gix

crates.io4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting gixpage 1 of 1

CVE-2024-32884MEDIUMCVSS 6.4EG 6.4✓ Fixed in 0.62
2024-04-26
gitoxide is a pure Rust implementation of Git. `gix-transport` does not check the username part of a URL for text that the external `ssh` program would interpret as an option. A specially crafted clone URL can smuggle options to SSH. The p…
CVE-2024-35186HIGHCVSS 8.8EG 8.8✓ Fixed in 0.63.0
2024-05-23
gitoxide is a pure Rust implementation of Git. During checkout, `gix-worktree-state` does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by t…
CVE-2024-35197MEDIUMCVSS 5.4EG 5.4✓ Fixed in 0.63.0
2024-05-23
gitoxide is a pure Rust implementation of Git. On Windows, fetching refs that clash with legacy device names reads from the devices, and checking out paths that clash with such names writes arbitrary data to the devices. This allows a repo…
CVE-2025-31130MEDIUMCVSS 6.8EG 6.8✓ Fixed in 0.71.0
2025-04-04
gitoxide is an implementation of git written in Rust. Before 0.42.0, gitoxide uses SHA-1 hash implementations without any collision detection, leaving it vulnerable to hash collision attacks. gitoxide uses the sha1_smol or sha1 crate, both…

Check whether gix is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for gix CVEs against the assets you own.

Start Free Scan →