org.eclipse.jgit:org.eclipse.jgit

Maven3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting org.eclipse.jgit:org.eclipse.jgitpage 1 of 1

CVE-2014-9390CRITICALCVSS 9.8EG 9.8✓ Fixed in 3.5.3
2020-02-12
vulnerable: 1.2.0.201112221803-r ... 3.5.2.201411120430-r (23 versions)
Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; lib…
CVE-2023-4759HIGHCVSS 8.8EG 8.8✓ Fixed in 5.13.3.202401111512-r
2023-09-12
vulnerable: 1.2.0.201112221803-r ... 5.9.0.202009080501-r (144 versions)
Arbitrary File Overwrite in Eclipse JGit <= 6.6.0 In Eclipse JGit, all versions <= 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when …
CVE-2025-4949MEDIUMCVSS 5.3EG 5.3✓ Fixed in 7.2.1.202505142326-r
2025-05-21
vulnerable: 7.2.0.202503040940-r
In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Ama…

Check whether org.eclipse.jgit:org.eclipse.jgit is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.eclipse.jgit:org.eclipse.jgit CVEs against the assets you own.

Start Free Scan →