Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

Git — Vulnerabilities & Security Advisories 38

All 38 CVE vulnerabilities found in Git, with AI-generated Chinese analysis, references, and POCs.

This page documents security vulnerabilities for the open-source version control system developed by the Git project maintainers, specifically focusing on Common Weakness Enumeration classifications. It aggregates a comprehensive list of reported flaws and associated advisories spanning from the early days of the platform’s public release up to the most recent security disclosures in 2024. By centralizing this data, the resource enables developers and security analysts to track a vendor’s advisory timeline, understand specific weakness classes affecting source code management tools, and examine the historical vulnerability trajectory of the product. The collected information includes details on remote code execution risks, authentication bypasses, and buffer overflow issues that have impacted Git versions over the years. This structured approach allows users to quickly identify critical patches, review remediation steps recommended by the core team, and assess the overall security posture of their deployment environments. The content is strictly factual, providing technical context for each finding without promotional commentary or unnecessary editorializing. Readers can utilize this collection to perform risk assessments, compare similar products, and stay informed about emerging threats relevant to distributed version control infrastructure. The page serves as a reference point for integrating Git into secure development lifecycles by highlighting past incidents and their resolutions.

Vendor: Microsoft Corporation

CVE IDTitleCVSSSeverityPublished
CVE-2026-32631 Git for Windows: `git clone` from manipulated repositories can leak NTLM hashes to arbitrary servers CWE-200 7.4 High2026-04-15
CVE-2025-66413 Git for Windows leaks NTLM hash when cloning from an attacker-controlled server CWE-200 7.4 High2026-03-10
CVE-2025-48384 Git allows arbitrary code execution through broken config quoting CWE-436 8.1 High2025-07-08
CVE-2025-48385 Git alllows arbitrary file writes via bundle-uri parameter injection CWE-88 8.8 -2025-07-08
CVE-2025-48386 Git allows a buffer overflow in 'wincred' credential helper CWE-120 6.3 Medium2025-07-08
CVE-2024-52005 The sideband payload is passed unfiltered to the terminal in git CWE-116 8.2 -2025-01-15
CVE-2024-50349 Git does not sanitize URLs when asking for credentials interactively CWE-116 8.8 -2025-01-14
CVE-2024-52006 Newline confusion in credential helpers can lead to credential exfiltration in git CWE-116 8.8 -2025-01-14
CVE-2024-32465 Git's protections for cloning untrusted repositories can be bypassed CWE-22 7.4 High2024-05-14
CVE-2024-32021 Local Git clone may hardlink arbitrary user-readable files into the new repository's "objects/" directory CWE-547 3.9 Low2024-05-14
CVE-2024-32020 Cloning local Git repository by untrusted user allows the untrusted user to modify objects in the cloned repository at will CWE-281 3.9 Low2024-05-14
CVE-2024-32004 Git vulnerable to Remote Code Execution while cloning special-crafted local repositories CWE-114 8.2 High2024-05-14
CVE-2024-32002 Git's recursive clones on case-insensitive filesystems that support symlinks are susceptible to Remote Code Execution CWE-22 9.1 Critical2024-05-14
CVE-2023-29012 Git CMD erroneously executes `doskey.exe` in the current directory, if it exists CWE-427 7.3 High2023-04-25
CVE-2023-29011 Git for Windows's config file of `connect.exe` is susceptible to malicious placing CWE-427 7.6 High2023-04-25
CVE-2023-29007 Arbitrary configuration injection via `git submodule deinit` CWE-74 7.0 High2023-04-25
CVE-2023-25815 Git looks for localized messages in the wrong place CWE-22 3.3 Low2023-04-25
CVE-2023-25652 "git apply --reject" partially-controlled arbitrary file write CWE-22 7.5 High2023-04-25
CVE-2023-22743 Git for Windows' installer is susceptible to DLL side loading attacks CWE-426 7.3 High2023-02-14
CVE-2023-23618 gitk can inadvertently call executables in the worktree CWE-426 8.6 High2023-02-14
CVE-2023-23946 Git's `git apply` overwriting paths outside the working tree CWE-22 6.2 Medium2023-02-14
CVE-2023-22490 Git vulnerable to local clone-based data exfiltration with non-local transports CWE-59 5.5 Medium2023-02-14
CVE-2022-23521 gitattributes parsing integer overflow in git CWE-190 9.8 Critical2023-01-17
CVE-2022-41903 Integer overflow in `git archive`, `git log --format` leading to RCE in git CWE-190 9.8 Critical2023-01-17
CVE-2022-41953 Git clone remote code execution vulnerability in git-for-windows CWE-426 8.6 High2023-01-17
CVE-2022-39260 Git vulnerable to Remote Code Execution via Heap overflow in `git shell` CWE-787 8.5 High2022-10-19
CVE-2022-39253 Git subject to exposure of sensitive information via local clone of symbolic links CWE-200 5.5 Medium2022-10-19
CVE-2022-31012 Git for Windows' installer can be tricked into executing an untrusted binary CWE-426 8.2 High2022-07-12
CVE-2022-29187 Bypass of safe.directory protections in Git CWE-282 7.8 High2022-07-12
CVE-2022-25648 Command Injection 8.1 High2022-04-19

All 38 known CVE vulnerabilities affecting Git with full Chinese analysis, references, and POCs where available.