Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/golang-github-go-git-go-git@5.14.0-1?distro=trixie
Typedeb
Namespacedebian
Namegolang-github-go-git-go-git
Version5.14.0-1
Qualifiers
distro trixie
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.17.0-1
Latest_non_vulnerable_version5.19.1-1
Affected_by_vulnerabilities
0
url VCID-gn1a-zd3y-k3hu
vulnerability_id VCID-gn1a-zd3y-k3hu
summary go-git is an extensible git implementation library written in pure Go. Prior to 5.19.1 and 6.0.0-alpha.4, go-git's SSH transport constructs the remote exec command by wrapping the repository path in single quotes without escaping single quotes embedded inside the path. A repository path containing a single quote can therefore break out of the quoted region in the exec command and be appended as additional shell tokens. This vulnerability is fixed in 5.19.1 and 6.0.0-alpha.4.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-45570
reference_id
reference_type
scores
0
value 0.00016
scoring_system epss
scoring_elements 0.0383
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-45570
1
reference_url https://github.com/go-git/go-git
reference_id
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/go-git/go-git
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-45570
reference_id
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-45570
3
reference_url https://github.com/go-git/go-git/security/advisories/GHSA-m7cr-m3pv-hgrp
reference_id GHSA-m7cr-m3pv-hgrp
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T15:11:53Z/
url https://github.com/go-git/go-git/security/advisories/GHSA-m7cr-m3pv-hgrp
fixed_packages
0
url pkg:deb/debian/golang-github-go-git-go-git@5.19.1-1?distro=trixie
purl pkg:deb/debian/golang-github-go-git-go-git@5.19.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-go-git-go-git@5.19.1-1%3Fdistro=trixie
aliases CVE-2026-45570, GHSA-m7cr-m3pv-hgrp
risk_score 1.1
exploitability 0.5
weighted_severity 2.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gn1a-zd3y-k3hu
1
url VCID-hz4m-zckh-p7f8
vulnerability_id VCID-hz4m-zckh-p7f8
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-41506.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-41506.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-41506
reference_id
reference_type
scores
0
value 0.00082
scoring_system epss
scoring_elements 0.24121
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-41506
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/go-git/go-git
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/go-git/go-git
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-41506
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-41506
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136095
reference_id 1136095
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136095
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2468126
reference_id 2468126
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2468126
7
reference_url https://github.com/go-git/go-git/security/advisories/GHSA-3xc5-wrhm-f963
reference_id GHSA-3xc5-wrhm-f963
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T18:50:31Z/
url https://github.com/go-git/go-git/security/advisories/GHSA-3xc5-wrhm-f963
8
reference_url https://access.redhat.com/errata/RHSA-2026:17669
reference_id RHSA-2026:17669
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:17669
9
reference_url https://github.com/go-git/go-git/releases/tag/v5.18.0
reference_id v5.18.0
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T18:50:31Z/
url https://github.com/go-git/go-git/releases/tag/v5.18.0
10
reference_url https://github.com/go-git/go-git/releases/tag/v6.0.0-alpha.2
reference_id v6.0.0-alpha.2
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-11T18:50:31Z/
url https://github.com/go-git/go-git/releases/tag/v6.0.0-alpha.2
fixed_packages
0
url pkg:deb/debian/golang-github-go-git-go-git@5.19.1-1?distro=trixie
purl pkg:deb/debian/golang-github-go-git-go-git@5.19.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-go-git-go-git@5.19.1-1%3Fdistro=trixie
aliases CVE-2026-41506, GHSA-3xc5-wrhm-f963
risk_score 2.1
exploitability 0.5
weighted_severity 4.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hz4m-zckh-p7f8
2
url VCID-kwgg-vwce-y3dc
vulnerability_id VCID-kwgg-vwce-y3dc
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25934.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25934.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25934
reference_id
reference_type
scores
0
value 8e-05
scoring_system epss
scoring_elements 0.00825
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25934
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/go-git/go-git
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/go-git/go-git
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-25934
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-25934
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127844
reference_id 1127844
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127844
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2438332
reference_id 2438332
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2438332
7
reference_url https://github.com/go-git/go-git/security/advisories/GHSA-37cx-329c-33x3
