CVE-2025-66413

<= 2.53.0

Git for Windows is the Windows port of Git. Prior to 2.53.0(2), it is possible to obtain a user's NTLM hash by tricking them into

7.4HIGH

CVE-2025-48384

< 2.43.7

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level oper

8.0HIGH

CVE-2024-52005

<= 2.40.4

Git is a source code management tool. When cloning from a server (or fetching, or pushing), informational or error messages are tr

8.8HIGH

CVE-2024-52006

< 2.40.4

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level oper

7.5HIGH

CVE-2024-50349

< 2.40.4

Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level oper

4.7MEDIUM

CVE-2024-32465

< 2.39.4

Git is a revision control system. The Git project recommends to avoid working in untrusted repositories, and instead to clone it f

7.3HIGH

CVE-2024-32021

< 2.39.4

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, when cloning a loc

3.9LOW

CVE-2024-32020

< 2.39.4

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, local clones may e

3.9LOW

CVE-2024-32004

< 2.39.4

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can pr

8.1HIGH

CVE-2024-32002

< 2.39.4

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with

9.0CRITICAL

CVE-2023-29007

< 2.30.9

Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3

7.0HIGH

CVE-2023-25652

< 2.30.9

Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3

7.5HIGH

CVE-2023-23946

< 2.30.8

Git, a revision control system, is vulnerable to path traversal prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7,

6.2MEDIUM

CVE-2023-22490

< 2.30.8

Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35

5.5MEDIUM

CVE-2022-41903

<= 2.30.6

Git is distributed revision control system. git log can display commits in an arbitrary format using its --format specifiers.

9.8CRITICAL

CVE-2022-23521

<= 2.30.6

Git is distributed revision control system. gitattributes are a mechanism to allow defining attributes for paths. These attributes

9.8CRITICAL

CVE-2022-41953

< 2.39.1

Git GUI is a convenient graphical tool that comes with Git for Windows. Its target audience is users who are uncomfortable with us

8.6HIGH

CVE-2022-39260

< 2.30.6

Git is an open source, scalable, distributed revision control system. git shell is a restricted login shell that can be used to

8.5HIGH

CVE-2022-39253

< 2.30.6

Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.

5.5MEDIUM

CVE-2022-38663

<= 4.11.4

Jenkins Git Plugin 4.11.4 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log provided

6.5MEDIUM

CVE-2022-36884

<= 4.11.3

The webhook endpoint in Jenkins Git Plugin 4.11.3 and earlier provide unauthenticated attackers information about the existence of

5.3MEDIUM

CVE-2022-36883

<= 4.11.3

A missing permission check in Jenkins Git Plugin 4.11.3 and earlier allows unauthenticated attackers to trigger builds of jobs con

7.5HIGH

CVE-2022-36882

<= 4.11.3

A cross-site request forgery (CSRF) vulnerability in Jenkins Git Plugin 4.11.3 and earlier allows attackers to trigger builds of j

8.8HIGH

CVE-2022-31012

< 2.37.1

Git for Windows is a fork of Git that contains Windows-specific patches. This vulnerability in versions prior to 2.37.1 lets Git f

8.2HIGH

CVE-2022-29187

>= 2.30.3 and < 2.30.5

Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.

7.8HIGH

CVE-2022-30947

< 4.11.2

Jenkins Git Plugin 4.11.1 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on th

7.5HIGH

CVE-2022-25648

< 1.11.0

The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. When calling the fetch(remote = 'ori

8.1HIGH

CVE-2022-24765

< 2.35.2

Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machi

6.0MEDIUM

CVE-2021-23632

<= 0.1.5

All versions of package git are vulnerable to Remote Code Execution (RCE) due to missing sanitization in the Git.git method, which

6.6MEDIUM

CVE-2022-24975

<= 2.35.1

The --mirror documentation for Git through 2.35.1 does not mention the availability of deleted content, aka the "GitBleed" issue.

7.5HIGH

CVE-2021-46101

<= 2.34.1

In Git for windows through 2.34.1 when using git pull to update the local warehouse, git.cmd can be run directly.

