[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2026-25934":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T20:55:33.689Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":32,"aliases":33,"duplicate_of":9,"upstream":36,"downstream":37,"duplicates":52,"related":53,"reserved_at":9,"published_at":60,"modified_at":61,"state":62,"summary":63,"references_raw":72,"kevs":100,"epss":101,"epss_history":104,"metrics":348,"affected":358},"CVE-2026-25934","go-git is a highly extensible git implementation library written in pure Go. Prior to 5.16.5, a vulnerability was discovered in go-git whereby data integrity values for .pack and .idx files were not properly verified. This resulted in go-git potentially consuming corrupted files, which would likely result in unexpected errors such as object not found. For context, clients fetch packfiles from upstream Git servers. Those files contain a checksum of their contents, so that clients can perform integrity checks before consuming it. The pack indexes (.idx) are generated locally by go-git, or the git cli, when new .pack files are received and processed. The integrity checks for both files were not being verified correctly. This vulnerability is fixed in 5.16.5.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-354","Improper Validation of Integrity Check Value","The product does not validate or incorrectly validates the integrity check values or \"checksums\" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.","weakness","Draft","Base","Medium",[20,24,28],{"id":21,"name":22,"techniques":23},"CAPEC-145","Checksum Spoofing",[],{"id":25,"name":26,"techniques":27},"CAPEC-463","Padding Oracle Crypto Attack",[],{"id":29,"name":30,"techniques":31},"CAPEC-75","Manipulating Writeable Configuration Files",[],[],[34,35],"GHSA-37cx-329c-33x3","GO-2026-4473",[],[38,40,42,44,46,48,50],{"_key":39},"SUSE-SU-2026:0757-1",{"_key":41},"SUSE-SU-2026:1411-1",{"_key":43},"OPENSUSE-SU-2026:10618-1",{"_key":45},"USN-8088-1",{"_key":47},"DEBIAN-CVE-2026-25934",{"_key":49},"OPENSUSE-SU-2026:10651-1",{"_key":51},"UBUNTU-CVE-2026-25934",[],[54,55,56,57,58],{"_key":39},{"_key":41},{"_key":43},{"_key":49},{"_key":59},"CGA-V36V-C63W-R62J","2026-02-09T22:13:41.974Z","2026-02-11T21:23:14.781Z","Analyzed",{"cisa_kev":64,"cisa_ransomware":64,"cisa_vendor":9,"epss_severity":65,"epss_score":66,"severity":67,"severity_score":68,"severity_version":69,"severity_source":70,"severity_vector":71,"severity_status":62},false,"low",0.00007,"medium",4.3,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",[73,84,91,96],{"url":74,"sources":75,"tags":78},"https://github.com/go-git/go-git/security/advisories/GHSA-37cx-329c-33x3",[70,76,77],"nvd","osv_go",[79,80,81,82,83],"X Refsource CONFIRM","WEB","Advisory","Patch","Vendor Advisory",{"url":85,"sources":86,"tags":87},"https://github.com/go-git/go-git/releases/tag/v5.16.5",[70,76,77],[88,80,89,90],"X Refsource MISC","Product","Release Notes",{"url":92,"sources":93,"tags":94},"https://github.com/go-git/go-git",[77],[95],"PACKAGE",{"url":97,"sources":98,"tags":99},"https://nvd.nist.gov/vuln/detail/CVE-2026-25934",[77],[81],[],{"date":102,"score":66,"percentile":103},"2026-06-05",0.00551,[105,109,111,114,117,119,122,125,128,131,134,137,141,144,147,150,153,156,158,160,163,166,168,170,173,175,178,181,183,186,188,190,193,196,199,201,204,207,210,213,216,219,222,225,228,231,233,236,238,241,244,247,249,251,254,256,259,261,264,266,269,272,275,278,281,284,287,289,292,295,298,301,304,307,310,313,315,317,319,321,324,327,330,332,334,336,339,341,343,345],{"date":106,"score":107,"percentile":108},"2026-02-10",0.00005,0.00209,{"date":110,"score":107,"percentile":108},"2026-02-11",{"date":112,"score":107,"percentile":113},"2