Gitoxidelabs Gitoxide vulnerabilities

CVE-2026-0810 [HIGH] CWE-135 CVE-2026-0810: A flaw was found in gix-date. The `gix_date::parse::TimeBuf::as_str` function can generate strings c A flaw was found in gix-date. The `gix_date::parse::TimeBuf::as_str` function can generate strings containing invalid non-UTF8 characters. This issue violates the internal safety invariants of the `TimeBuf` component, leading to undefined behavior when these malformed strings are subsequently processed. This could potentially result in application insta

CVE-2025-31130 [MEDIUM] CWE-328 CVE-2025-31130: gitoxide is an implementation of git written in Rust. Before 0.42.0, gitoxide uses SHA-1 hash implem gitoxide is an implementation of git written in Rust. Before 0.42.0, gitoxide uses SHA-1 hash implementations without any collision detection, leaving it vulnerable to hash collision attacks. gitoxide uses the sha1_smol or sha1 crate, both of which implement standard SHA-1 without any mitigations for collision attacks. This means that two distinct G

CVE-2025-22620 [MEDIUM] CWE-281 CVE-2025-22620: gitoxide is an implementation of git written in Rust. Prior to 0.17.0, gix-worktree-state specifies gitoxide is an implementation of git written in Rust. Prior to 0.17.0, gix-worktree-state specifies 0777 permissions when checking out executable files, intending that the umask will restrict them appropriately. But one of the strategies it uses to set permissions is not subject to the umask. This causes files in a repository to be world-writable in