7.5HIGH

CVE-2021-34599

< 1.1.0.0

Affected versions of CODESYS Git in Versions prior to V1.1.0.0 lack certificate validation in HTTPS handshakes. CODESYS Git does n

7.4HIGH

CVE-2021-21684

<= 4.8.2

Jenkins Git Plugin 4.8.2 and earlier does not escape the Git SHA-1 checksum parameters provided to commit notifications when displ

6.1MEDIUM

CVE-2021-40330

< 2.30.1

git_connect_git in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in une

7.5HIGH

CVE-2021-29468

<= 2.31.1-1

Cygwin Git is a patch set for the git command line tool for the cygwin environment. A specially crafted repository that contains s

8.8HIGH

CVE-2021-21300

<= 2.14.2

Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contain

8.0HIGH

CVE-2020-11008

< 2.17.5

Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by

4.0MEDIUM

CVE-2020-5260

>= 2.18.0 and < 2.18.3

Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by

9.3CRITICAL

CVE-2020-2136

<= 4.2.0

Jenkins Git Plugin 4.2.0 and earlier does not escape the error message for the repository URL for Microsoft TFS field form validat

5.4MEDIUM

CVE-2014-9390

< 1.8.5.6

Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercur

9.8CRITICAL

CVE-2019-1353

>= 2.14.0 and < 2.14.6

An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.

9.8CRITICAL

CVE-2019-1348

>= 2.14.0 and < 2.14.6

An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.

3.3LOW

CVE-2019-1387

>= 2.14.0 and < 2.14.6

An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.

8.8HIGH

CVE-2019-19604

< 2.20.0

Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, an

7.8HIGH

CVE-2019-1003010

<= 3.9.1

A cross-site request forgery vulnerability exists in Jenkins Git Plugin 3.9.1 and earlier in src/main/java/hudson/plugins/git/GitT

4.3MEDIUM

CVE-2018-19486

< 2.19.2

Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in c

9.8CRITICAL

CVE-2018-17456

>= 2.14.0 and < 2.14.5

Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.

9.8CRITICAL

CVE-2018-1000182

<= 3.9.0

A server-side request forgery vulnerability exists in Jenkins Git Plugin 3.9.0 and older in AssemblaWeb.java, GitBlitRepositoryBro

6.4MEDIUM

CVE-2018-11235

<= 2.13.6

In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code exec

7.8HIGH

CVE-2018-11233

<= 2.13.6

In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-c

7.5HIGH

CVE-2018-1000110

<= 3.7.0

An improper authorization vulnerability exists in Jenkins Git Plugin version 3.7.0 and earlier in GitStatus.java that allows an at

5.3MEDIUM

CVE-2018-1000021

<= 2.15.1

GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including mes

5.0MEDIUM

CVE-2017-15298

<= 2.14.2

Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service (memory consumpti

5.5MEDIUM

CVE-2017-1000117

<= 2.7.5

A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result i

8.8HIGH

CVE-2017-1000092

all versions

Git Plugin connects to a user-specified Git repository as part of form validation. An attacker with no direct access to Jenkins bu

7.5HIGH

CVE-2017-14867

<= 2.10.4

Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scr

8.8HIGH

CVE-2017-8386

all versions

git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4

8.8HIGH

CVE-2014-9938

< 1.9.3

contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repo

8.8HIGH

CVE-2015-7545

<= 2.3.9

The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.

9.8CRITICAL

CVE-2016-2324

<= 2.7.3

Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested

9.8CRITICAL

CVE-2016-2315

all versions

revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a

9.8CRITICAL

CVE-2015-7082

<= 2.5.3

Multiple unspecified vulnerabilities in Git before 2.5.4, as used in Apple Xcode before 7.2, have unknown impact and attack vector

CVE-2013-0308

<= 1.8.1.3

The imap-send command in GIT before 1.8.1.4 does not verify that the server hostname matches a domain name in the subject's Common

CVE-2010-3906

<= 1.7.3.3

Cross-site scripting (XSS) vulnerability in Gitweb 1.7.3.3 and earlier allows remote attackers to inject arbitrary web script or H

CVE-2010-2542

< 1.7.2.1

Stack-based buffer overflow in the is_git_directory function in setup.c in Git before 1.7.2.1 allows local users to gain privilege

CVE-2009-2108

all versions

git-daemon in git 1.4.4.5 through 1.6.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) v

CVE-2008-5916

all versions

gitweb/gitweb.perl in gitweb in Git 1.6.x before 1.6.0.6, 1.5.6.x before 1.5.6.6, 1.5.5.x before 1.5.5.6, 1.5.4.x before 1.5.4.7,

CVE-2008-5516

all versions

The web interface in git (gitweb) 1.5.x before 1.5.5 allows remote attackers to execute arbitrary commands via shell metacharacter

CVE-2008-5517

all versions

The web interface in git (gitweb) 1.5.x before 1.5.6 allows remote attackers to execute arbitrary commands via shell metacharacter

CVE-2008-3546

all versions

Stack-based buffer overflow in the (1) diff_addremove and (2) diff_change functions in GIT before 1.5.6.4 might allow local users

CVE-2006-0477

all versions

Buffer overflow in git-checkout-index in GIT before 1.1.5 allows remote attackers to execute arbitrary code via an index file with