[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2025-21613":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":39,"aliases":40,"duplicate_of":9,"upstream":43,"downstream":44,"duplicates":91,"related":92,"reserved_at":9,"published_at":241,"modified_at":242,"state":243,"summary":244,"references_raw":253,"kevs":273,"epss":274,"epss_history":277,"metrics":541,"affected":556},"CVE-2025-21613","go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flags. This only happens when the file transport protocol is being used, as that is the only protocol that shells out to git binaries. This vulnerability is fixed in 5.13.0.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-88","Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')","The product constructs a string for a command to be executed by a separate component\nin another control sphere, but it does not properly delimit the\nintended arguments, options, or switches within that command string.","weakness","Draft","Base",[19,23,27,31,35],{"id":20,"name":21,"techniques":22},"CAPEC-137","Parameter Injection",[],{"id":24,"name":25,"techniques":26},"CAPEC-174","Flash Parameter Injection",[],{"id":28,"name":29,"techniques":30},"CAPEC-41","Using Meta-characters in E-mail Headers to Inject Malicious Payloads",[],{"id":32,"name":33,"techniques":34},"CAPEC-460","HTTP Parameter Pollution (HPP)",[],{"id":36,"name":37,"techniques":38},"CAPEC-88","OS Command Injection",[],[],[41,42],"GHSA-v725-9546-7q7m","GO-2025-3368",[],[45,47,49,51,53,55,57,59,61,63,65,67,69,71,73,75,77,79,81,83,85,87,89],{"_key":46},"SUSE-SU-2025:0191-1",{"_key":48},"SUSE-SU-2025:0622-1",{"_key":50},"SUSE-SU-2025:0624-1",{"_key":52},"SUSE-SU-2025:0060-1",{"_key":54},"SUSE-SU-2025:0277-1",{"_key":56},"SUSE-SU-2025:0601-1",{"_key":58},"SUSE-SU-2025:0623-1",{"_key":60},"OPENSUSE-SU-2025:0056-1",{"_key":62},"OPENSUSE-SU-2025:14624-1",{"_key":64},"OPENSUSE-SU-2025:14654-1",{"_key":66},"OPENSUSE-SU-2025:14658-1",{"_key":68},"OPENSUSE-SU-2025:14713-1",{"_key":70},"OPENSUSE-SU-2025:14752-1",{"_key":72},"OPENSUSE-SU-2025:14902-1",{"_key":74},"UBUNTU-CVE-2025-21613",{"_key":76},"OPENSUSE-SU-2025:15438-1",{"_key":78},"OPENSUSE-SU-2025:15487-1",{"_key":80},"OPENSUSE-SU-2025:20117-1",{"_key":82},"OPENSUSE-SU-2025:20177-1",{"_key":84},"USN-8088-1",{"_key":86},"DEBIAN-CVE-2025-21613",{"_key":88},"RHSA-2025:0401",{"_key":90},"RHSA-2025:0662",[],[93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,115,117,119,121,123,125,127,129,131,133,135,137,139,141,143,145,147,149,151,153,155,157,159,161,163,165,167,169,171,173,175,177,179,181,183,185,187,189,191,193,195,197,199,201,203,205,207,209,211,213,215,217,219,221,223,225,227,229,231,233,235,237,239],{"_key":46},{"_key":48},{"_key":50},{"_key":52},{"_key":54},{"_key":56},{"_key":58},{"_key":60},{"_key":62},{"_key":64},{"_key":66},{"_key":68},{"_key":70},{"_key":72},{"_key":76},{"_key":78},{"_key":80},{"_key":82},{"_key":88},{"_key":90},{"_key":114},"CGA-2GW7-Q958-RQWH",{"_key":116},"CGA-3JJJ-5C29-V6M2",{"_key":118},"CGA-3JVX-C583-733J",{"_key":120},"CGA-44M4-M589-H366",{"_key":122},"CGA-489M-X2WG-G49V",{"_key":124},"CGA-4FWW-C4XQ-Q3M5",{"_key":126},"CGA-52R4-787F-9QRC",{"_key":128},"CGA-576G-JV9M-GR4C",{"_key":130},"CGA-5Q57-5C9F-MG8F",{"_key":132},"CGA-5XRG-M884-HM48",{"_key":134},"CGA-63FC-J3H2-GHC8",{"_key":136},"CGA-65RX-FH74-P426",{"_key":138},"CGA-6823-C2Q6-5R5F",{"_key":140},"CGA-76WV-2JG5-VRRV",{"_key":142},"CGA-7739-W2FQ-74JC",{"_key":144},"CGA-7X2R-JVX7-38H9",{"_key":146},"CGA-8GMJ-W7QG-PMCW",{"_key":148},"CGA-8JQF-M7W3-VP9J",{"_key":150},"CGA-9393-H7QV-437W",{"_key":152},"CGA-96X6-8R9X-5V7Q",{"_key":154},"CGA-985J-MPQM-GMQ5",{"_key":156},"CGA-9J6C-FXV2-WC33",{"_key":158},"CGA-C32H-CCM6-3VCV",{"_key":160},"CGA-CCVC-56MJ-Q9JW",{"_key":162},"CGA-CFVF-Q7HM-JMMW",{"_key":164},"CGA-CV6J-2Q78-849X",{"_key":166},"CGA-CXXW-WW5F-XFJM",{"_key":168},"CGA-F39C-CMXC-XX62",{"_key":170},"CGA-F42V-Q6C4-CX7M",{"_key":172},"CGA-F5VF-W399-J39M",{"_key":174},"CGA-F7MR-58RR-GG27",{"_key":176},"CGA-F88X-FXPG-H67J",{"_key":178},"CGA-F9V2-MX43-F44P",{"_key":180},"CGA-FVW4-HWXQ-JHX7",{"_key":182},"CGA-G8QQ-FHQ3-2J3R",{"_key":184},"CGA-GC7X-M93R-GV32",{"_key":186},"CGA-GP2Q-HF8J-2X67",{"_key":188},"CGA-GQC9-HC28-P9PG",{"_key":190},"CGA-GR8M-Q6JF-RH2F",{"_key":192},"CGA-GX3V-FXP6-Q2VR",{"_key":194},"CGA-H3Q4-57GF-67J9",{"_key":196},"CGA-HJ95-286V-4QJ5",{"_key":198},"CGA-HM9M-PX98-5GR8",{"_key":200},"CGA-HW7R-F52F-M3RG",{"_key":202},"CGA-HWPW-CMJX-86RW",{"_key":204},"CGA-J73V-8J3Q-5RC6",{"_key":206},"CGA-JPR9-54QF-QXCG",{"_key":208},"CGA-JW69-P35G-9W49",{"_key":210},"CGA-M4F3-X9VR-M54M",{"_key":212},"CGA-M7CR-H2VC-67Q9",{"_key":214},"CGA-P75X-8QJ2-HRJ6",{"_key":216},"CGA-P772-F7G3-9MF8",{"_key":218},"CGA-PCC8-XH9F-57F4",{"_key":220},"CGA-Q827-PGVP-WH74",{"_key":222},"CGA-Q8XV-QPF6-7QWH",{"_key":224},"CGA-QMMH-7PP9-7H68",{"_key":226},"CGA-QP62-RH46-26HW",{"_key":228},"CGA-R5V9-2QGC-4P4C",{"_key":230},"CGA-RPMQ-2H2M-HC99",{"_key":232},"CGA-WJW3-52WX-2Q53",{"_key":234},"CGA-X37R-J7W5-4XR4",{"_key":236},"CGA-X68H-G3FX-W43C",{"_key":238},"CGA-XW2H-VXP4-VFVG",{"_key":240},"CGA-5Q5Q-JV78-GPG3","2025-01-06T16:13:10.611Z","2025-01-06T16:45:02.671Z","Analyzed",{"cisa_kev":245,"cisa_ransomware":245,"cisa_vendor":9,"epss_severity":246,"epss_score":247,"severity":248,"severity_score":249,"severity_version":250,"severity_source":251,"severity_vector":252,"severity_status":243},false,"low",0.03834,"critical",9.8,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",[254,264,268],{"url":255,"sources":256,"tags":259},"https://github.com/go-git/go-git/security/advisories/GHSA-v725-9546-7q7m",[251,257,258],"nvd","osv_go",[260,261,262,263],"X Refsource CONFIRM","Vendor