pkg:Debian/git

82 total CVEsCRITICAL16HIGH48MEDIUM9LOW7

✅ Check your installed version

All known vulnerabilities

  • HIGH8.0CVE-2025-48384⚠ KEVGit allows arbitrary code execution through broken config quoting
    from 0, < 1:2.30.2-1+deb11u5
  • CRITICAL9.8CVE-2022-41903Git is distributed revision control system.
    from 0, < 1:2.30.2-1+deb11u1
  • CRITICAL9.8CVE-2022-23521git - security update
    from 0, < 1:2.20.1-2+deb10u7
  • CRITICAL9.8CVE-2022-23521git - security update
    from 0, < 1:2.30.2-1+deb11u1
  • CRITICAL9.8CVE-2022-23521git - security update
    from 0, < 1:2.30.2-1+deb11u1
  • CRITICAL9.8CVE-2014-9390mercurial - security update
    from 0, < 1:2.1.4-1
  • CRITICAL9.8CVE-2019-1353An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6.
    from 0, < 1:2.24.0-2
  • CRITICAL9.8CVE-2018-19486Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain ca…
    from 0, < 1:2.19.2-1
  • CRITICAL9.8CVE-2018-17456git - security update
    from 0, < 1:2.1.4-2.1+deb8u7
  • CRITICAL9.8CVE-2018-17456git - security update
    from 0, < 1:2.19.1-1
  • CRITICAL9.8CVE-2018-17456git - security update
    from 0, < 1:2.11.0-3+deb9u4
  • CRITICAL9.8CVE-2015-7545git - security update
    from 0, < 1:2.6.1-1
  • CRITICAL9.8CVE-2015-7545git - security update
    from 0, < 1:1.7.10.4-1+wheezy2
  • CRITICAL9.8CVE-2016-2324Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, wh…
    from 0, < 1:2.8.0~rc3-1
  • CRITICAL9.8CVE-2016-2315git - security update
    from 0, < 1:2.7.0-1
  • CRITICAL9.8CVE-2016-2315git - security update
    from 0, < 1:1.7.10.4-1+wheezy3
  • CRITICAL9.0CVE-2024-32002Git's recursive clones on case-insensitive filesystems that support symlinks are susceptible to Remote Code Execution
    from 0, < 1:2.30.2-1+deb11u3
  • HIGH8.8CVE-2024-52005The sideband payload is passed unfiltered to the terminal in git
    from 0
  • HIGH8.8CVE-2022-39260Git is an open source, scalable, distributed revision control system.
    from 0, < 1:2.30.2-1+deb11u1
  • HIGH8.8CVE-2019-1354A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code…
    from 0, < 1:2.24.0-2
  • HIGH8.8CVE-2019-1352A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code…
    from 0, < 1:2.24.0-2
  • HIGH8.8CVE-2019-1350A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code…
    from 0, < 1:2.24.0-2
  • HIGH8.8CVE-2019-1349A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code…
    from 0, < 1:2.24.0-2
  • HIGH8.8CVE-2019-1387git - security update
    from 0, < 1:2.30.2-1+deb11u3
  • HIGH8.8CVE-2019-1387git - security update
    from 0, < 1:2.30.2-1+deb11u3
  • HIGH8.8CVE-2019-1387git - security update
    from 0, < 1:2.20.1-2+deb10u9
  • HIGH8.8CVE-2017-1000117git - security update
    from 0, < 1:2.1.4-2.1+deb8u4
  • HIGH8.8CVE-2017-1000117git - security update
    from 0, < 1:2.14.1-1
  • HIGH8.8CVE-2017-1000117git - security update
    from 0, < 1:1.7.10.4-1+wheezy5
  • HIGH8.8CVE-2017-14867git - security update
    from 0, < 1:2.14.2-1
  • HIGH8.8CVE-2017-14867git - security update
    from 0, < 1:2.1.4-2.1+deb8u5
  • HIGH8.8CVE-2017-14867git - security update
    from 0, < 1:1.7.10.4-1+wheezy6
  • HIGH8.8CVE-2017-8386git - security update
    from 0, < 1:2.1.4-2.1+deb8u3
  • HIGH8.8CVE-2017-8386git - security update
    from 0, < 1:2.11.0-3
  • HIGH8.8CVE-2017-8386git - security update
    from 0, < 1:1.7.10.4-1+wheezy4
  • HIGH8.8CVE-2014-9938contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to…
    from 0, < 1:2.0.0~rc2-1
  • HIGH8.6CVE-2025-27614Gitk is a Tcl/Tk based Git history browser.
    from 0, < 1:2.47.3-0+deb13u1
  • HIGH8.5CVE-2025-46835Git GUI allows you to use the Git source control management tools via a GUI.
    from 0, < 1:2.30.2-1+deb11u5
  • HIGH7.8CVE-2024-32465Git's protections for cloning untrusted repositories can be bypassed
    from 0, < 1:2.30.2-1+deb11u3
  • HIGH7.8CVE-2024-32004Git vulnerable to Remote Code Execution while cloning special-crafted local repositories
    from 0, < 1:2.30.2-1+deb11u3
  • HIGH7.8CVE-2023-29007Git is a revision control system.
    from 0, < 1:2.30.2-1+deb11u3
  • HIGH7.8CVE-2022-29187Git is a distributed revision control system.
    from 0, < 1:2.30.2-1+deb11u1
  • HIGH7.8CVE-2022-24765git - security update
    from 0, < 1:2.20.1-2+deb10u5