reference_id GHSA-37cx-329c-33x3
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T21:23:04Z/
url https://github.com/go-git/go-git/security/advisories/GHSA-37cx-329c-33x3
8
reference_url https://usn.ubuntu.com/8088-1/
reference_id USN-8088-1
reference_type
scores
url https://usn.ubuntu.com/8088-1/
9
reference_url https://github.com/go-git/go-git/releases/tag/v5.16.5
reference_id v5.16.5
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T21:23:04Z/
url https://github.com/go-git/go-git/releases/tag/v5.16.5
fixed_packages
0
url pkg:deb/debian/golang-github-go-git-go-git@5.17.0-1?distro=trixie
purl pkg:deb/debian/golang-github-go-git-go-git@5.17.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-go-git-go-git@5.17.0-1%3Fdistro=trixie
1
url pkg:deb/debian/golang-github-go-git-go-git@5.19.1-1?distro=trixie
purl pkg:deb/debian/golang-github-go-git-go-git@5.19.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-go-git-go-git@5.19.1-1%3Fdistro=trixie
aliases CVE-2026-25934, GHSA-37cx-329c-33x3
risk_score 1.9
exploitability 0.5
weighted_severity 3.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kwgg-vwce-y3dc
3
url VCID-mbh9-auce-33gf
vulnerability_id VCID-mbh9-auce-33gf
summary go-git is an extensible git implementation library written in pure Go. From version 5.0.0 to before version 5.17.1, a vulnerability has been identified in which a maliciously crafted .idx file can cause asymmetric memory consumption, potentially exhausting available memory and resulting in a denial-of-service (DoS) condition. Exploitation requires write access to the local repository's .git directory, it order to create or alter existing .idx files. This issue has been patched in version 5.17.1.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34165.json
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34165.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34165
reference_id
reference_type
scores
0
value 6e-05
scoring_system epss
scoring_elements 0.00408
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34165
2
reference_url https://github.com/go-git/go-git
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/go-git/go-git
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34165
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34165
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132584
reference_id 1132584
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132584
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2453379
reference_id 2453379
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2453379
6
reference_url https://github.com/go-git/go-git/security/advisories/GHSA-jhf3-xxhw-2wpp
reference_id GHSA-jhf3-xxhw-2wpp
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T15:09:59Z/
url https://github.com/go-git/go-git/security/advisories/GHSA-jhf3-xxhw-2wpp
7
reference_url https://github.com/go-git/go-git/releases/tag/v5.17.1
reference_id v5.17.1
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T15:09:59Z/
url https://github.com/go-git/go-git/releases/tag/v5.17.1
fixed_packages
0
url pkg:deb/debian/golang-github-go-git-go-git@5.17.1-1?distro=trixie
purl pkg:deb/debian/golang-github-go-git-go-git@5.17.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-go-git-go-git@5.17.1-1%3Fdistro=trixie
1
url pkg:deb/debian/golang-github-go-git-go-git@5.19.1-1?distro=trixie
purl pkg:deb/debian/golang-github-go-git-go-git@5.19.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-go-git-go-git@5.19.1-1%3Fdistro=trixie
aliases CVE-2026-34165, GHSA-jhf3-xxhw-2wpp
risk_score 2.2
exploitability 0.5
weighted_severity 4.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mbh9-auce-33gf
4
url VCID-p4km-wb9b-r3ar
vulnerability_id VCID-p4km-wb9b-r3ar
summary go-git is an extensible git implementation library written in pure Go. Prior to 5.19.1 and 6.0.0-alpha.4, a path validation issue in go-git could allow crafted repository data to affect files outside the intended checkout target, including the repository's .git directory. These validations were introduced in upstream Git years ago, so the vulnerability arose from go-git drifting from those checks. This vulnerability is fixed in 5.19.1 and 6.0.0-alpha.4.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-45571
reference_id
reference_type
scores
0
value 0.00014
scoring_system epss
scoring_elements 0.02511
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-45571
1
reference_url https://github.com/go-git/go-git
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/go-git/go-git
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-45571
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-45571
3
reference_url https://github.com/go-git/go-git/security/advisories/GHSA-crhj-59gh-8x96
reference_id GHSA-crhj-59gh-8x96
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-27T16:03:19Z/
url https://github.com/go-git/go-git/security/advisories/GHSA-crhj-59gh-8x96
fixed_packages
0
url pkg:deb/debian/golang-github-go-git-go-git@5.19.1-1?distro=trixie
purl pkg:deb/debian/golang-github-go-git-go-git@5.19.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-go-git-go-git@5.19.1-1%3Fdistro=trixie
aliases CVE-2026-45571, GHSA-crhj-59gh-8x96
risk_score 2.5
exploitability 0.5
weighted_severity 4.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p4km-wb9b-r3ar