Advisory","WEB","Advisory",{"url":265,"sources":266,"tags":267},"https://nvd.nist.gov/vuln/detail/CVE-2025-21613",[258],[263],{"url":269,"sources":270,"tags":271},"https://github.com/go-git/go-git",[258],[272],"PACKAGE",[],{"date":275,"score":247,"percentile":276},"2026-06-04",0.88366,[278,282,285,288,291,294,297,300,303,306,309,312,315,318,320,324,327,330,333,335,338,341,344,347,350,353,356,359,362,365,368,370,373,376,378,380,383,386,389,392,395,398,400,403,406,409,412,415,418,420,423,426,429,432,435,438,441,444,447,450,453,456,458,461,464,467,470,473,476,479,482,484,487,490,493,496,499,502,505,508,511,514,517,520,523,526,529,532,535,538],{"date":279,"score":280,"percentile":281},"2025-11-04",0.00592,0.68348,{"date":283,"score":280,"percentile":284},"2025-11-05",0.68332,{"date":286,"score":280,"percentile":287},"2025-11-06",0.68334,{"date":289,"score":280,"percentile":290},"2025-11-07",0.68344,{"date":292,"score":280,"percentile":293},"2025-11-08",0.68347,{"date":295,"score":280,"percentile":296},"2025-11-09",0.68339,{"date":298,"score":280,"percentile":299},"2025-11-10",0.68328,{"date":301,"score":280,"percentile":302},"2025-11-11",0.68336,{"date":304,"score":280,"percentile":305},"2025-11-12",0.6836,{"date":307,"score":280,"percentile":308},"2025-11-13",0.68368,{"date":310,"score":280,"percentile":311},"2025-11-14",0.68376,{"date":313,"score":280,"percentile":314},"2025-11-15",0.68374,{"date":316,"score":280,"percentile":317},"2025-11-16",0.68371,{"date":319,"score":280,"percentile":308},"2025-11-17",{"date":321,"score":322,"percentile":323},"2025-11-18",0.02937,0.85187,{"date":325,"score":322,"percentile":326},"2025-11-19",0.85188,{"date":328,"score":322,"percentile":329},"2025-11-20",0.85191,{"date":331,"score":280,"percentile":332},"2025-11-21",0.68388,{"date":334,"score":280,"percentile":332},"2025-11-22",{"date":336,"score":280,"percentile":337},"2025-11-23",0.68378,{"date":339,"score":280,"percentile":340},"2025-11-24",0.68367,{"date":342,"score":280,"percentile":343},"2025-11-25",0.68375,{"date":345,"score":280,"percentile":346},"2025-11-26",0.68382,{"date":348,"score":280,"percentile":349},"2025-11-27",0.68383,{"date":351,"score":280,"percentile":352},"2025-11-28",0.6837,{"date":354,"score":280,"percentile":355},"2025-11-29",0.68356,{"date":357,"score":280,"percentile":358},"2025-11-30",0.68352,{"date":360,"score":280,"percentile":361},"2025-12-01",0.68503,{"date":363,"score":280,"percentile":364},"2025-12-02",0.68511,{"date":366,"score":280,"percentile":367},"2025-12-03",0.68506,{"date":369,"score":280,"percentile":290},"2025-12-04",{"date":371,"score":280,"percentile":372},"2025-12-05",0.68359,{"date":374,"score":280,"percentile":375},"2025-12-06",0.68365,{"date":377,"score":280,"percentile":305},"2025-12-07",{"date":379,"score":280,"percentile":375},"2025-12-08",{"date":381,"score":280,"percentile":382},"2025-12-09",0.68394,{"date":384,"score":280,"percentile":385},"2025-12-10",0.68439,{"date":387,"score":280,"percentile":388},"2025-12-11",0.68459,{"date":390,"score":280,"percentile":391},"2025-12-12",0.68484,{"date":393,"score":280,"percentile":394},"2025-12-13",0.68487,{"date":396,"score":280,"percentile":397},"2025-12-14",0.68489,{"date":399,"score":280,"percentile":394},"2025-12-15",{"date":401