pkg:Go/github.com/git-lfs/git-lfs

10 total CVEsCRITICAL2HIGH4

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.8CVE-2022-24826Git LFS can execute a binary from the current directory on Windows
    >= 2.12.1
  • CRITICAL9.8CVE-2020-27955Git LFS can execute a Git binary from the current directory
    from 0, < 2.12.1
  • HIGH8.8CVE-2017-17831Arbitrary command execution in github.com/git-lfs/git-lfs
    from 0, < 2.1.1-0.20170519163204-f913f5f9c7c6
  • HIGH8.8CVE-2017-17831Arbitrary command execution in github.com/git-lfs/git-lfs
    from 0, < 2.1.1-0.20170519163204-f913f5f9c7c6+incompatible
  • HIGH7.2CVE-2021-21237Git LFS can execute a Git binary from the current directory on Windows
    from 0, < 1.5.1-0.20210113180018-fc664697ed2c
  • HIGH7.2CVE-2021-21237Git LFS can execute a Git binary from the current directory on Windows
    from 0, < 2.13.2
  • CVE-2025-26625Git LFS may write to arbitrary files via crafted symlinks
    >= 0.5.2, < 3.7.1
  • CVE-2025-26625Git LFS may write to arbitrary files via crafted symlinks
    >= 0.5.2
  • CVE-2024-53263Git LFS permits exfiltration of credentials via crafted HTTP URLs in github.com/git-lfs/git-lfs
    >= 0.1.0, <= 3.0.0
  • CVE-2024-53263Git LFS permits exfiltration of credentials via crafted HTTP URLs in github.com/git-lfs/git-lfs
    >= 0.1.0
Go/github.com/git-lfs/git-lfs — 10 CVEs · VulnScope