gix-index

crates.io3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting gix-indexpage 1 of 1

CVE-2024-35186HIGHCVSS 8.8EG 8.8✓ Fixed in 0.33.0
2024-05-23
gitoxide is a pure Rust implementation of Git. During checkout, `gix-worktree-state` does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by t…
CVE-2024-35197MEDIUMCVSS 5.4EG 5.4✓ Fixed in 0.33.0
2024-05-23
gitoxide is a pure Rust implementation of Git. On Windows, fetching refs that clash with legacy device names reads from the devices, and checking out paths that clash with such names writes arbitrary data to the devices. This allows a repo…
CVE-2025-31130MEDIUMCVSS 6.8EG 6.8✓ Fixed in 0.39.0
2025-04-04
gitoxide is an implementation of git written in Rust. Before 0.42.0, gitoxide uses SHA-1 hash implementations without any collision detection, leaving it vulnerable to hash collision attacks. gitoxide uses the sha1_smol or sha1 crate, both…

Check whether gix-index is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for gix-index CVEs against the assets you own.

Start Free Scan →