5
url VCID-qcux-1yn7-8ucy
vulnerability_id VCID-qcux-1yn7-8ucy
summary go-git is an extensible git implementation library written in pure Go. Prior to 5.19.0 and 6.0.0-alpha.3, go-git may parse malformed Git objects in a way that differs from upstream Git. When commit or tag objects contain ambiguous or malformed headers, go-git’s decoded representation may expose values differently from how Git itself would interpret or reject the same object. Additionally, go-git’s commit signing and verification logic operates over commit data reconstructed from go-git’s parsed representation rather than the original raw object bytes. As a result, go-git may sign or verify a commit payload that is not byte-for-byte equivalent to the object stored in the repository. This can cause a signature to appear valid for a commit whose displayed or effective metadata differs from the object that was intended to be signed. This vulnerability is fixed in 5.19.0 and 6.0.0-alpha.3.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-45022
reference_id
reference_type
scores
0
value 6e-05
scoring_system epss
scoring_elements 0.00365
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-45022
1
reference_url https://github.com/go-git/go-git
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/go-git/go-git
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-45022
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-45022
3
reference_url https://github.com/go-git/go-git/security/advisories/GHSA-389r-gv7p-r3rp
reference_id GHSA-389r-gv7p-r3rp
reference_type
scores
0
value 7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N
1
value 7.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-27T15:42:45Z/
url https://github.com/go-git/go-git/security/advisories/GHSA-389r-gv7p-r3rp
fixed_packages
0
url pkg:deb/debian/golang-github-go-git-go-git@5.19.1-1?distro=trixie
purl pkg:deb/debian/golang-github-go-git-go-git@5.19.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-go-git-go-git@5.19.1-1%3Fdistro=trixie
aliases CVE-2026-45022, GHSA-389r-gv7p-r3rp
risk_score 3.1
exploitability 0.5
weighted_severity 6.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qcux-1yn7-8ucy
6
url VCID-w6zy-eyzn-k3be
vulnerability_id VCID-w6zy-eyzn-k3be
summary go-git is an extensible git implementation library written in pure Go. Prior to version 5.17.1, go-git’s index decoder for format version 4 fails to validate the path name prefix length before applying it to the previously decoded path name. A maliciously crafted index file can trigger an out-of-bounds slice operation, resulting in a runtime panic during normal index parsing. This issue only affects Git index format version 4. Earlier formats (go-git supports only v2 and v3) are not vulnerable to this issue. This issue has been patched in version 5.17.1.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33762.json
reference_id
reference_type
scores
0
value 2.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33762.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-33762
reference_id
reference_type
scores
0
value 6e-05
scoring_system epss
scoring_elements 0.00422
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-33762
2
reference_url https://github.com/go-git/go-git
reference_id
reference_type
scores
0
value 2.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/go-git/go-git
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-33762
reference_id
reference_type
scores
0
value 2.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-33762
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132584
reference_id 1132584
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132584
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2453382
reference_id 2453382
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2453382
6
reference_url https://github.com/go-git/go-git/security/advisories/GHSA-gm2x-2g9h-ccm8
reference_id GHSA-gm2x-2g9h-ccm8
reference_type
scores
0
value 2.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T18:50:26Z/
url https://github.com/go-git/go-git/security/advisories/GHSA-gm2x-2g9h-ccm8
7
reference_url https://github.com/go-git/go-git/releases/tag/v5.17.1
reference_id v5.17.1
reference_type
scores
0
value 2.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T18:50:26Z/
url https://github.com/go-git/go-git/releases/tag/v5.17.1
fixed_packages
0
url pkg:deb/debian/golang-github-go-git-go-git@5.17.1-1?distro=trixie
purl pkg:deb/debian/golang-github-go-git-go-git@5.17.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-go-git-go-git@5.17.1-1%3Fdistro=trixie
1
url pkg:deb/debian/golang-github-go-git-go-git@5.19.1-1?distro=trixie
purl pkg:deb/debian/golang-github-go-git-go-git@5.19.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-go-git-go-git@5.19.1-1%3Fdistro=trixie
aliases CVE-2026-33762, GHSA-gm2x-2g9h-ccm8
risk_score 1.2
exploitability 0.5
weighted_severity 2.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w6zy-eyzn-k3be
Fixing_vulnerabilities
0
url VCID-2dvh-vfqu-qbe9
vulnerability_id VCID-2dvh-vfqu-qbe9
summary 
A path traversal vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to create and amend files across the filesystem. In the worse case scenario, remote code execution could be achieved.

