gitoxide

crates.io5 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting gitoxidepage 1 of 1

CVE-2024-32884MEDIUMCVSS 6.4EG 6.4✓ Fixed in 0.35
2024-04-26
gitoxide is a pure Rust implementation of Git. `gix-transport` does not check the username part of a URL for text that the external `ssh` program would interpret as an option. A specially crafted clone URL can smuggle options to SSH. The p…
CVE-2024-35186HIGHCVSS 8.8EG 8.8✓ Fixed in 0.36.0
2024-05-23
gitoxide is a pure Rust implementation of Git. During checkout, `gix-worktree-state` does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by t…
CVE-2024-35197MEDIUMCVSS 5.4EG 5.4✓ Fixed in 0.36.0
2024-05-23
gitoxide is a pure Rust implementation of Git. On Windows, fetching refs that clash with legacy device names reads from the devices, and checking out paths that clash with such names writes arbitrary data to the devices. This allows a repo…
CVE-2024-43785LOWCVSS 2.5EG 2.5
2024-08-22
gitoxide An idiomatic, lean, fast & safe pure Rust implementation of Git. gitoxide-core, which provides most underlying functionality of the gix and ein commands, does not neutralize newlines, backspaces, or control characters—including …
CVE-2025-31130MEDIUMCVSS 6.8EG 6.8✓ Fixed in 0.42.0
2025-04-04
gitoxide is an implementation of git written in Rust. Before 0.42.0, gitoxide uses SHA-1 hash implementations without any collision detection, leaving it vulnerable to hash collision attacks. gitoxide uses the sha1_smol or sha1 crate, both…

Check whether gitoxide is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for gitoxide CVEs against the assets you own.

Start Free Scan →