gix-ref

crates.io2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting gix-refpage 1 of 1

CVE-2024-35197MEDIUMCVSS 5.4EG 5.4✓ Fixed in 0.44.0
2024-05-23
gitoxide is a pure Rust implementation of Git. On Windows, fetching refs that clash with legacy device names reads from the devices, and checking out paths that clash with such names writes arbitrary data to the devices. This allows a repo…
CVE-2025-31130MEDIUMCVSS 6.8EG 6.8✓ Fixed in 0.51.0
2025-04-04
gitoxide is an implementation of git written in Rust. Before 0.42.0, gitoxide uses SHA-1 hash implementations without any collision detection, leaving it vulnerable to hash collision attacks. gitoxide uses the sha1_smol or sha1 crate, both…

Check whether gix-ref is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for gix-ref CVEs against the assets you own.

Start Free Scan →