Applications are only affected if they are using the  ChrootOS https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#ChrootOS , which is the default when using "Plain" versions of Open and Clone funcs (e.g. PlainClone). Applications using  BoundOS https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#BoundOS  or in-memory filesystems are not affected by this issue.
This is a go-git implementation issue and does not affect the upstream git cli.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-49569.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-49569.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-49569
reference_id
reference_type
scores
0
value 0.04027
scoring_system epss
scoring_elements 0.88743
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-49569
2
reference_url https://github.com/go-git/go-git
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/go-git/go-git
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-49569
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-49569
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060701
reference_id 1060701
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060701
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2258143
reference_id 2258143
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2258143
6
reference_url https://github.com/go-git/go-git/security/advisories/GHSA-449p-3h89-pw88
reference_id GHSA-449p-3h89-pw88
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-18T19:36:00Z/
url https://github.com/go-git/go-git/security/advisories/GHSA-449p-3h89-pw88
7
reference_url https://access.redhat.com/errata/RHSA-2023:7197
reference_id RHSA-2023:7197
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7197
8
reference_url https://access.redhat.com/errata/RHSA-2023:7198
reference_id RHSA-2023:7198
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7198
9
reference_url https://access.redhat.com/errata/RHSA-2024:0040
reference_id RHSA-2024:0040
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0040
10
reference_url https://access.redhat.com/errata/RHSA-2024:0041
reference_id RHSA-2024:0041
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0041
11
reference_url https://access.redhat.com/errata/RHSA-2024:0298
reference_id RHSA-2024:0298
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0298
12
reference_url https://access.redhat.com/errata/RHSA-2024:0641
reference_id RHSA-2024:0641
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0641
13
reference_url https://access.redhat.com/errata/RHSA-2024:0642
reference_id RHSA-2024:0642
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0642
14
reference_url https://access.redhat.com/errata/RHSA-2024:0692
reference_id RHSA-2024:0692
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0692
15
reference_url https://access.redhat.com/errata/RHSA-2024:0735
reference_id RHSA-2024:0735
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0735
16
reference_url https://access.redhat.com/errata/RHSA-2024:0740
reference_id RHSA-2024:0740
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0740
17
reference_url https://access.redhat.com/errata/RHSA-2024:0741
reference_id RHSA-2024:0741
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0741
18
reference_url https://access.redhat.com/errata/RHSA-2024:0832
reference_id RHSA-2024:0832
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0832
19
reference_url https://access.redhat.com/errata/RHSA-2024:0833
reference_id RHSA-2024:0833
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0833
20
reference_url https://access.redhat.com/errata/RHSA-2024:0843
reference_id RHSA-2024:0843
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0843
21
reference_url https://access.redhat.com/errata/RHSA-2024:0845
reference_id RHSA-2024:0845
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0845
22
reference_url https://access.redhat.com/errata/RHSA-2024:0880
reference_id RHSA-2024:0880
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0880
23
reference_url https://access.redhat.com/errata/RHSA-2024:0989
reference_id RHSA-2024:0989
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0989
24
reference_url https://access.redhat.com/errata/RHSA-2024:1052
reference_id RHSA-2024:1052
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1052
25
reference_url https://access.redhat.com/errata/RHSA-2024:1549
reference_id RHSA-2024:1549
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1549
26
reference_url https://access.redhat.com/errata/RHSA-2024:1557
reference_id RHSA-2024:1557
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1557
27
reference_url https://access.redhat.com/errata/RHSA-2024:1891
reference_id RHSA-2024:1891
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1891
28