026-02-12",0.00208,{"date":115,"score":107,"percentile":116},"2026-02-13",0.00207,{"date":118,"score":107,"percentile":116},"2026-02-14",{"date":120,"score":107,"percentile":121},"2026-02-15",0.00237,{"date":123,"score":107,"percentile":124},"2026-02-16",0.0023,{"date":126,"score":107,"percentile":127},"2026-02-17",0.00228,{"date":129,"score":107,"percentile":130},"2026-02-18",0.00249,{"date":132,"score":107,"percentile":133},"2026-02-19",0.0025,{"date":135,"score":107,"percentile":136},"2026-02-20",0.00252,{"date":138,"score":139,"percentile":140},"2026-02-21",0.00006,0.0028,{"date":142,"score":139,"percentile":143},"2026-02-22",0.00278,{"date":145,"score":139,"percentile":146},"2026-02-23",0.00277,{"date":148,"score":139,"percentile":149},"2026-02-24",0.00275,{"date":151,"score":139,"percentile":152},"2026-02-25",0.00274,{"date":154,"score":139,"percentile":155},"2026-02-26",0.00276,{"date":157,"score":139,"percentile":149},"2026-02-27",{"date":159,"score":139,"percentile":146},"2026-02-28",{"date":161,"score":139,"percentile":162},"2026-03-01",0.00273,{"date":164,"score":139,"percentile":165},"2026-03-02",0.00272,{"date":167,"score":139,"percentile":149},"2026-03-03",{"date":169,"score":139,"percentile":140},"2026-03-04",{"date":171,"score":139,"percentile":172},"2026-03-05",0.00286,{"date":174,"score":139,"percentile":172},"2026-03-06",{"date":176,"score":139,"percentile":177},"2026-03-07",0.00285,{"date":179,"score":139,"percentile":180},"2026-03-08",0.00281,{"date":182,"score":139,"percentile":140},"2026-03-09",{"date":184,"score":139,"percentile":185},"2026-03-10",0.00279,{"date":187,"score":139,"percentile":155},"2026-03-11",{"date":189,"score":139,"percentile":185},"2026-03-12",{"date":191,"score":139,"percentile":192},"2026-03-13",0.00353,{"date":194,"score":139,"percentile":195},"2026-03-14",0.0035,{"date":197,"score":139,"percentile":198},"2026-03-15",0.00341,{"date":200,"score":139,"percentile":198},"2026-03-16",{"date":202,"score":139,"percentile":203},"2026-03-17",0.00342,{"date":205,"score":139,"percentile":206},"2026-03-18",0.0034,{"date":208,"score":139,"percentile":209},"2026-03-19",0.00339,{"date":211,"score":139,"percentile":212},"2026-03-20",0.00337,{"date":214,"score":139,"percentile":215},"2026-03-21",0.00371,{"date":217,"score":139,"percentile":218},"2026-03-22",0.0037,{"date":220,"score":139,"percentile":221},"2026-03-23",0.00368,{"date":223,"score":139,"percentile":224},"2026-03-24",0.00364,{"date":226,"score":139,"percentile":227},"2026-03-25",0.00365,{"date":229,"score":139,"percentile":230},"2026-03-26",0.00363,{"date":232,"score":139,"percentile":221},"2026-03-27",{"date":234,"score":139,"percentile":235},"2026-03-28",0.00373,{"date":237,"score":139,"percentile":235},"2026-03-29",{"date":239,"score":139,"percentile":240},"2026-03-30",0.00372,{"date":242,"score":139,"percentile":243},"2026-03-31",0.00367,{"date":245,"score":139,"percentile":246},"2026-04-01",0.00366,{"date":248,"score":139,"percentile":215},"2026-04-02",{"date":250,"score":139,"percentile":215},"2026-04-03",{"date":252,"score":139,"percentile":253},"2026-04-04",0.00375,{"date":255,"score":139,"percentile":218},"2026-04-05",{"date":257,"score":139,"percentile":258},"2026-04-06",0.00362,{"date":260,"score":139,"percentile":258},"2026-04-07",{"date":262,"score":139,"percentile":263},"2026-04-08",0.00359,{"date":265,"score":139,"percentile":263},"2026-04-09",{"date":267,"score":139,"percentile":268},"2026-04-10",0.00361,{"date":270,"score":139,"percentile":271},"2026-04-11",0.00358,{"date":273,"score":139,"percentile":274},"2026-04-12",0.00355,{"date":276,"score":139,"percentile":277},"2026-04-13",0.00352,{"date":279,"score":139,"percentile":280},"2026-04-14",0.00349,{"date