,"score":280,"percentile":402},"2025-12-16",0.68494,{"date":404,"score":280,"percentile":405},"2025-12-17",0.68505,{"date":407,"score":280,"percentile":408},"2025-12-18",0.68538,{"date":410,"score":280,"percentile":411},"2025-12-19",0.68556,{"date":413,"score":280,"percentile":414},"2025-12-20",0.68555,{"date":416,"score":280,"percentile":417},"2025-12-21",0.6854,{"date":419,"score":280,"percentile":417},"2025-12-22",{"date":421,"score":280,"percentile":422},"2025-12-23",0.68536,{"date":424,"score":280,"percentile":425},"2025-12-24",0.68543,{"date":427,"score":280,"percentile":428},"2025-12-25",0.68572,{"date":430,"score":280,"percentile":431},"2025-12-26",0.68574,{"date":433,"score":280,"percentile":434},"2025-12-27",0.68619,{"date":436,"score":280,"percentile":437},"2025-12-28",0.68545,{"date":439,"score":280,"percentile":440},"2025-12-29",0.68537,{"date":442,"score":280,"percentile":443},"2025-12-30",0.68551,{"date":445,"score":280,"percentile":446},"2025-12-31",0.68568,{"date":448,"score":280,"percentile":449},"2026-01-01",0.68744,{"date":451,"score":280,"percentile":452},"2026-01-02",0.68733,{"date":454,"score":280,"percentile":455},"2026-01-03",0.68734,{"date":457,"score":280,"percentile":428},"2026-01-04",{"date":459,"score":280,"percentile":460},"2026-01-05",0.68561,{"date":462,"score":280,"percentile":463},"2026-01-06",0.68571,{"date":465,"score":280,"percentile":466},"2026-01-07",0.68588,{"date":468,"score":280,"percentile":469},"2026-01-08",0.68603,{"date":471,"score":280,"percentile":472},"2026-01-09",0.68612,{"date":474,"score":280,"percentile":475},"2026-01-10",0.68611,{"date":477,"score":280,"percentile":478},"2026-01-11",0.68604,{"date":480,"score":280,"percentile":481},"2026-01-12",0.68594,{"date":483,"score":280,"percentile":481},"2026-01-13",{"date":485,"score":280,"percentile":486},"2026-01-14",0.68627,{"date":488,"score":280,"percentile":489},"2026-01-15",0.68632,{"date":491,"score":280,"percentile":492},"2026-01-16",0.68647,{"date":494,"score":280,"percentile":495},"2026-01-17",0.68637,{"date":497,"score":280,"percentile":498},"2026-01-18",0.68624,{"date":500,"score":280,"percentile":501},"2026-01-19",0.68615,{"date":503,"score":280,"percentile":504},"2026-01-20",0.68625,{"date":506,"score":280,"percentile":507},"2026-01-21",0.68633,{"date":509,"score":280,"percentile":510},"2026-01-22",0.68643,{"date":512,"score":280,"percentile":513},"2026-01-23",0.68671,{"date":515,"score":280,"percentile":516},"2026-01-24",0.68682,{"date":518,"score":280,"percentile":519},"2026-01-25",0.68652,{"date":521,"score":280,"percentile":522},"2026-01-26",0.68644,{"date":524,"score":280,"percentile":525},"2026-01-27",0.68648,{"date":527,"score":280,"percentile":528},"2026-01-28",0.68659,{"date":530,"score":280,"percentile":531},"2026-01-29",0.68661,{"date":533,"score":280,"percentile":534},"2026-01-30",0.68666,{"date":536,"score":280,"percentile":537},"2026-01-31",0.68672,{"date":539,"score":280,"percentile":540},"2026-02-01",0.68