reference_url https://access.redhat.com/errata/RHSA-2024:1896
reference_id RHSA-2024:1896
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1896
29
reference_url https://access.redhat.com/errata/RHSA-2024:2047
reference_id RHSA-2024:2047
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2047
30
reference_url https://access.redhat.com/errata/RHSA-2024:2633
reference_id RHSA-2024:2633
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2633
31
reference_url https://access.redhat.com/errata/RHSA-2024:3925
reference_id RHSA-2024:3925
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3925
32
reference_url https://access.redhat.com/errata/RHSA-2024:4118
reference_id RHSA-2024:4118
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4118
33
reference_url https://access.redhat.com/errata/RHSA-2024:5013
reference_id RHSA-2024:5013
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5013
34
reference_url https://access.redhat.com/errata/RHSA-2024:6221
reference_id RHSA-2024:6221
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6221
35
reference_url https://access.redhat.com/errata/RHSA-2024:8425
reference_id RHSA-2024:8425
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8425
36
reference_url https://usn.ubuntu.com/8088-1/
reference_id USN-8088-1
reference_type
scores
url https://usn.ubuntu.com/8088-1/
fixed_packages
0
url pkg:deb/debian/golang-github-go-git-go-git@5.11.0-1?distro=trixie
purl pkg:deb/debian/golang-github-go-git-go-git@5.11.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-go-git-go-git@5.11.0-1%3Fdistro=trixie
1
url pkg:deb/debian/golang-github-go-git-go-git@5.14.0-1?distro=trixie
purl pkg:deb/debian/golang-github-go-git-go-git@5.14.0-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gn1a-zd3y-k3hu
1
vulnerability VCID-hz4m-zckh-p7f8
2
vulnerability VCID-kwgg-vwce-y3dc
3
vulnerability VCID-mbh9-auce-33gf
4
vulnerability VCID-p4km-wb9b-r3ar
5
vulnerability VCID-qcux-1yn7-8ucy
6
vulnerability VCID-w6zy-eyzn-k3be
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-go-git-go-git@5.14.0-1%3Fdistro=trixie
2
url pkg:deb/debian/golang-github-go-git-go-git@5.19.1-1?distro=trixie
purl pkg:deb/debian/golang-github-go-git-go-git@5.19.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-go-git-go-git@5.19.1-1%3Fdistro=trixie
aliases CVE-2023-49569, GHSA-449p-3h89-pw88
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2dvh-vfqu-qbe9
1
url VCID-2v1x-gbb2-yucs
vulnerability_id VCID-2v1x-gbb2-yucs
summary go-git is a highly extensible git implementation library written in pure Go. A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.13. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Users running versions of go-git from v4 and above are recommended to upgrade to v5.13 in order to mitigate this vulnerability.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-21614.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-21614.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-21614
reference_id
reference_type
scores
0
value 0.00222
scoring_system epss
scoring_elements 0.44962
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-21614
2
reference_url https://github.com/go-git/go-git
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/go-git/go-git
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-21614
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-21614
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1092679
reference_id 1092679
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1092679
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2335901
reference_id 2335901
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2335901
6
reference_url https://github.com/go-git/go-git/security/advisories/GHSA-r9px-m959-cxf4
reference_id GHSA-r9px-m959-cxf4
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-06T16:34:38Z/
url https://github.com/go-git/go-git/security/advisories/GHSA-r9px-m959-cxf4
7
reference_url https://access.redhat.com/errata/RHSA-2024:6122
reference_id RHSA-2024:6122
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6122
8
reference_url https://access.redhat.com/errata/RHSA-2025:0401
reference_id RHSA-2025:0401
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0401
9
reference_url https://access.redhat.com/errata/RHSA-2025:0444
reference_id RHSA-2025:0444
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0444
10
reference_url https://access.redhat.com/errata/RHSA-2025:0445
reference_id RHSA-2025:0445
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0445
11
reference_url https://access.redhat.com/errata/RHSA-2025:0654
reference_id RHSA-2025:0654
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0654
12
reference_url https://access.redhat.com/errata/RHSA-2025:0662
reference_id RHSA-2025:0662
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0662
