Security

Report a vulnerability

SECURITY.md

Security Policy

Reporting a Vulnerability

Please feel free to draft a GitHub advisory, and I will work with you to disclose and or resolve the issue responsibly.

If this doesn't seem like the right approach or there are questions, please feel free to reach out to the email used in Sebastian Thiel's commits.

Thank you.

gix-path improperly resolves configuration path reported by Git
GHSA-m8rp-vv92-46c7 published Sep 6, 2024 by Byron

Moderate
gix-path uses local config across repos when it is the highest scope
GHSA-v26r-4c9c-h3j6 published Aug 31, 2024 by Byron

Low
gitoxide-core does not neutralize special characters for terminals
GHSA-88g2-r9rw-g55h published Aug 22, 2024 by Byron

Low
gix-path can use a fake program files location
GHSA-mgvv-9p9g-3jv4 published Jul 18, 2024 by Byron

Moderate
Refs and paths with reserved Windows device names access the devices
GHSA-49jc-r788-3fc9 published May 22, 2024 by Byron

Moderate
Traversal outside working tree enables arbitrary code execution
GHSA-7w47-3wg8-547c published May 22, 2024 by Byron

High
gix-transport indirect code execution via malicious username
GHSA-98p4-xjmm-8mfh published Apr 13, 2024 by Byron

Moderate

Learn more about advisories related to GitoxideLabs/gitoxide in the GitHub Advisory Database