821,[542,549,553],{"source":251,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":543,"cvss_v4_0":546},{"baseScore":249,"baseSeverity":544,"vectorString":252,"impactScore":249,"exploitabilityScore":545},"CRITICAL",10,{"baseScore":547,"baseSeverity":544,"vectorString":548,"impactScore":9,"exploitabilityScore":9},9.2,"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/U:Clear",{"source":257,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":550,"cvss_v4_0":551},{"baseScore":249,"baseSeverity":544,"vectorString":252,"impactScore":249,"exploitabilityScore":545},{"baseScore":547,"baseSeverity":544,"vectorString":552,"impactScore":9,"exploitabilityScore":9},"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Clear",{"source":258,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":554,"cvss_v4_0":555},{"baseScore":249,"baseSeverity":9,"vectorString":252,"impactScore":249,"exploitabilityScore":545},{"baseScore":547,"baseSeverity":9,"vectorString":552,"impactScore":9,"exploitabilityScore":9},[557,568,574,584,590],{"ecosystem":9,"name":558,"vendor":559,"product":558,"cpe_part":560,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":561},"go-git","go-git_project","a",[562],{"version":563,"is_range":564,"range_type":565,"version_start":9,"version_start_type":9,"version_end":566,"version_end_type":567,"fixed_in":9},"lt5.13.0",true,"cpe","5.13.0","excluding",{"ecosystem":9,"name":558,"vendor":558,"product":558,"cpe_part":560,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":569},[570],{"version":571,"is_range":564,"range_type":251,"version_start":572,"version_start_type":573,"version_end":566,"version_end_type":567,"fixed_in":9},">= 4.0.0,  \u003C 5.13.0","4.0.0","including",{"ecosystem":575,"name":576,"vendor":577,"product":578,"cpe_part":9,"purl_type":579,"purl_namespace":577,"purl_name":578,"source":9,"versions":580},"Go","github.com/go-git/go-git/v4","github.com/go-git/go-git","v4","golang",[581],{"version":582,"is_range":564,"range_type":583,"version_start":572,"version_start_type":573,"version_end":9,"version_end_type":9,"fixed_in":9},"gte4_0_0","semver",{"ecosystem":575,"name":585,"vendor":577,"product":586,"cpe_part":9,"purl_type":579,"purl_namespace":577,"purl_name":586,"source":9,"versions":587},"github.com/go-git/go-git/v5","v5",[588],{"version":589,"is_range":564,"range_type":583,"version_start":9,"version_start_type":9,"version_end":566,"version_end_type":567,"fixed_in":9},"lt5_13_0",{"ecosystem":575,"name":591,"vendor":592,"product":593,"cpe_part":9,"purl_type":579,"purl_namespace":592,"purl_name":593,"source":9,"versions":594},"gopkg.in/src-d/go-git.v4","gopkg.in/src-d","go-git.v4",[595,598],{"version":596,"is_range":564,"range_type":583,"version_start":572,"version_start_type":573,"version_end":597,"version_end_type":573,"fixed_in":9},"gte4_0_0_lte4_13_1","4.13.1",{"version":582,"is_range":564,"range_type":583,"version_start":572,"version_start_type":573,"version_end":9,"version_end_type":9,"fixed_in":9}]