13
reference_url https://access.redhat.com/errata/RHSA-2025:0907
reference_id RHSA-2025:0907
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0907
14
reference_url https://access.redhat.com/errata/RHSA-2025:1119
reference_id RHSA-2025:1119
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1119
15
reference_url https://access.redhat.com/errata/RHSA-2025:1334
reference_id RHSA-2025:1334
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1334
16
reference_url https://access.redhat.com/errata/RHSA-2025:1468
reference_id RHSA-2025:1468
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1468
17
reference_url https://access.redhat.com/errata/RHSA-2025:1704
reference_id RHSA-2025:1704
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1704
18
reference_url https://access.redhat.com/errata/RHSA-2025:1869
reference_id RHSA-2025:1869
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1869
19
reference_url https://access.redhat.com/errata/RHSA-2025:1870
reference_id RHSA-2025:1870
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1870
20
reference_url https://access.redhat.com/errata/RHSA-2025:1888
reference_id RHSA-2025:1888
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1888
21
reference_url https://access.redhat.com/errata/RHSA-2025:3069
reference_id RHSA-2025:3069
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3069
22
reference_url https://usn.ubuntu.com/8088-1/
reference_id USN-8088-1
reference_type
scores
url https://usn.ubuntu.com/8088-1/
fixed_packages
0
url pkg:deb/debian/golang-github-go-git-go-git@5.13.2-1?distro=trixie
purl pkg:deb/debian/golang-github-go-git-go-git@5.13.2-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-go-git-go-git@5.13.2-1%3Fdistro=trixie
1
url pkg:deb/debian/golang-github-go-git-go-git@5.14.0-1?distro=trixie
purl pkg:deb/debian/golang-github-go-git-go-git@5.14.0-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gn1a-zd3y-k3hu
1
vulnerability VCID-hz4m-zckh-p7f8
2
vulnerability VCID-kwgg-vwce-y3dc
3
vulnerability VCID-mbh9-auce-33gf
4
vulnerability VCID-p4km-wb9b-r3ar
5
vulnerability VCID-qcux-1yn7-8ucy
6
vulnerability VCID-w6zy-eyzn-k3be
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-go-git-go-git@5.14.0-1%3Fdistro=trixie
2
url pkg:deb/debian/golang-github-go-git-go-git@5.19.1-1?distro=trixie
purl pkg:deb/debian/golang-github-go-git-go-git@5.19.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-go-git-go-git@5.19.1-1%3Fdistro=trixie
aliases CVE-2025-21614, GHSA-r9px-m959-cxf4
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2v1x-gbb2-yucs
2
url VCID-53cp-dtce-9fas
vulnerability_id VCID-53cp-dtce-9fas
summary 
A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients.

Applications using only the in-memory filesystem supported by go-git are not affected by this vulnerability.
This is a go-git implementation issue and does not affect the upstream git cli.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-49568.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-49568.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-49568
reference_id
reference_type
scores
0
value 0.00112
scoring_system epss
scoring_elements 0.29382
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-49568
2
reference_url https://github.com/go-git/go-git
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/go-git/go-git
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-49568
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-49568
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060701
reference_id 1060701
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060701
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2258165
reference_id 2258165
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2258165
6
reference_url https://github.com/go-git/go-git/security/advisories/GHSA-mw99-9chc-xw7r
reference_id GHSA-mw99-9chc-xw7r
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-12T18:15:52Z/
url https://github.com/go-git/go-git/security/advisories/GHSA-mw99-9chc-xw7r
7
reference_url https://access.redhat.com/errata/RHSA-2024:0298
reference_id RHSA-2024:0298
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0298
8
reference_url https://access.redhat.com/errata/RHSA-2024:0641
reference_id RHSA-2024:0641
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0641
9
reference_url https://access.redhat.com/errata/RHSA-2024:0642
reference_id RHSA-2024:0642
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0642
10
reference_url https://access.redhat.com/errata/RHSA-2024:0691
reference_id RHSA-2024:0691
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0691
11
reference_url https://access.redhat.com/errata/RHSA-2024:0692
reference_id RHSA-2024:0692
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0692
