Gitoxide

This hub aggregates every CVE we track for Gitoxide, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 12 most recently published vulnerabilities affecting Gitoxide.

• CVE-2026-40034gitoxide - Command Injection via Partial .gitmodules Override in gix-submodule7.8May 26, 2026
• CVE-2026-44471gitoxide: Symlink prefix-reuse allows worktree escape during checkout7.8May 13, 2026
• CVE-2026-0810Gix-date: gix-date: undefined behavior due to invalid string generation7.1Jan 26, 2026
• CVE-2025-31130gitoxide does not detect SHA-1 collision attacks6.8Apr 4, 2025
• CVE-2025-22620gix-worktree-state nonexclusive checkout sets executable files world-writable5.0Jan 20, 2025
• CVE-2024-45405gix-path improperly resolves configuration path reported by Git6.0Sep 6, 2024
• CVE-2024-45305gix-path uses local config across repos when it is the highest scope2.5Sep 2, 2024
• CVE-2024-43785gitoxide-core does not neutralize special characters for terminals2.5Aug 22, 2024
• CVE-2024-40644gitoxide's gix-path can use a fake program files location6.8Jul 18, 2024
• CVE-2024-35197gix refs and paths with reserved Windows device names access the devices5.4May 23, 2024
• CVE-2024-35186gix traversal outside working tree enables arbitrary code execution8.8May 23, 2024
• CVE-2024-32884gix-transport indirect code execution via malicious username6.4Apr 26, 2024