- Notifications
You must be signed in to change notification settings - Fork2.5k
Security: libgit2/libgit2
Security
SECURITY.md
This project will always provide security fixes for the latest two releasedversions. E.g. if the latest version is v0.28.x, then we will provide securityfixes for both v0.28.x and v0.27.y, but no earlier versions.
In case you think to have found a security issue with libgit2, please do notopen a public issue. Instead, you can report the issue to the private mailinglistsecurity@libgit2.com. We will acknowledgereceipt of your message in at most three days and try to clarify further steps.
- Arbitrary code execution due to heap corruption in `git_index_add`GHSA-j2v7-4f6v-gpg8 published
Feb 6, 2024 byethomsonHigh - Denial of service attack in `git_revparse_single`GHSA-54mf-x2rh-hq9v published
Feb 6, 2024 byethomsonModerate - libgit2 fails to verify SSH keys by defaultGHSA-8643-3wh5-rmjq published
Jan 20, 2023 byethomsonModerate
Learn more about advisories related tolibgit2/libgit2 in theGitHub Advisory Database