12
reference_url https://access.redhat.com/errata/RHSA-2024:0735
reference_id RHSA-2024:0735
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0735
13
reference_url https://access.redhat.com/errata/RHSA-2024:0740
reference_id RHSA-2024:0740
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0740
14
reference_url https://access.redhat.com/errata/RHSA-2024:0741
reference_id RHSA-2024:0741
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0741
15
reference_url https://access.redhat.com/errata/RHSA-2024:0832
reference_id RHSA-2024:0832
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0832
16
reference_url https://access.redhat.com/errata/RHSA-2024:0833
reference_id RHSA-2024:0833
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0833
17
reference_url https://access.redhat.com/errata/RHSA-2024:0843
reference_id RHSA-2024:0843
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0843
18
reference_url https://access.redhat.com/errata/RHSA-2024:0845
reference_id RHSA-2024:0845
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0845
19
reference_url https://access.redhat.com/errata/RHSA-2024:0880
reference_id RHSA-2024:0880
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0880
20
reference_url https://access.redhat.com/errata/RHSA-2024:0989
reference_id RHSA-2024:0989
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0989
21
reference_url https://access.redhat.com/errata/RHSA-2024:1052
reference_id RHSA-2024:1052
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1052
22
reference_url https://access.redhat.com/errata/RHSA-2024:1557
reference_id RHSA-2024:1557
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1557
23
reference_url https://access.redhat.com/errata/RHSA-2024:1570
reference_id RHSA-2024:1570
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1570
24
reference_url https://access.redhat.com/errata/RHSA-2024:1887
reference_id RHSA-2024:1887
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1887
25
reference_url https://access.redhat.com/errata/RHSA-2024:1891
reference_id RHSA-2024:1891
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1891
26
reference_url https://access.redhat.com/errata/RHSA-2024:1896
reference_id RHSA-2024:1896
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1896
27
reference_url https://access.redhat.com/errata/RHSA-2024:2047
reference_id RHSA-2024:2047
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2047
28
reference_url https://access.redhat.com/errata/RHSA-2024:3889
reference_id RHSA-2024:3889
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3889
29
reference_url https://access.redhat.com/errata/RHSA-2024:3925
reference_id RHSA-2024:3925
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3925
30
reference_url https://access.redhat.com/errata/RHSA-2024:4010
reference_id RHSA-2024:4010
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4010
31
reference_url https://usn.ubuntu.com/8088-1/
reference_id USN-8088-1
reference_type
scores
url https://usn.ubuntu.com/8088-1/
fixed_packages
0
url pkg:deb/debian/golang-github-go-git-go-git@5.11.0-1?distro=trixie
purl pkg:deb/debian/golang-github-go-git-go-git@5.11.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-go-git-go-git@5.11.0-1%3Fdistro=trixie
1
url pkg:deb/debian/golang-github-go-git-go-git@5.14.0-1?distro=trixie
purl pkg:deb/debian/golang-github-go-git-go-git@5.14.0-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gn1a-zd3y-k3hu
1
vulnerability VCID-hz4m-zckh-p7f8
2
vulnerability VCID-kwgg-vwce-y3dc
3
vulnerability VCID-mbh9-auce-33gf
4
vulnerability VCID-p4km-wb9b-r3ar
5
vulnerability VCID-qcux-1yn7-8ucy
6
vulnerability VCID-w6zy-eyzn-k3be
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-go-git-go-git@5.14.0-1%3Fdistro=trixie
2
url pkg:deb/debian/golang-github-go-git-go-git@5.19.1-1?distro=trixie
purl pkg:deb/debian/golang-github-go-git-go-git@5.19.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-go-git-go-git@5.19.1-1%3Fdistro=trixie
aliases CVE-2023-49568, GHSA-mw99-9chc-xw7r
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-53cp-dtce-9fas
3
url VCID-maq7-8qrw-tqe1
vulnerability_id VCID-maq7-8qrw-tqe1
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-21613.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-21613.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-21613
reference_id
reference_type
scores
0
value 0.03834
scoring_system epss
scoring_elements 0.88421
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-21613
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/go-git/go-git
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Clear
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/go-git/go-git
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-21613
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Clear