  • HIGH7.8CVE-2022-24765git - security update
    from 0, < 1:2.30.2-1+deb11u1
  • HIGH7.8CVE-2019-19604Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x…
    from 0, < 1:2.24.0-2
  • HIGH7.8CVE-2018-11235git - security update
    from 0, < 1:2.17.1-1
  • HIGH7.8CVE-2018-11235git - security update
    from 0, < 1:2.1.4-2.1+deb8u6
  • HIGH7.5CVE-2024-52006Newline confusion in credential helpers can lead to credential exfiltration in git
    from 0, < 1:2.30.2-1+deb11u4
  • HIGH7.5CVE-2023-25652git - security update
    from 0, < 1:2.39.5-0+deb12u1
  • HIGH7.5CVE-2023-25652git - security update
    from 0, < 1:2.30.2-1+deb11u3
  • HIGH7.5CVE-2023-23946Git, a revision control system, is vulnerable to path traversal prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2…
    from 0, < 1:2.30.2-1+deb11u2
  • HIGH7.5CVE-2022-24975The --mirror documentation for Git through 2.35.1 does not mention the availability of deleted content, aka the "GitBleed" issue.
    from 0
  • HIGH7.5CVE-2021-40330git_connect_git in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in unexpected c…
    from 0, < 1:2.30.1-1
  • HIGH7.5CVE-2021-21300git - security update
    from 0, < 1:2.30.2-1
  • HIGH7.5CVE-2021-21300git - security update
    from 0, < 1:2.20.1-2+deb10u4
  • HIGH7.5CVE-2020-11008git - security update
    from 0, < 1:2.1.4-2.1+deb8u10
  • HIGH7.5CVE-2020-11008git - security update
    from 0, < 1:2.11.0-3+deb9u7
  • HIGH7.5CVE-2020-11008git - security update
    from 0, < 1:2.26.2-1
  • HIGH7.5CVE-2020-5260malicious URLs may cause Git to present stored credentials to the wrong server
    from 0, < 1:2.1.4-2.1+deb8u9
  • HIGH7.5CVE-2020-5260malicious URLs may cause Git to present stored credentials to the wrong server
    from 0, < 1:2.26.1-1
  • HIGH7.5CVE-2020-5260malicious URLs may cause Git to present stored credentials to the wrong server
    from 0, < 1:2.11.0-3+deb9u6
  • HIGH7.5CVE-2019-1351A tampering vulnerability exists when Git for Visual Studio improperly handles virtual drive paths, aka 'Git for Visual Studio Tampering Vu…
    from 0, < 1:2.24.0-2
  • HIGH7.5CVE-2018-11233In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check path…
    from 0, < 1:2.17.1-1
  • HIGH7.1CVE-2024-32021Local Git clone may hardlink arbitrary user-readable files into the new repository's "objects/" directory
    from 0, < 1:2.30.2-1+deb11u3
  • MEDIUM5.5CVE-2023-22490git - security update
    from 0, < 1:2.20.1-2+deb10u8
  • MEDIUM5.5CVE-2023-22490git - security update
    from 0, < 1:2.30.2-1+deb11u2
  • MEDIUM5.5CVE-2023-22490git - security update
    from 0, < 1:2.30.2-1+deb11u2
  • MEDIUM5.5CVE-2022-39253Git is an open source, scalable, distributed revision control system.
    from 0, < 1:2.30.2-1+deb11u1
  • MEDIUM5.5CVE-2017-15298Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service (memory consumption) via a…
    from 0, < 1:2.16.1-1
  • MEDIUM5.0CVE-2018-1000021GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up t…
    from 0
  • MEDIUM4.7CVE-2024-50349Git does not sanitize URLs when asking for credentials interactively
    from 0, < 1:2.39.5-0+deb12u2
  • MEDIUM4.7CVE-2024-50349Git does not sanitize URLs when asking for credentials interactively
    from 0, < 1:2.30.2-1+deb11u4
  • MEDIUM4.7CVE-2024-50349Git does not sanitize URLs when asking for credentials interactively
    from 0, < 1:2.30.2-1+deb11u4
  • LOW3.6CVE-2025-27613git - security update
    from 0, < 1:2.30.2-1+deb11u5
  • LOW3.6CVE-2025-27613git - security update
    from 0, < 1:2.30.2-1+deb11u5
  • LOW3.3CVE-2024-32020Cloning local Git repository by untrusted user allows the untrusted user to modify objects in the cloned repository at will
    from 0
  • LOW3.3CVE-2019-1348git - security update
    from 0, < 1:2.1.4-2.1+deb8u8
  • LOW3.3CVE-2019-1348git - security update
    from 0, < 1:2.11.0-3+deb9u5
  • LOW3.3CVE-2019-1348git - security update
    from 0, < 1:2.24.0-2
  • LOW2.2CVE-2023-25815In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer.
    from 0, < 1:2.30.2-1+deb11u3
  • CVE-2025-48385Git alllows arbitrary file writes via bundle-uri parameter injection
    from 0, < 1:2.39.5-0+deb12u3
  • CVE-2010-3906Cross-site scripting (XSS) vulnerability in Gitweb 1.7.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via t…
    from 0, < 1:1.7.2.3-2.2