Git

This hub aggregates every CVE we track for Git, a product in the ics ot iot space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Git.

• CVE-2026-32631Git for Windows: `git clone` from manipulated repositories can leak NTLM hashes to arbitrary servers7.4Apr 15, 2026
• CVE-2025-66413Git for Windows leaks NTLM hash when cloning from an attacker-controlled server7.4Mar 10, 2026
• CVE-2025-46334Git GUI malicious command injection on Windows8.6Jul 10, 2025
• CVE-2025-48384Git allows arbitrary code execution through broken config quotingKEV8.0Jul 8, 2025
• CVE-2025-48385Git alllows arbitrary file writes via bundle-uri parameter injection8.6Jul 8, 2025
• CVE-2025-48386Git allows a buffer overflow in 'wincred' credential helper6.3Jul 8, 2025
• CVE-2024-52005The sideband payload is passed unfiltered to the terminal in git8.8Jan 15, 2025
• CVE-2024-50349Git does not sanitize URLs when asking for credentials interactively4.7Jan 14, 2025
• CVE-2024-52006Newline confusion in credential helpers can lead to credential exfiltration in git7.5Jan 14, 2025
• CVE-2024-50338Carriage-return character in remote URL allows malicious repository to leak credentials in Git Credential Manager7.4Jan 14, 2025
• CVE-2024-32465Git's protections for cloning untrusted repositories can be bypassed7.3May 14, 2024
• CVE-2024-32021Local Git clone may hardlink arbitrary user-readable files into the new repository's "objects/" directory3.9May 14, 2024
• CVE-2024-32020Cloning local Git repository by untrusted user allows the untrusted user to modify objects in the cloned repository at will3.9May 14, 2024
• CVE-2024-32004Git vulnerable to Remote Code Execution while cloning special-crafted local repositories8.1May 14, 2024
• CVE-2024-32002Git's recursive clones on case-insensitive filesystems that support symlinks are susceptible to Remote Code Execution9.0May 14, 2024