Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

git — Vulnerabilities & Security Advisories 38

All 38 CVE vulnerabilities found in git, with AI-generated Chinese analysis, references, and POCs.

Vendor: Microsoft Corporation

CVE IDTitleCVSSSeverityPaused
CVE-2026-32631 Git for Windows: `git clone` from manipulated repositories can leak NTLM hashes to arbitrary servers CWE-200 7.4 High2026-04-15
CVE-2025-66413 Git for Windows leaks NTLM hash when cloning from an attacker-controlled server CWE-200 7.4 High2026-03-10
CVE-2025-48384 Git allows arbitrary code execution through broken config quoting CWE-436 8.1 High2025-07-08
CVE-2025-48385 Git alllows arbitrary file writes via bundle-uri parameter injection CWE-88 8.8 -2025-07-08
CVE-2025-48386 Git allows a buffer overflow in 'wincred' credential helper CWE-120 6.3 Medium2025-07-08
CVE-2024-52005 The sideband payload is passed unfiltered to the terminal in git CWE-116 8.2 -2025-01-15
CVE-2024-50349 Git does not sanitize URLs when asking for credentials interactively CWE-116 8.8 -2025-01-14
CVE-2024-52006 Newline confusion in credential helpers can lead to credential exfiltration in git CWE-116 8.8 -2025-01-14
CVE-2024-32465 Git's protections for cloning untrusted repositories can be bypassed CWE-22 7.4 High2024-05-14
CVE-2024-32021 Local Git clone may hardlink arbitrary user-readable files into the new repository's "objects/" directory CWE-547 3.9 Low2024-05-14
CVE-2024-32020 Cloning local Git repository by untrusted user allows the untrusted user to modify objects in the cloned repository at will CWE-281 3.9 Low2024-05-14
CVE-2024-32004 Git vulnerable to Remote Code Execution while cloning special-crafted local repositories CWE-114 8.2 High2024-05-14
CVE-2024-32002 Git's recursive clones on case-insensitive filesystems that support symlinks are susceptible to Remote Code Execution CWE-22 9.1 Critical2024-05-14
CVE-2023-29012 Git CMD erroneously executes `doskey.exe` in the current directory, if it exists CWE-427 7.3 High2023-04-25
CVE-2023-29011 Git for Windows's config file of `connect.exe` is susceptible to malicious placing CWE-427 7.6 High2023-04-25
CVE-2023-29007 Arbitrary configuration injection via `git submodule deinit` CWE-74 7.0 High2023-04-25
CVE-2023-25815 Git looks for localized messages in the wrong place CWE-22 3.3 Low2023-04-25
CVE-2023-25652 "git apply --reject" partially-controlled arbitrary file write CWE-22 7.5 High2023-04-25
CVE-2023-22743 Git for Windows' installer is susceptible to DLL side loading attacks CWE-426 7.3 High2023-02-14
CVE-2023-23618 gitk can inadvertently call executables in the worktree CWE-426 8.6 High2023-02-14
CVE-2023-23946 Git's `git apply` overwriting paths outside the working tree CWE-22 6.2 Medium2023-02-14
CVE-2023-22490 Git vulnerable to local clone-based data exfiltration with non-local transports CWE-59 5.5 Medium2023-02-14
CVE-2022-23521 gitattributes parsing integer overflow in git CWE-190 9.8 Critical2023-01-17
CVE-2022-41903 Integer overflow in `git archive`, `git log --format` leading to RCE in git CWE-190 9.8 Critical2023-01-17
CVE-2022-41953 Git clone remote code execution vulnerability in git-for-windows CWE-426 8.6 High2023-01-17
CVE-2022-39260 Git vulnerable to Remote Code Execution via Heap overflow in `git shell` CWE-787 8.5 High2022-10-19
CVE-2022-39253 Git subject to exposure of sensitive information via local clone of symbolic links CWE-200 5.5 Medium2022-10-19
CVE-2022-31012 Git for Windows' installer can be tricked into executing an untrusted binary CWE-426 8.2 High2022-07-12
CVE-2022-29187 Bypass of safe.directory protections in Git CWE-282 7.8 High2022-07-12
CVE-2022-25648 Command Injection 8.1 High2022-04-19

All 38 known CVE vulnerabilities affecting git with full Chinese analysis, references, and POCs where available.