Gitoxidelabs Gitoxide vulnerabilities
4 known vulnerabilities affecting gitoxidelabs/gitoxide.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2026-44471P3HIGHCVSS 7.8fixed in 0.21.12026-05-13
CVE-2026-44471 [HIGH] CWE-59 CVE-2026-44471: gitoxide is an implementation of git written in Rust. Prior to 0.21.1, a malicious tree can be const
gitoxide is an implementation of git written in Rust. Prior to 0.21.1, a malicious tree can be constructed that will, when checked out with gitoxide, permit writing an attacker-controlled symlink into any existing directory the user has write access to. During checkout, all symlink index entries are deferred and created after regular files using a sing
nvd
CVE-2025-31130P4MEDIUMCVSS 6.8fixed in 0.42.02025-04-04
CVE-2025-31130 [MEDIUM] CWE-328 CVE-2025-31130: gitoxide is an implementation of git written in Rust. Before 0.42.0, gitoxide uses SHA-1 hash implem
gitoxide is an implementation of git written in Rust. Before 0.42.0, gitoxide uses SHA-1 hash implementations without any collision detection, leaving it vulnerable to hash collision attacks. gitoxide uses the sha1_smol or sha1 crate, both of which implement standard SHA-1 without any mitigations for collision attacks. This means that two distinct G
nvd
CVE-2026-0810P4HIGHCVSS 7.1fixed in 0.12.02026-01-26
CVE-2026-0810 [HIGH] CWE-135 CVE-2026-0810: A flaw was found in gix-date. The `gix_date::parse::TimeBuf::as_str` function can generate strings c
A flaw was found in gix-date. The `gix_date::parse::TimeBuf::as_str` function can generate strings containing invalid non-UTF8 characters. This issue violates the internal safety invariants of the `TimeBuf` component, leading to undefined behavior when these malformed strings are subsequently processed. This could potentially result in application insta
nvd
CVE-2025-22620P4MEDIUMCVSS 5.0fixed in 0.17.02025-01-20
CVE-2025-22620 [MEDIUM] CWE-281 CVE-2025-22620: gitoxide is an implementation of git written in Rust. Prior to 0.17.0, gix-worktree-state specifies
gitoxide is an implementation of git written in Rust. Prior to 0.17.0, gix-worktree-state specifies 0777 permissions when checking out executable files, intending that the umask will restrict them appropriately. But one of the strategies it uses to set permissions is not subject to the umask. This causes files in a repository to be world-writable in
nvd