":282,"score":139,"percentile":283},"2026-04-15",0.00345,{"date":285,"score":139,"percentile":286},"2026-04-16",0.00347,{"date":288,"score":139,"percentile":195},"2026-04-17",{"date":290,"score":66,"percentile":291},"2026-04-18",0.00506,{"date":293,"score":66,"percentile":294},"2026-04-19",0.00501,{"date":296,"score":66,"percentile":297},"2026-04-20",0.00497,{"date":299,"score":66,"percentile":300},"2026-04-21",0.00537,{"date":302,"score":66,"percentile":303},"2026-04-22",0.00536,{"date":305,"score":66,"percentile":306},"2026-04-23",0.00535,{"date":308,"score":66,"percentile":309},"2026-04-24",0.00533,{"date":311,"score":66,"percentile":312},"2026-04-25",0.00532,{"date":314,"score":66,"percentile":306},"2026-04-26",{"date":316,"score":66,"percentile":312},"2026-04-27",{"date":318,"score":66,"percentile":312},"2026-04-28",{"date":320,"score":66,"percentile":306},"2026-04-29",{"date":322,"score":66,"percentile":323},"2026-04-30",0.00542,{"date":325,"score":66,"percentile":326},"2026-05-01",0.0054,{"date":328,"score":66,"percentile":329},"2026-05-02",0.00541,{"date":331,"score":66,"percentile":329},"2026-05-03",{"date":333,"score":66,"percentile":329},"2026-05-04",{"date":335,"score":66,"percentile":323},"2026-05-05",{"date":337,"score":66,"percentile":338},"2026-05-06",0.00543,{"date":340,"score":66,"percentile":326},"2026-05-07",{"date":342,"score":66,"percentile":306},"2026-05-08",{"date":344,"score":66,"percentile":306},"2026-05-09",{"date":346,"score":66,"percentile":347},"2026-05-10",0.00534,[349,354,356],{"source":70,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":350,"cvss_v4_0":9},{"baseScore":68,"baseSeverity":351,"vectorString":71,"impactScore":352,"exploitabilityScore":353},"MEDIUM",2.3,7.2,{"source":76,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":355,"cvss_v4_0":9},{"baseScore":68,"baseSeverity":351,"vectorString":71,"impactScore":352,"exploitabilityScore":353},{"source":77,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":357,"cvss_v4_0":9},{"baseScore":68,"baseSeverity":9,"vectorString":71,"impactScore":352,"exploitabilityScore":353},[359,370,374,383,388],{"ecosystem":9,"name":360,"vendor":361,"product":360,"cpe_part":362,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":363},"go-git","go-git_project","a",[364],{"version":365,"is_range":366,"range_type":367,"version_start":9,"version_start_type":9,"version_end":368,"version_end_type":369,"fixed_in":9},"lt5.16.5",true,"cpe","5.16.5","excluding",{"ecosystem":9,"name":360,"vendor":360,"product":360,"cpe_part":362,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":371},[372],{"version":373,"is_range":366,"range_type":70,"version_start":9,"version_start_type":9,"version_end":368,"version_end_type":369,"fixed_in":9},"\u003C 5.16.5",{"ecosystem":375,"name":376,"vendor":377,"product":360,"cpe_part":9,"purl_type":378,"purl_namespace":377,"purl_name":360,"source":9,"versions":379},"Go","github.com/go-git/go-git","github.com/go-git","golang",[380],{"version":381,"is_range":366,"range_type":382,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"all","semver",{"ecosystem":375,"name":384,"vendor":376,"product":385,"cpe_part":9,"purl_type":378,"purl_namespace":376,"purl_name":385,"source":9,"versions":386},"github.com/go-git/go-git/v4","v4",[387],{"version":381,"is_range":366,"range_type":382,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"ecosystem":375,"name":389,"vendor":376,"product":390,"cpe_part":9,"purl_type":378,"purl_namespace":376,"purl_name":390,"source":9,"versions":391},"github.com/go-git/go-git/v5","v5",[392],{"version":393,"is_range":366,"range_type":382,"version_start":9,"version_start_type":9,"version_end":368,"version_end_type":369,"fixed_in":9},"lt5_16_5"]