Package impact
Go / github.com/git-lfs/git-lfs
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-17831 | high | 8.8 | 8.8 | 9y ago | GitHub Git LFS before 2.1.1 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, located on a "url =" line in a .lfsconfig file within … | |||
| CVE-2025-26625 | high | — | 8.0 | 6mo ago | Git LFS may write to arbitrary files via crafted symlinks | |||
| CVE-2024-53263 | high | — | 8.0 | 1y ago | Git LFS is a Git extension for versioning large files. When Git LFS requests credentials from Git for a remote host, it passes portions of the host's URL to the `git-credential(1)` command without ch… | |||
| CVE-2021-21237 | high | — | 8.0 | 4y ago | Git LFS is a command line extension for managing large files with Git. On Windows, if Git LFS operates on a malicious repository with a git.bat or git.exe file in the current directory, that program … |