GO-2025-3368 — Vulnetix

GO-2025-3368 PUBLISHED

Argument Injection via the URL field in github.com/go-git/go-git

Affected Products

Vendor	Product	Versions
github.com	go-git/go-git/v4	4.0.0, 4.0.0
github.com	go-git/go-git/v5	0, 0
gopkg.in	src-d/go-git.v4	4.0.0, 4.0.0

Timeline

Jan 7, 2025 CVE Published
Apr 20, 2026 CVE Updated

References

https://github.com/go-git/go-git/security/advisories/GHSA-v725-9546-7q7m advisory

Open in Interactive Console →

$ Console Community · 100/wk Open console ›