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-21613
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1092678
reference_id 1092678
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1092678
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2335888
reference_id 2335888
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2335888
7
reference_url https://github.com/go-git/go-git/security/advisories/GHSA-v725-9546-7q7m
reference_id GHSA-v725-9546-7q7m
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/U:Clear
2
value 9.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Clear
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-06T16:38:34Z/
url https://github.com/go-git/go-git/security/advisories/GHSA-v725-9546-7q7m
8
reference_url https://access.redhat.com/errata/RHSA-2024:6122
reference_id RHSA-2024:6122
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6122
9
reference_url https://access.redhat.com/errata/RHSA-2025:0401
reference_id RHSA-2025:0401
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0401
10
reference_url https://access.redhat.com/errata/RHSA-2025:0444
reference_id RHSA-2025:0444
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0444
11
reference_url https://access.redhat.com/errata/RHSA-2025:0445
reference_id RHSA-2025:0445
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0445
12
reference_url https://access.redhat.com/errata/RHSA-2025:0654
reference_id RHSA-2025:0654
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0654
13
reference_url https://access.redhat.com/errata/RHSA-2025:0662
reference_id RHSA-2025:0662
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0662
14
reference_url https://access.redhat.com/errata/RHSA-2025:0715
reference_id RHSA-2025:0715
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0715
15
reference_url https://access.redhat.com/errata/RHSA-2025:0754
reference_id RHSA-2025:0754
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0754
16
reference_url https://access.redhat.com/errata/RHSA-2025:0907
reference_id RHSA-2025:0907
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0907
17
reference_url https://access.redhat.com/errata/RHSA-2025:1119
reference_id RHSA-2025:1119
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1119
18
reference_url https://access.redhat.com/errata/RHSA-2025:11396
reference_id RHSA-2025:11396
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:11396
19
reference_url https://access.redhat.com/errata/RHSA-2025:1334
reference_id RHSA-2025:1334
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1334
20
reference_url https://access.redhat.com/errata/RHSA-2025:1468
reference_id RHSA-2025:1468
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1468
21
reference_url https://access.redhat.com/errata/RHSA-2025:1704
reference_id RHSA-2025:1704
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1704
22
reference_url https://access.redhat.com/errata/RHSA-2025:1869
reference_id RHSA-2025:1869
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1869
23
reference_url https://access.redhat.com/errata/RHSA-2025:1870
reference_id RHSA-2025:1870
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1870
24
reference_url https://access.redhat.com/errata/RHSA-2025:1888
reference_id RHSA-2025:1888
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1888
25
reference_url https://access.redhat.com/errata/RHSA-2025:3069
reference_id RHSA-2025:3069
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3069
26
reference_url https://usn.ubuntu.com/8088-1/
reference_id USN-8088-1
reference_type
scores
url https://usn.ubuntu.com/8088-1/
fixed_packages
0
url pkg:deb/debian/golang-github-go-git-go-git@5.13.2-1?distro=trixie
purl pkg:deb/debian/golang-github-go-git-go-git@5.13.2-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-go-git-go-git@5.13.2-1%3Fdistro=trixie
1
url pkg:deb/debian/golang-github-go-git-go-git@5.14.0-1?distro=trixie
purl pkg:deb/debian/golang-github-go-git-go-git@5.14.0-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gn1a-zd3y-k3hu
1
vulnerability VCID-hz4m-zckh-p7f8
2
vulnerability VCID-kwgg-vwce-y3dc
3
vulnerability VCID-mbh9-auce-33gf
4
vulnerability VCID-p4km-wb9b-r3ar
5
vulnerability VCID-qcux-1yn7-8ucy
6
vulnerability VCID-w6zy-eyzn-k3be
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-go-git-go-git@5.14.0-1%3Fdistro=trixie
2
url pkg:deb/debian/golang-github-go-git-go-git@5.19.1-1?distro=trixie
purl pkg:deb/debian/golang-github-go-git-go-git@5.19.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-go-git-go-git@5.19.1-1%3Fdistro=trixie
aliases CVE-2025-21613, GHSA-v725-9546-7q7m
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-maq7-8qrw-tqe1
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-go-git-go-git@5.14.0-1%3Fdistro=trixie