.39.5-0+deb12u1
• HIGH7.5git - security update
  from 0, < 1:2.30.2-1+deb11u3
• HIGH7.5Git, a revision control system, is vulnerable to path traversal prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2…
  from 0, < 1:2.30.2-1+deb11u2
• HIGH7.5The --mirror documentation for Git through 2.35.1 does not mention the availability of deleted content, aka the "GitBleed" issue.
  from 0
• HIGH7.5git_connect_git in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in unexpected c…
  from 0, < 1:2.30.1-1
• HIGH7.5git - security update
  from 0, < 1:2.30.2-1
• HIGH7.5git - security update
  from 0, < 1:2.20.1-2+deb10u4
• HIGH7.5git - security update
  from 0, < 1:2.1.4-2.1+deb8u10
• HIGH7.5git - security update
  from 0, < 1:2.11.0-3+deb9u7
• HIGH7.5git - security update
  from 0, < 1:2.26.2-1
• HIGH7.5git - security update
  from 0, < 1:2.1.4-2.1+deb8u9
• HIGH7.5git - security update
  from 0, < 1:2.26.1-1
• HIGH7.5git - security update
  from 0, < 1:2.11.0-3+deb9u6
• HIGH7.5A tampering vulnerability exists when Git for Visual Studio improperly handles virtual drive paths, aka 'Git for Visual Studio Tampering Vu…
  from 0, < 1:2.24.0-2
• HIGH7.5In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check path…
  from 0, < 1:2.17.1-1
• HIGH7.1Local Git clone may hardlink arbitrary user-readable files into the new repository's "objects/" directory
  from 0, < 1:2.30.2-1+deb11u3
• MEDIUM5.5git - security update
  from 0, < 1:2.20.1-2+deb10u8
• MEDIUM5.5git - security update
  from 0, < 1:2.30.2-1+deb11u2
• MEDIUM5.5git - security update
  from 0, < 1:2.30.2-1+deb11u2
• MEDIUM5.5Git is an open source, scalable, distributed revision control system.
  from 0, < 1:2.30.2-1+deb11u1
• MEDIUM5.5Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service (memory consumption) via a…
  from 0, < 1:2.16.1-1
• MEDIUM5.0GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up t…
  from 0
• MEDIUM4.7git - security update
  from 0, < 1:2.39.5-0+deb12u2
• MEDIUM4.7git - security update
  from 0, < 1:2.30.2-1+deb11u4
• MEDIUM4.7git - security update
  from 0, < 1:2.30.2-1+deb11u4
• LOW3.6git - security update
  from 0, < 1:2.30.2-1+deb11u5
• LOW3.6git - security update
  from 0, < 1:2.30.2-1+deb11u5
• LOW3.3Cloning local Git repository by untrusted user allows the untrusted user to modify objects in the cloned repository at will
  from 0
• LOW3.3git - security update
  from 0, < 1:2.1.4-2.1+deb8u8
• LOW3.3git - security update
  from 0, < 1:2.11.0-3+deb9u5
• LOW3.3git - security update
  from 0, < 1:2.24.0-2
• LOW2.2In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer.
  from 0, < 1:2.30.2-1+deb11u3
• —Git alllows arbitrary file writes via bundle-uri parameter injection
  from 0, < 1:2.39.5-0+deb12u3
• —Cross-site scripting (XSS) vulnerability in Gitweb 1.7.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via t…
  from 0, < 1:1.7.2.3-2.2